diff --git a/backend/ical_io.py b/backend/ical_io.py
new file mode 100644
index 0000000..905c471
--- /dev/null
+++ b/backend/ical_io.py
@@ -0,0 +1,205 @@
+"""iCal (.ics) import/export for local calendars.
+
+Reuses the already-installed ``icalendar`` library. The parser produces dicts
+matching the LocalEvent storage shape (ISO strings, comma-separated EXDATE);
+the generator emits a VCALENDAR with ORGANIZER, RRULE, etc.
+"""
+
+from __future__ import annotations
+
+import logging
+import uuid
+from datetime import date, datetime, timedelta, timezone
+
+from icalendar import Calendar, Event, vCalAddress, vRecur, vText
+
+logger = logging.getLogger(__name__)
+
+
+def _rrule_to_str(component) -> str | None:
+    prop = component.get("RRULE")
+    if not prop:
+        return None
+    return prop.to_ical().decode("utf-8")
+
+
+def _exdate_to_csv(component) -> str | None:
+    """Collect EXDATE values as comma-separated YYYYMMDD strings."""
+    exdate = component.get("EXDATE")
+    if not exdate:
+        return None
+    items = exdate if isinstance(exdate, list) else [exdate]
+    out = []
+    for ex in items:
+        dts = getattr(ex, "dts", None) or []
+        for d in dts:
+            val = d.dt
+            if isinstance(val, datetime):
+                out.append(val.strftime("%Y%m%d"))
+            elif isinstance(val, date):
+                out.append(val.strftime("%Y%m%d"))
+    return ",".join(out) if out else None
+
+
+def _organizer_name(component) -> str | None:
+    org = component.get("ORGANIZER")
+    if not org:
+        return None
+    # CN parameter holds the display name; fall back to the mailto address.
+    try:
+        cn = org.params.get("CN")
+        if cn:
+            return str(cn)
+    except Exception:
+        pass
+    raw = str(org)
+    if raw.lower().startswith("mailto:"):
+        return raw[7:]
+    return raw or None
+
+
+def parse_ics(raw: bytes) -> dict:
+    """Parse .ics bytes into {"events": [dict, ...], "errors": [str, ...]}.
+
+    Raises ValueError if the payload is not a parseable calendar at all.
+    """
+    try:
+        cal = Calendar.from_ical(raw)
+    except Exception as e:
+        raise ValueError(f"Datei ist kein gültiges iCal-Format: {e}") from e
+
+    events = []
+    errors = []
+    for component in cal.walk():
+        if component.name != "VEVENT":
+            continue
+        try:
+            uid = str(component.get("UID") or uuid.uuid4())
+            title = str(component.get("SUMMARY", "") or "")
+            location = str(component.get("LOCATION", "") or "") or None
+            description = str(component.get("DESCRIPTION", "") or "") or None
+
+            dtstart_prop = component.get("DTSTART")
+            if dtstart_prop is None:
+                errors.append(f"VEVENT {uid}: kein DTSTART, übersprungen")
+                continue
+            dtstart = dtstart_prop.dt
+            dtend_prop = component.get("DTEND")
+            duration_prop = component.get("DURATION")
+
+            all_day = isinstance(dtstart, date) and not isinstance(dtstart, datetime)
+            if all_day:
+                if dtend_prop:
+                    dtend = dtend_prop.dt
+                elif duration_prop:
+                    dtend = dtstart + duration_prop.dt
+                else:
+                    dtend = dtstart + timedelta(days=1)
+                start_str = dtstart.isoformat()
+                end_str = (dtend.isoformat() if isinstance(dtend, date)
+                           else (dtstart + timedelta(days=1)).isoformat())
+            else:
+                if dtstart.tzinfo is None:
+                    dtstart = dtstart.replace(tzinfo=timezone.utc)
+                if dtend_prop:
+                    dtend = dtend_prop.dt
+                    if isinstance(dtend, date) and not isinstance(dtend, datetime):
+                        dtend = datetime.combine(dtend, datetime.min.time(), tzinfo=timezone.utc)
+                    elif dtend.tzinfo is None:
+                        dtend = dtend.replace(tzinfo=timezone.utc)
+                elif duration_prop:
+                    dtend = dtstart + duration_prop.dt
+                else:
+                    dtend = dtstart + timedelta(hours=1)
+                start_str = dtstart.isoformat()
+                end_str = dtend.isoformat()
+
+            events.append({
+                "uid": uid,
+                "title": title,
+                "start": start_str,
+                "end": end_str,
+                "all_day": all_day,
+                "location": location,
+                "description": description,
+                "rrule": _rrule_to_str(component),
+                "exdate": _exdate_to_csv(component),
+                "organizer": _organizer_name(component),
+            })
+        except Exception as exc:
+            logger.warning("Skipping malformed VEVENT: %s", exc)
+            errors.append(f"Fehlerhafter Eintrag übersprungen: {exc}")
+    return {"events": events, "errors": errors}
+
+
+def _rrule_str_to_vrecur(rrule_str: str) -> vRecur:
+    params = {}
+    for part in rrule_str.split(";"):
+        if "=" not in part:
+            continue
+        key, val = part.split("=", 1)
+        params[key] = val.split(",") if "," in val else val
+    return vRecur(params)
+
+
+def _parse_iso(s: str) -> datetime:
+    s = s.replace("Z", "+00:00")
+    dt = datetime.fromisoformat(s)
+    if dt.tzinfo is None:
+        dt = dt.replace(tzinfo=timezone.utc)
+    return dt
+
+
+def build_ics(calendar, events, *, name_cache: dict | None = None) -> str:
+    """Build a VCALENDAR string for a local calendar and its events."""
+    cal = Calendar()
+    cal.add("prodid", "-//Calendarr//EN")
+    cal.add("version", "2.0")
+    cal.add("x-wr-calname", calendar.name)
+
+    for ev in events:
+        item = Event()
+        item.add("uid", ev.uid)
+        item.add("summary", ev.title or "")
+        item.add("dtstamp", datetime.now(timezone.utc))
+
+        if ev.all_day:
+            try:
+                start = date.fromisoformat(ev.start[:10])
+                end = date.fromisoformat(ev.end[:10])
+            except ValueError:
+                continue
+            if end <= start:
+                end = start + timedelta(days=1)
+            item.add("dtstart", start)
+            item.add("dtend", end)
+        else:
+            try:
+                item.add("dtstart", _parse_iso(ev.start))
+                item.add("dtend", _parse_iso(ev.end))
+            except ValueError:
+                continue
+
+        if ev.location:
+            item.add("location", ev.location)
+        if ev.description:
+            item.add("description", ev.description)
+        if ev.color:
+            item.add("x-calendarr-color", ev.color)
+        if ev.rrule:
+            item.add("rrule", _rrule_str_to_vrecur(ev.rrule))
+
+        # ORGANIZER from the creator (local user or imported name).
+        organizer_name = None
+        if getattr(ev, "creator_id", None) and name_cache:
+            organizer_name = name_cache.get(ev.creator_id)
+        if not organizer_name:
+            organizer_name = getattr(ev, "creator_name_external", None)
+        if organizer_name:
+            organizer = vCalAddress("mailto:noreply@calendarr.local")
+            organizer.params["CN"] = vText(organizer_name.replace('"', ""))
+            item.add("organizer", organizer)
+
+        cal.add_component(item)
+
+    return cal.to_ical().decode("utf-8")
diff --git a/backend/local_events_util.py b/backend/local_events_util.py
new file mode 100644
index 0000000..edca593
--- /dev/null
+++ b/backend/local_events_util.py
@@ -0,0 +1,213 @@
+"""Shared builders for local-event API dicts.
+
+Every local event returned by the API (the local router, the unified event
+merge in caldav_router, and the group combined view) must look identical and
+carry the additive collaboration fields: ``creator``, ``private``, ``type``,
+and — in the group view — ``owner`` and ``is_group_event``.
+
+Centralising this avoids the three near-duplicate dict constructions that used
+to live in caldav_router.py.
+"""
+
+import logging
+from datetime import datetime as dt_datetime, date as dt_date, timedelta, timezone as dt_timezone
+from typing import Optional
+
+from dateutil.rrule import rrulestr
+from sqlalchemy.orm import Session
+
+import models
+
