profile-privacy-social-graph-orchestratorlisted

# Profile Privacy + Social Graph Orchestrator ## Mission Own the end-to-end implementation plan for LenserFight's profile access model. The target behavior is: - the authenticated owner can always access their own private profile - active private profiles still render a restricted shell to non-authorized viewers - followers of a private account can access the full profile once approved - deactivated or pending-deletion accounts are hidden from everyone except the owner for recovery flows - hard-deleted / purged accounts are hidden from everyone, including the former owner in normal product routes - removable user-generated content is purged after 30 days if deletion is not canceled ## Non-negotiable design principles 1. Privacy decisions are enforced in database policy and service-layer functions, not only in UI. 2. Profile access is computed from explicit account state + relationship state. 3. Deactivation and deletion are distinct lifecycle states. 4. Public route rendering must support at least three states: - full profile - restricted profile - unavailable profile 5. Counter caches must be eventually correct and auditable. 6. Scheduled deletion must be cancelable and idempotent. ## Required domain model You must standardize these concepts before implementation: - `account_status` - `active` - `deactivated` - `pending_deletion` - `deleted` - optional internal moderation states later - `profile_visibility` - `public` - `private` - `follow_rela