Standard Profiles ship with Salesforce — System Administrator, Standard User, Read Only, Marketing User, Solution Manager, and so on. They cannot be deleted, and most of their core permissions cannot be edited. You can still adjust some settings (login IP ranges, default record types, page layout assignments) but the underlying object/system permissions are locked.
Custom Profiles are ones you create, typically by cloning a standard profile and modifying it. They can be edited freely — you can grant or revoke any object permission, system permission, FLS, or app assignment.
Practical guidance:
- Use a Standard Profile only for the System Administrator (who needs all permissions and is the one role you can't reasonably trim) and possibly the temporary "Read Only" profile for guest visibility audits.
- For every other persona, clone a standard profile to a custom profile and tune it. The standard profiles' inflexibility almost always bites you eventually.
- Modern best practice is to keep custom profiles minimal (login settings + maybe default record types) and push every other permission into permission sets. This keeps your profile inventory shallow and the assignment model maintainable.
A profile cannot be deleted while users are assigned to it — you reassign first.