+logger = logging.getLogger(__name__)
+
+
+def resolve_creator(ev: models.LocalEvent, *, name_cache: Optional[dict] = None) -> Optional[dict]:
+    """Build the ``creator`` payload for an event.
+
+    Returns ``{"id": int, "display_name": username}`` for a local creator,
+    ``{"id": None, "display_name": "<name> (importiert)"}`` for an imported
+    event, or ``None`` when no creator info exists (legacy events).
+
+    ``name_cache`` maps user_id -> username to avoid per-event DB lookups; the
+    creator relationship is used as a fallback.
+    """
+    if ev.creator_id:
+        display = None
+        if name_cache is not None:
+            display = name_cache.get(ev.creator_id)
+        if display is None and ev.creator is not None:
+            display = ev.creator.display_name or ev.creator.username
+        if display is not None:
+            return {"id": ev.creator_id, "display_name": display}
+    if ev.creator_name_external:
+        return {"id": None, "display_name": f"{ev.creator_name_external} (importiert)"}
+    return None
+
+
+def private_visibility_for(db: Session, user_id: int) -> str:
+    """A user's chosen visibility for their private events ('hidden' | 'busy')."""
+    s = db.query(models.UserSettings).filter(models.UserSettings.user_id == user_id).first()
+    return (s.private_event_visibility if s else None) or "busy"
+
+
+# Only these fields survive 'busy' anonymisation — a whitelist, so no content
+# field (title/location/description/creator/calendar name/recurrence) can leak.
+_BUSY_KEEP = {
+    "id", "url", "start", "end", "allDay", "calendar_id", "calendarColor",
+    "source", "type", "owner", "is_group_event", "display_color",
+}
+
+
+def mask_busy_event(event: dict) -> dict:
+    """Anonymise a private event for 'busy' visibility: keep only timing /
+    identity / render fields, drop ALL content."""
+    masked = {k: event[k] for k in _BUSY_KEEP if k in event}
+    masked["title"] = "Beschäftigt"
+    masked["location"] = ""
+    masked["description"] = ""
+    masked["calendar_name"] = ""
+    masked["creator"] = None
+    masked["color"] = None
+    masked["rrule"] = None
+    masked["exdate"] = None
+    masked["private"] = True
+    return masked
+
+
+def apply_event_privacy(
+    event: dict, *, owner_id, is_private: bool, requester_id: int, visibility: str
+) -> Optional[dict]:
+    """Enforce another user's private-event visibility on a built event dict.
+
+    Returns the event unchanged for the requester's own events or non-private
+    events, ``None`` when the owner chose 'hidden', or a busy-masked copy when
+    the owner chose 'busy'. Used by BOTH the merge read and the combined view so
+    the privacy rule can never drift between them.
+    """
+    if not is_private or owner_id == requester_id:
+        return event
+    if visibility == "hidden":
+        return None
+    return mask_busy_event(event)
+
+
+def build_local_event_dict(
+    ev: models.LocalEvent,
+    cal: models.LocalCalendar,
+    *,
+    start: Optional[str] = None,
+    end: Optional[str] = None,
+    all_day: Optional[bool] = None,
+    rrule: Optional[str] = ...,
+    creator: Optional[dict] = None,
+    owner: Optional[dict] = None,
+    is_group_event: bool = False,
+) -> dict:
+    """Build the unified dict for a single local event (or occurrence).
+
+    ``start``/``end``/``all_day`` override the stored values (used when emitting
+    an expanded recurrence occurrence). ``owner``/``is_group_event`` are only set
+    by the group combined view.
+    """
+    d = {
+        "id": ev.uid,
+        "url": f"local://{ev.uid}",
+        "title": ev.title,
+        "start": ev.start if start is None else start,
+        "end": ev.end if end is None else end,
+        "allDay": ev.all_day if all_day is None else all_day,
+        "location": ev.location or "",
+        "description": ev.description or "",
+        "color": ev.color,
+        "rrule": ev.rrule if rrule is ... else rrule,
+        "exdate": ev.exdate,
+        "calendar_id": f"local-{cal.id}",
+        "calendar_name": cal.name,
+        "calendarColor": cal.color,
+        "source": "local",
+        "type": "local",
+        "creator": creator,
+        "private": bool(ev.is_private),
+        "reminders": [int(x) for x in (ev.reminders or "").split(",") if x.strip().lstrip("-").isdigit()],
+    }
+    if owner is not None:
+        d["owner"] = owner
+    if is_group_event:
+        d["is_group_event"] = True
+    return d
+
+
+def expand_recurring_local(
+    ev: models.LocalEvent,
+    local_cal: models.LocalCalendar,
+    range_start,
+    range_end,
+    *,
+    creator: Optional[dict] = None,
+    owner: Optional[dict] = None,
+    is_group_event: bool = False,
+) -> list:
+    """Expand a recurring LocalEvent into individual occurrences in the range."""
+    results = []
+    excluded = set()
+    if ev.exdate:
+        for d in ev.exdate.split(","):
+            d = d.strip()
+            if d:
+                excluded.add(d)
+    try:
+        ev_start_str = ev.start.replace("Z", "+00:00")
+        ev_end_str = ev.end.replace("Z", "+00:00")
+
+        if ev.all_day:
+            ev_start = dt_date.fromisoformat(ev_start_str[:10])
+            ev_end = dt_date.fromisoformat(ev_end_str[:10])
+            duration = ev_end - ev_start
+            rule = rrulestr(f"RRULE:{ev.rrule}", dtstart=dt_datetime.combine(ev_start, dt_datetime.min.time()))
+            r_start = dt_datetime.combine(range_start if isinstance(range_start, dt_date) else range_start.date(), dt_datetime.min.time())
+            r_end = dt_datetime.combine(range_end if isinstance(range_end, dt_date) else range_end.date(), dt_datetime.min.time())
+            occurrences = rule.between(r_start - timedelta(days=1), r_end + timedelta(days=1), inc=True)
+            for occ in occurrences:
+                occ_start = occ.date()
+                occ_key = occ_start.strftime("%Y%m%d")
+                if occ_key in excluded:
+                    continue
+                occ_end = occ_start + duration
+                results.append(build_local_event_dict(
+                    ev, local_cal,
+                    start=occ_start.isoformat(), end=occ_end.isoformat(), all_day=True,
+                    creator=creator, owner=owner, is_group_event=is_group_event,
+                ))
+        else:
+            ev_start = dt_datetime.fromisoformat(ev_start_str)
+            ev_end = dt_datetime.fromisoformat(ev_end_str)
+            if ev_start.tzinfo is None:
+                ev_start = ev_start.replace(tzinfo=dt_timezone.utc)
+            if ev_end.tzinfo is None:
+                ev_end = ev_end.replace(tzinfo=dt_timezone.utc)
+            duration = ev_end - ev_start
+            rule = rrulestr(f"RRULE:{ev.rrule}", dtstart=ev_start)
+            r_start = range_start if isinstance(range_start, dt_datetime) else dt_datetime.combine(range_start, dt_datetime.min.time(), tzinfo=dt_timezone.utc)
+            r_end = range_end if isinstance(range_end, dt_datetime) else dt_datetime.combine(range_end, dt_datetime.min.time(), tzinfo=dt_timezone.utc)
+            if r_start.tzinfo is None:
+                r_start = r_start.replace(tzinfo=dt_timezone.utc)
+            if r_end.tzinfo is None:
+                r_end = r_end.replace(tzinfo=dt_timezone.utc)
+            occurrences = rule.between(r_start - timedelta(days=1), r_end + timedelta(days=1), inc=True)
+            for occ in occurrences:
+                occ_key = occ.strftime("%Y%m%d")
+                if occ_key in excluded:
+                    continue
+                occ_end = occ + duration
+                results.append(build_local_event_dict(
+                    ev, local_cal,
+                    start=occ.isoformat(), end=occ_end.isoformat(), all_day=False,
+                    creator=creator, owner=owner, is_group_event=is_group_event,
+                ))
+    except Exception as exc:
+        logger.warning("Error expanding recurring event %s: %s", ev.uid, exc)
+        # Fall back to a single event.
+        results.append(build_local_event_dict(
+            ev, local_cal, creator=creator, owner=owner, is_group_event=is_group_event,
+        ))
+    return results
diff --git a/backend/main.py b/backend/main.py
index dade943..b931917 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -4,15 +4,20 @@ import sys
 from pathlib import Path
 
 import uvicorn
-from fastapi import FastAPI, HTTPException
+from fastapi import FastAPI, HTTPException, Request
 from fastapi.responses import FileResponse
 from fastapi.staticfiles import StaticFiles
 from sqlalchemy import text
 
+# How long the browser may keep static assets before revalidating.
+STATIC_MAX_AGE_SECONDS = 2 * 60 * 60  # 2 hours
+NO_CACHE = "no-cache, no-store, must-revalidate"
+STATIC_CACHE = f"public, max-age={STATIC_MAX_AGE_SECONDS}, must-revalidate"
+
 sys.path.insert(0, str(Path(__file__).parent))
 
 from database import Base, engine
-from routers import auth_router, caldav_router, google_router, homeassistant_router, ical_router, local_router, profile_router, settings_router, users_router
+from routers import auth_router, caldav_router, google_router, groups_router, homeassistant_router, ical_router, local_router, profile_router, settings_router, users_router
 
 logging.basicConfig(level=logging.INFO)
 
@@ -97,6 +102,20 @@ def _migrate():
         except Exception:
             pass
 
+        try:
+            conn.execute(text("ALTER TABLE local_events ADD COLUMN reminders TEXT"))
+            conn.commit()
+            logging.info("Migration: added reminders to local_events")
+        except Exception:
+            pass
+
+        try:
+            conn.execute(text("ALTER TABLE user_settings ADD COLUMN default_reminder_minutes INTEGER"))
+            conn.commit()
+            logging.info("Migration: added default_reminder_minutes to user_settings")
+        except Exception:
+            pass
+
         try:
             conn.execute(text("ALTER TABLE user_settings ADD COLUMN month_divider_color VARCHAR(7) DEFAULT '#7090c0'"))
             conn.commit()
@@ -109,16 +128,124 @@ def _migrate():
         except Exception:
             pass
 
+        try:
+            conn.execute(text("ALTER TABLE user_settings ADD COLUMN text_color VARCHAR(7)"))
+            conn.commit()
+        except Exception:
+            pass
+
+        try:
+            conn.execute(text("ALTER TABLE user_settings ADD COLUMN line_color VARCHAR(7)"))
+            conn.commit()
+        except Exception:
+            pass
+
+        try:
+            conn.execute(text("ALTER TABLE user_settings ADD COLUMN bg_color VARCHAR(7)"))
+            conn.commit()
+        except Exception:
+            pass
+
+        # ── Collaboration features (sharing, groups, creator, private) ──
+        try:
+            conn.execute(text("ALTER TABLE user_settings ADD COLUMN private_event_visibility VARCHAR(10) DEFAULT 'busy'"))
+            conn.commit()
+            logging.info("Migration: added private_event_visibility to user_settings")
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE local_events ADD COLUMN creator_id INTEGER"))
+            conn.commit()
+            logging.info("Migration: added creator_id to local_events")
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE local_events ADD COLUMN creator_name_external TEXT"))
+            conn.commit()
+            logging.info("Migration: added creator_name_external to local_events")
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE local_events ADD COLUMN is_private BOOLEAN DEFAULT 0"))
+            conn.commit()
+            logging.info("Migration: added is_private to local_events")
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE user_settings ADD COLUMN group_visible_calendar_id INTEGER"))
+            conn.commit()
+            logging.info("Migration: added group_visible_calendar_id to user_settings")
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE users ADD COLUMN display_name VARCHAR(100)"))
+            conn.commit()
+            logging.info("Migration: added display_name to users")
+        except Exception:
+            pass
+        # Backfill display_name from username for existing rows (only where empty).
+        try:
+            conn.execute(text("UPDATE users SET display_name = username WHERE display_name IS NULL OR display_name = ''"))
+            conn.commit()
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE groups ADD COLUMN icon VARCHAR(16)"))
+            conn.commit()
+            logging.info("Migration: added icon to groups")
+        except Exception:
+            pass
+        try:
+            conn.execute(text("ALTER TABLE group_members ADD COLUMN color VARCHAR(7)"))
+            conn.commit()
+            logging.info("Migration: added color to group_members")
+        except Exception:
+            pass
+
 _migrate()
 
 app = FastAPI(title="Calendarr", docs_url=None, redoc_url=None)
 
+
+@app.middleware("http")
+async def add_cache_headers(request: Request, call_next):
+    """Force ≤ 2h browser cache for static assets and disable cache for the
+    entry HTML / SW / version file. API responses are left alone (handlers
+    decide their own caching)."""
+    response = await call_next(request)
+    path = request.url.path
+
+    # Never cache: entry HTML, manifest, service worker, version marker
+    if (
+        path in ("/", "/index.html", "/manifest.json", "/sw.js")
+        or path == "/static/js/version.js"
+    ):
+        response.headers["Cache-Control"] = NO_CACHE
+        response.headers["Pragma"] = "no-cache"
+        response.headers["Expires"] = "0"
+    # JS/CSS must revalidate on every load so a deploy takes effect on the next
+    # reload (returns a cheap 304 when unchanged). Without this, a fresh
+    # no-cache index.html could pair with stale 2h-cached scripts.
+    elif path.startswith("/static/js/") or path.startswith("/static/css/"):
+        response.headers["Cache-Control"] = NO_CACHE
+    # 2h cache for the rest of the frontend (icons, fonts, images, …)
+    elif path.startswith("/static/") or path.startswith("/icons/"):
+        response.headers["Cache-Control"] = STATIC_CACHE
+    # SPA fallback (everything else that isn't an API route) returns HTML;
+    # don't let the browser cache that either.
+    elif not path.startswith("/api/"):
+        response.headers["Cache-Control"] = NO_CACHE
+
+    return response
+
+
 app.include_router(auth_router.router, prefix="/api/auth", tags=["auth"])
 app.include_router(users_router.router, prefix="/api/users", tags=["users"])
 app.include_router(caldav_router.router, prefix="/api/caldav", tags=["caldav"])
 app.include_router(settings_router.router, prefix="/api/settings", tags=["settings"])
 app.include_router(profile_router.router, prefix="/api/profile", tags=["profile"])
 app.include_router(local_router.router, prefix="/api/local", tags=["local"])
+app.include_router(groups_router.router, prefix="/api/groups", tags=["groups"])
 app.include_router(ical_router.router, prefix="/api/ical", tags=["ical"])
 app.include_router(google_router.router, prefix="/api/google", tags=["google"])
 app.include_router(homeassistant_router.router, prefix="/api/homeassistant", tags=["homeassistant"])
diff --git a/backend/models.py b/backend/models.py
index 1892076..e09d976 100644
--- a/backend/models.py
+++ b/backend/models.py
@@ -1,4 +1,4 @@
-from sqlalchemy import Column, Integer, String, Boolean, DateTime, ForeignKey, Text
+from sqlalchemy import Column, Integer, String, Boolean, DateTime, ForeignKey, Text, UniqueConstraint
 from sqlalchemy.orm import relationship
 from database import Base
 
@@ -7,7 +7,10 @@ class User(Base):
     __tablename__ = "users"
 
     id = Column(Integer, primary_key=True, index=True)
+    # Login name: always lowercase, unique, used for authentication.
     username = Column(String(50), unique=True, nullable=False)
+    # Human-facing name with original casing; editable. Falls back to username.
+    display_name = Column(String(100), nullable=True)
     email = Column(String(100), unique=True, nullable=True)
     password_hash = Column(String(255), nullable=False)
     is_admin = Column(Boolean, default=False)
@@ -34,6 +37,11 @@ class User(Base):
         "HomeAssistantAccount", back_populates="user", cascade="all, delete-orphan"
     )
 
+    @property
+    def display(self) -> str:
+        """The name to show users: display_name if set, else the login name."""
+        return self.display_name or self.username
+
 
 class CalDAVAccount(Base):
     __tablename__ = "caldav_accounts"
@@ -84,6 +92,18 @@ class UserSettings(Base):
     language = Column(String(5), default="de")
     month_divider_color = Column(String(7), default="#7090c0")
     month_label_color = Column(String(7), default="#7090c0")
+    text_color = Column(String(7), nullable=True)   # Override für --text-1 (NULL = nutze text_contrast)
+    line_color = Column(String(7), nullable=True)   # Override für --border  (NULL = nutze line_contrast)
+    bg_color   = Column(String(7), nullable=True)   # Override für --bg-app  (NULL = Default)
+    # How this user's private events appear to other group members:
+    # 'hidden' = invisible, 'busy' = anonymous busy block (default).
+    private_event_visibility = Column(String(10), default="busy")
+    # The single local calendar this user shares into all their groups
+    # (combined view shows only this calendar per member). NULL = share nothing.
+    group_visible_calendar_id = Column(Integer, nullable=True)
+    # Default reminder in minutes-before-start applied to all events client-side
+    # (0 = at start time). NULL = no default reminder.
+    default_reminder_minutes = Column(Integer, nullable=True)
 
     user = relationship("User", back_populates="settings")
 
@@ -116,8 +136,17 @@ class LocalEvent(Base):
     color = Column(String(7), nullable=True)
     rrule = Column(Text, nullable=True)
     exdate = Column(Text, nullable=True)  # Comma-separated YYYYMMDD dates to exclude
+    # Comma-separated minutes-before-start for reminders, e.g. "10,60" (0 = at start).
+    reminders = Column(Text, nullable=True)
+    # Creator: set server-side from the auth token on create, never from the client.
+    creator_id = Column(Integer, ForeignKey("users.id"), nullable=True)
+    # For imported events without a local user (from the .ics ORGANIZER field).
+    creator_name_external = Column(Text, nullable=True)
+    # Private events are filtered for other group members per their visibility setting.
+    is_private = Column(Boolean, default=False)
 
     calendar = relationship("LocalCalendar", back_populates="events")
+    creator = relationship("User")
 
 
 class ICalSubscription(Base):
@@ -216,3 +245,76 @@ class HomeAssistantCalendar(Base):
     sidebar_hidden = Column(Boolean, default=False)
 
     account = relationship("HomeAssistantAccount", back_populates="calendars")
+
+
+# ── Collaboration: sharing & groups (local calendars only) ────────────────
+
+
+class CalendarShare(Base):
+    """A local calendar shared with another Calendarr user."""
+
+    __tablename__ = "calendar_shares"
+    __table_args__ = (
+        UniqueConstraint("calendar_id", "user_id", name="uq_calendar_share"),
+    )
+
+    id = Column(Integer, primary_key=True, index=True)
+    calendar_id = Column(Integer, ForeignKey("local_calendars.id"), nullable=False)
+    user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
+    permission = Column(String(20), default="read")  # 'read' | 'read_write'
+    created_at = Column(String(50), nullable=True)  # ISO 8601
+
+    calendar = relationship("LocalCalendar")
+    user = relationship("User")
+
+
+class Group(Base):
+    __tablename__ = "groups"
+
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(100), nullable=False)
+    icon = Column(String(16), nullable=True)  # emoji shown for the group
+    created_by = Column(Integer, ForeignKey("users.id"), nullable=False)
+    created_at = Column(String(50), nullable=True)  # ISO 8601
+
+    members = relationship(
+        "GroupMember", back_populates="group", cascade="all, delete-orphan"
+    )
+    group_calendar = relationship(
+        "GroupCalendar", back_populates="group", uselist=False,
+        cascade="all, delete-orphan",
+    )
+
+
+class GroupMember(Base):
+    __tablename__ = "group_members"
+    __table_args__ = (
+        UniqueConstraint("group_id", "user_id", name="uq_group_member"),
+    )
+
+    id = Column(Integer, primary_key=True, index=True)
+    group_id = Column(Integer, ForeignKey("groups.id"), nullable=False)
+    user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
+    role = Column(String(10), default="member")  # 'owner' | 'member'
+    color = Column(String(7), nullable=True)  # this member's colour within the group
+    joined_at = Column(String(50), nullable=True)  # ISO 8601
+
+    group = relationship("Group", back_populates="members")
+    user = relationship("User")
+
+
+class GroupCalendar(Base):
+    """1:1 link between a group and its shared local calendar."""
+
+    __tablename__ = "group_calendars"
+    __table_args__ = (
+        UniqueConstraint("group_id", name="uq_group_calendar_group"),
+        UniqueConstraint("calendar_id", name="uq_group_calendar_calendar"),
+    )
+
+    id = Column(Integer, primary_key=True, index=True)
+    group_id = Column(Integer, ForeignKey("groups.id"), nullable=False)
+    calendar_id = Column(Integer, ForeignKey("local_calendars.id"), nullable=False)
+
+    group = relationship("Group", back_populates="group_calendar")
+    calendar = relationship("LocalCalendar")
diff --git a/backend/permissions.py b/backend/permissions.py
new file mode 100644
index 0000000..3c86c3b
--- /dev/null
+++ b/backend/permissions.py
@@ -0,0 +1,126 @@
+"""Central access control for local calendars.
+
+Local calendars are visible/writable to a user if any of the following holds:
+  - the user owns the calendar (LocalCalendar.user_id),
+  - the calendar is shared with the user (calendar_shares; write needs 'read_write'),
+  - the calendar is a group calendar and the user is a member of that group
+    (members get read & write).
+
+These helpers replace the scattered owner-only filters so sharing and groups
+work consistently across every local-calendar endpoint and the event merge read.
+"""
+
+from typing import Optional
+
+from fastapi import HTTPException
+from sqlalchemy.orm import Session
+
+import models
+
+
+def _share_for(db: Session, calendar_id: int, user_id: int) -> Optional[models.CalendarShare]:
+    return (
+        db.query(models.CalendarShare)
+        .filter(
+            models.CalendarShare.calendar_id == calendar_id,
+            models.CalendarShare.user_id == user_id,
+        )
+        .first()
+    )
+
+
+def _is_group_calendar_member(db: Session, calendar_id: int, user_id: int) -> bool:
+    gc = (
+        db.query(models.GroupCalendar)
+        .filter(models.GroupCalendar.calendar_id == calendar_id)
+        .first()
+    )
+    if not gc:
+        return False
+    member = (
+        db.query(models.GroupMember)
+        .filter(
+            models.GroupMember.group_id == gc.group_id,
+            models.GroupMember.user_id == user_id,
+        )
+        .first()
+    )
+    return member is not None
+
+
+def accessible_local_calendar(
+    db: Session,
+    user: models.User,
+    calendar_id: int,
+    *,
+    require_write: bool = False,
+) -> models.LocalCalendar:
+    """Return the calendar if the user may access it, else raise 404/403.
+
+    404 when the calendar does not exist or is not visible to the user (so we
+    don't leak existence). 403 when it is visible (read) but write is required.
+    """
+    cal = (
+        db.query(models.LocalCalendar)
+        .filter(models.LocalCalendar.id == calendar_id)
+        .first()
+    )
+    if not cal:
+        raise HTTPException(404, "Calendar not found")
+
+    if cal.user_id == user.id:
+        return cal  # owner: full access
+
+    if _is_group_calendar_member(db, calendar_id, user.id):
+        return cal  # group members get read & write
+
+    share = _share_for(db, calendar_id, user.id)
+    if share is None:
+        raise HTTPException(404, "Calendar not found")
+    if require_write and share.permission != "read_write":
+        raise HTTPException(403, "You only have read access to this calendar")
+    return cal
+
+
+def is_calendar_owner(db: Session, user: models.User, calendar_id: int) -> models.LocalCalendar:
+    """Return the calendar only if the user owns it, else raise 404."""
+    cal = (
+        db.query(models.LocalCalendar)
+        .filter(
+            models.LocalCalendar.id == calendar_id,
+            models.LocalCalendar.user_id == user.id,
+        )
+        .first()
+    )
+    if not cal:
+        raise HTTPException(404, "Calendar not found")
+    return cal
+
+
+def readable_local_calendar_ids(db: Session, user: models.User) -> list[int]:
+    """All local calendar ids the user may read: own + shared + group calendars."""
+    ids: set[int] = set()
+
+    own = (
+        db.query(models.LocalCalendar.id)
+        .filter(models.LocalCalendar.user_id == user.id)
+        .all()
+    )
+    ids.update(r[0] for r in own)
+
+    shared = (
+        db.query(models.CalendarShare.calendar_id)
+        .filter(models.CalendarShare.user_id == user.id)
+        .all()
+    )
+    ids.update(r[0] for r in shared)
+
+    group_cals = (
+        db.query(models.GroupCalendar.calendar_id)
+        .join(models.GroupMember, models.GroupMember.group_id == models.GroupCalendar.group_id)
+        .filter(models.GroupMember.user_id == user.id)
+        .all()
+    )
+    ids.update(r[0] for r in group_cals)
+
+    return list(ids)
diff --git a/backend/routers/auth_router.py b/backend/routers/auth_router.py
index 98ede29..3aa16bd 100644
--- a/backend/routers/auth_router.py
+++ b/backend/routers/auth_router.py
@@ -32,7 +32,12 @@ class LoginRequest(BaseModel):
 
 
 def _user_dict(user: models.User) -> dict:
-    return {"id": user.id, "username": user.username, "is_admin": user.is_admin}
+    return {
+        "id": user.id,
+        "username": user.username,
+        "display_name": user.display_name or user.username,
+        "is_admin": user.is_admin,
+    }
 
 
 @router.get("/setup-required")
@@ -46,6 +51,7 @@ def setup(req: SetupRequest, db: Session = Depends(get_db)):
         raise HTTPException(400, "Setup already completed")
     user = models.User(
         username=req.username.lower(),
+        display_name=req.username.strip(),  # keep the original casing for display
         email=req.email,
         password_hash=get_password_hash(req.password),
         is_admin=True,
@@ -113,6 +119,7 @@ def me(current_user: models.User = Depends(get_current_user)):
     return {
         "id": current_user.id,
         "username": current_user.username,
+        "display_name": current_user.display_name or current_user.username,
         "email": current_user.email,
         "is_admin": current_user.is_admin,
         "has_avatar": current_user.avatar_filename is not None,
diff --git a/backend/routers/caldav_router.py b/backend/routers/caldav_router.py
index 98e2304..d93fc38 100644
--- a/backend/routers/caldav_router.py
+++ b/backend/routers/caldav_router.py
@@ -11,8 +11,16 @@ from sqlalchemy import or_
 
 import caldav_client
 import models
+import permissions
 from auth import get_current_user
 from database import get_db
+from local_events_util import (
+    apply_event_privacy,
+    build_local_event_dict,
+    expand_recurring_local,
+    private_visibility_for,
+    resolve_creator,
+)
 from routers.ical_router import _refresh_if_needed, get_events_for_subscription
 
 logger = logging.getLogger(__name__)
@@ -82,101 +90,6 @@ def _account_dict(a: models.CalDAVAccount) -> dict:
     }
 
 
-def _expand_recurring_local(ev, local_cal, range_start, range_end):
-    """Expand a recurring LocalEvent into individual occurrences within the date range."""
-    results = []
-    # Parse excluded dates
-    excluded = set()
-    if ev.exdate:
-        for d in ev.exdate.split(","):
-            d = d.strip()
-            if d:
-                excluded.add(d)
-    try:
-        ev_start_str = ev.start.replace("Z", "+00:00")
-        ev_end_str = ev.end.replace("Z", "+00:00")
-
-        if ev.all_day:
-            ev_start = dt_date.fromisoformat(ev_start_str[:10])
-            ev_end = dt_date.fromisoformat(ev_end_str[:10])
-            duration = ev_end - ev_start
-            rule = rrulestr(f"RRULE:{ev.rrule}", dtstart=dt_datetime.combine(ev_start, dt_datetime.min.time()))
-            r_start = dt_datetime.combine(range_start if isinstance(range_start, dt_date) else range_start.date(), dt_datetime.min.time())
-            r_end = dt_datetime.combine(range_end if isinstance(range_end, dt_date) else range_end.date(), dt_datetime.min.time())
-            occurrences = rule.between(r_start - timedelta(days=1), r_end + timedelta(days=1), inc=True)
-            for occ in occurrences:
-                occ_start = occ.date()
-                occ_key = occ_start.strftime("%Y%m%d")
-                if occ_key in excluded:
-                    continue
-                occ_end = occ_start + duration
-                results.append({
-                    "id": ev.uid,
-                    "url": f"local://{ev.uid}",
-                    "title": ev.title,
-                    "start": occ_start.isoformat(),
-                    "end": occ_end.isoformat(),
-                    "allDay": True,
-                    "location": ev.location or "",
-                    "description": ev.description or "",
-                    "color": ev.color,
-                    "rrule": ev.rrule,
-                    "calendar_id": f"local-{local_cal.id}",
-                    "calendar_name": local_cal.name,
-                    "calendarColor": local_cal.color,
-                    "source": "local",
-                })
-        else:
-            ev_start = dt_datetime.fromisoformat(ev_start_str)
-            ev_end = dt_datetime.fromisoformat(ev_end_str)
-            if ev_start.tzinfo is None:
-                ev_start = ev_start.replace(tzinfo=dt_timezone.utc)
-            if ev_end.tzinfo is None:
-                ev_end = ev_end.replace(tzinfo=dt_timezone.utc)
-            duration = ev_end - ev_start
-            rule = rrulestr(f"RRULE:{ev.rrule}", dtstart=ev_start)
-            r_start = range_start if isinstance(range_start, dt_datetime) else dt_datetime.combine(range_start, dt_datetime.min.time(), tzinfo=dt_timezone.utc)
-            r_end = range_end if isinstance(range_end, dt_datetime) else dt_datetime.combine(range_end, dt_datetime.min.time(), tzinfo=dt_timezone.utc)
-            if r_start.tzinfo is None:
-                r_start = r_start.replace(tzinfo=dt_timezone.utc)
-            if r_end.tzinfo is None:
-                r_end = r_end.replace(tzinfo=dt_timezone.utc)
-            occurrences = rule.between(r_start - timedelta(days=1), r_end + timedelta(days=1), inc=True)
-            for occ in occurrences:
-                occ_key = occ.strftime("%Y%m%d")
-                if occ_key in excluded:
-                    continue
-                occ_end = occ + duration
-                results.append({
-                    "id": ev.uid,
-                    "url": f"local://{ev.uid}",
-                    "title": ev.title,
-                    "start": occ.isoformat(),
-                    "end": occ_end.isoformat(),
-                    "allDay": False,
-                    "location": ev.location or "",
-                    "description": ev.description or "",
-                    "color": ev.color,
-                    "rrule": ev.rrule,
-                    "calendar_id": f"local-{local_cal.id}",
-                    "calendar_name": local_cal.name,
-                    "calendarColor": local_cal.color,
-                    "source": "local",
-                })
-    except Exception as exc:
-        logger.warning("Error expanding recurring event %s: %s", ev.uid, exc)
-        # Fall back to single event
-        results.append({
-            "id": ev.uid, "url": f"local://{ev.uid}", "title": ev.title,
-            "start": ev.start, "end": ev.end, "allDay": ev.all_day,
-            "location": ev.location or "", "description": ev.description or "",
-            "color": ev.color, "rrule": ev.rrule,
-            "calendar_id": f"local-{local_cal.id}", "calendar_name": local_cal.name,
-            "calendarColor": local_cal.color, "source": "local",
-        })
-    return results
-
-
 def _normalize_url(url: str) -> str:
     """Normalize URL for comparison: lowercase scheme/host, strip trailing slash."""
     parsed = urlparse(url)
@@ -417,15 +330,25 @@ def get_events(
                     "Error fetching calendar %s: %s", calendar.id, exc
                 )
 
-    # ── Local calendar events ─────────────────────────────
+    # ── Local calendar events (own + shared + group calendars) ─────────────
+    readable_ids = permissions.readable_local_calendar_ids(db, current_user)
     local_calendars = (
         db.query(models.LocalCalendar)
         .filter(
-            models.LocalCalendar.user_id == current_user.id,
+            models.LocalCalendar.id.in_(readable_ids),
             models.LocalCalendar.enabled == True,
         )
         .all()
-    )
+    ) if readable_ids else []
+    name_cache = {u.id: (u.display_name or u.username) for u in db.query(models.User).all()}
+    # Cache each owner's private-event visibility (one lookup per owner, not per event).
+    vis_cache: dict = {}
+
+    def vis_for(uid: int) -> str:
+        if uid not in vis_cache:
+            vis_cache[uid] = private_visibility_for(db, uid)
+        return vis_cache[uid]
+
     for local_cal in local_calendars:
         local_events = (
             db.query(models.LocalEvent)
@@ -441,25 +364,28 @@ def get_events(
             .all()
         )
         for ev in local_events:
+            creator = resolve_creator(ev, name_cache=name_cache)
+            # A private event belonging to someone else (shared calendar or group
+            # calendar) must honour that owner's private_event_visibility, exactly
+            # like the group combined view — otherwise private titles/locations
+            # leak through the ordinary calendar read.
+            owner_id = ev.creator_id or local_cal.user_id
+            is_priv = bool(ev.is_private)
+            foreign_private = is_priv and owner_id != current_user.id
+            visibility = vis_for(owner_id) if foreign_private else "busy"
+            if foreign_private and visibility == "hidden":
+                continue
             if ev.rrule:
-                all_events.extend(_expand_recurring_local(ev, local_cal, start_dt, end_dt))
+                built = expand_recurring_local(ev, local_cal, start_dt, end_dt, creator=creator)
             else:
-                all_events.append({
-                    "id": ev.uid,
-                    "url": f"local://{ev.uid}",
-                    "title": ev.title,
-                    "start": ev.start,
-                    "end": ev.end,
-                    "allDay": ev.all_day,
-                    "location": ev.location or "",
-                    "description": ev.description or "",
-                    "color": ev.color,
-                    "rrule": None,
-                    "calendar_id": f"local-{local_cal.id}",
-                    "calendar_name": local_cal.name,
-                    "calendarColor": local_cal.color,
-                    "source": "local",
-                })
+                built = [build_local_event_dict(ev, local_cal, rrule=None, creator=creator)]
+            for b in built:
+                b = apply_event_privacy(
+                    b, owner_id=owner_id, is_private=is_priv,
+                    requester_id=current_user.id, visibility=visibility,
+                )
+                if b is not None:
+                    all_events.append(b)
 
     # ── iCal subscription events ──────────────────────────
     ical_subs = (
diff --git a/backend/routers/groups_router.py b/backend/routers/groups_router.py
new file mode 100644
index 0000000..314e088
--- /dev/null
+++ b/backend/routers/groups_router.py
@@ -0,0 +1,448 @@
+"""Groups: shared group calendar + combined member-calendar overlay view.
+
+A group has members and exactly one group calendar (a local calendar owned by
+the creator, linked via group_calendars). Members get read/write on the group
+calendar (enforced by permissions.accessible_local_calendar). The combined view
+overlays every member's local calendars plus the group calendar, applying each
+member's private-event visibility setting.
+"""
+
+import logging
+from datetime import datetime, timezone
+from typing import List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, Query
+from pydantic import BaseModel
+from sqlalchemy import or_
+from sqlalchemy.orm import Session
+
+import models
+from auth import get_current_user
+from database import get_db
+from local_events_util import build_local_event_dict, expand_recurring_local, mask_busy_event
+
+logger = logging.getLogger(__name__)
+router = APIRouter()
+
+PALETTE = ["#4285f4", "#ea4335", "#fbbc04", "#34a853", "#ff6d00", "#46bdc6", "#8e24aa"]
+# Distinct per-member colours (server-defined so every client shows the same).
+MEMBER_PALETTE = ["#4285f4", "#ea4335", "#34a853", "#fbbc05", "#9c27b0", "#ff7043", "#46bdc6", "#7090c0"]
+
+
+def _next_member_color(db: Session, group_id: int) -> str:
+    n = db.query(models.GroupMember).filter(models.GroupMember.group_id == group_id).count()
+    return MEMBER_PALETTE[n % len(MEMBER_PALETTE)]
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+class GroupCreate(BaseModel):
+    name: str
+    member_ids: List[int] = []
+    icon: Optional[str] = None
+
+
+class GroupUpdate(BaseModel):
+    name: Optional[str] = None
+    icon: Optional[str] = None
+
+
+class MemberAdd(BaseModel):
+    user_id: int
+
+
+def _membership(db: Session, group_id: int, user_id: int) -> Optional[models.GroupMember]:
+    return (
+        db.query(models.GroupMember)
+        .filter(
+            models.GroupMember.group_id == group_id,
+            models.GroupMember.user_id == user_id,
+        )
+        .first()
+    )
+
+
+def _require_member(db: Session, group: models.Group, user: models.User) -> models.GroupMember:
+    m = _membership(db, group.id, user.id)
+    if not m:
+        raise HTTPException(403, "You are not a member of this group")
+    return m
+
+
+def _require_owner(db: Session, group: models.Group, user: models.User) -> None:
+    m = _membership(db, group.id, user.id)
+    if not m or m.role != "owner":
+        raise HTTPException(403, "Only the group owner may do this")
+
+
+def _get_group_or_404(db: Session, group_id: int) -> models.Group:
+    g = db.query(models.Group).filter(models.Group.id == group_id).first()
+    if not g:
+        raise HTTPException(404, "Group not found")
+    return g
+
+
+def _group_calendar_id(db: Session, group_id: int) -> Optional[int]:
+    gc = (
+        db.query(models.GroupCalendar)
+        .filter(models.GroupCalendar.group_id == group_id)
+        .first()
+    )
+    return gc.calendar_id if gc else None
+
+
+def _group_calendar_color(db: Session, calendar_id: Optional[int]) -> Optional[str]:
+    if calendar_id is None:
+        return None
+    cal = db.query(models.LocalCalendar).filter(models.LocalCalendar.id == calendar_id).first()
+    return cal.color if cal else None
+
+
+@router.post("/")
+def create_group(
+    data: GroupCreate,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = models.Group(name=data.name, icon=(data.icon or None),
+                         created_by=current_user.id, created_at=_now_iso())
+    db.add(group)
+    db.flush()
+
+    # Creator is owner; add the requested members (deduped, excluding creator).
+    # Each member gets a distinct colour from the palette by join order.
+    db.add(models.GroupMember(group_id=group.id, user_id=current_user.id, role="owner",
+                              color=MEMBER_PALETTE[0], joined_at=_now_iso()))
+    seen = {current_user.id}
+    idx = 1
+    for uid in data.member_ids:
+        if uid in seen:
+            continue
+        if not db.query(models.User).filter(models.User.id == uid).first():
+            continue
+        db.add(models.GroupMember(group_id=group.id, user_id=uid, role="member",
+                                  color=MEMBER_PALETTE[idx % len(MEMBER_PALETTE)], joined_at=_now_iso()))
+        seen.add(uid)
+        idx += 1
+
+    # Auto-create the group calendar (a local calendar owned by the creator).
+    cal = models.LocalCalendar(
+        user_id=current_user.id,
+        name=f"{data.name} (Gruppe)",
+        color=PALETTE[group.id % len(PALETTE)],
+    )
+    db.add(cal)
+    db.flush()
+    db.add(models.GroupCalendar(group_id=group.id, calendar_id=cal.id))
+
+    db.commit()
+    db.refresh(group)
+    return _group_detail(db, group, current_user)
+
+
+@router.get("/")
+def list_groups(
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    memberships = (
+        db.query(models.GroupMember)
+        .filter(models.GroupMember.user_id == current_user.id)
+        .all()
+    )
+    out = []
+    for m in memberships:
+        group = db.query(models.Group).filter(models.Group.id == m.group_id).first()
+        if not group:
+            continue
+        member_count = db.query(models.GroupMember).filter(models.GroupMember.group_id == group.id).count()
+        gcal_id = _group_calendar_id(db, group.id)
+        out.append({
+            "id": group.id,
+            "name": group.name,
+            "icon": group.icon,
+            "role": m.role,
+            "member_count": member_count,
+            "group_calendar_id": gcal_id,
+            "group_calendar_color": _group_calendar_color(db, gcal_id),
+        })
+    return out
+
+
+def _group_detail(db: Session, group: models.Group, current_user: models.User) -> dict:
+    members = db.query(models.GroupMember).filter(models.GroupMember.group_id == group.id).all()
+    member_dicts = []
+    for i, m in enumerate(members):
+        u = db.query(models.User).filter(models.User.id == m.user_id).first()
+        member_dicts.append({
+            "id": m.user_id,
+            "display_name": (u.display_name or u.username) if u else None,
+            "role": m.role,
+            "color": m.color or MEMBER_PALETTE[i % len(MEMBER_PALETTE)],
+        })
+    gcal_id = _group_calendar_id(db, group.id)
+    return {
+        "id": group.id,
+        "name": group.name,
+        "icon": group.icon,
+        "created_by": group.created_by,
+        "members": member_dicts,
+        "group_calendar_id": gcal_id,
+        "group_calendar_color": _group_calendar_color(db, gcal_id),
+    }
+
+
+@router.put("/{group_id}")
+def update_group(
+    group_id: int,
+    data: GroupUpdate,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    _require_owner(db, group, current_user)
+    if data.name is not None and data.name.strip():
+        group.name = data.name.strip()
+    if data.icon is not None:
+        group.icon = data.icon or None
+    db.commit()
+    return _group_detail(db, group, current_user)
+
+
+@router.get("/{group_id}")
+def get_group(
+    group_id: int,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    _require_member(db, group, current_user)
+    return _group_detail(db, group, current_user)
+
+
+@router.post("/{group_id}/members")
+def add_member(
+    group_id: int,
+    data: MemberAdd,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    _require_owner(db, group, current_user)
+    if not db.query(models.User).filter(models.User.id == data.user_id).first():
+        raise HTTPException(404, "User not found")
+    if _membership(db, group_id, data.user_id):
+        return {"ok": True}  # already a member
+    db.add(models.GroupMember(group_id=group_id, user_id=data.user_id, role="member",
+                              color=_next_member_color(db, group_id), joined_at=_now_iso()))
+    db.commit()
+    return {"ok": True}
+
+
+class MemberColorUpdate(BaseModel):
+    color: str
+
+
+@router.put("/{group_id}/members/{user_id}/color")
+def set_member_color(
+    group_id: int,
+    user_id: int,
+    data: MemberColorUpdate,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    # Owner may recolour anyone; a member may recolour themselves.
+    if user_id != current_user.id:
+        _require_owner(db, group, current_user)
+    else:
+        _require_member(db, group, current_user)
+    m = _membership(db, group_id, user_id)
+    if not m:
+        raise HTTPException(404, "Member not found")
+    m.color = data.color
+    db.commit()
+    return {"ok": True}
+
+
+@router.delete("/{group_id}/members/{user_id}")
+def remove_member(
+    group_id: int,
+    user_id: int,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    # Owner can remove anyone; a member may remove themselves (leave).
+    if user_id != current_user.id:
+        _require_owner(db, group, current_user)
+    else:
+        _require_member(db, group, current_user)
+    target = _membership(db, group_id, user_id)
+    if not target:
+        raise HTTPException(404, "Member not found")
+    if target.role == "owner":
+        raise HTTPException(422, "The owner cannot be removed; delete the group instead")
+    db.delete(target)
+    db.commit()
+    return {"ok": True}
+
+
+@router.delete("/{group_id}")
+def delete_group(
+    group_id: int,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    _require_owner(db, group, current_user)
+    # Remove the group calendar (and its events) too.
+    gc = db.query(models.GroupCalendar).filter(models.GroupCalendar.group_id == group_id).first()
+    if gc:
+        cal = db.query(models.LocalCalendar).filter(models.LocalCalendar.id == gc.calendar_id).first()
+        if cal:
+            db.delete(cal)  # cascades to events
+    db.delete(group)  # cascades to members + group_calendar link
+    db.commit()
+    return {"ok": True}
+
+
+def _first_name(name: Optional[str]) -> str:
+    if not name:
+        return ""
+    return name.split(" ", 1)[0]
+
+
+def _decorate_title(title: str, *, is_group: bool, creator: Optional[dict],
+                    owner: Optional[dict], me_id: int) -> str:
+    """Server-side display title for the combined view so every client (web,
+    iOS, Android) renders identically: another member's / creator's first name
+    is prefixed. No icon glyph is embedded — group icons are semantic keys the
+    clients render as native vector icons, and group-calendar events are
+    distinguished by their (group) colour. The raw `title` stays for editing."""
+    if is_group:
+        if creator and creator.get("id") is not None and creator.get("id") != me_id:
+            return f"{_first_name(creator.get('display_name'))}: {title}"
+        return title
+    if owner and owner.get("id") is not None and owner.get("id") != me_id:
+        return f"{_first_name(owner.get('display_name'))}: {title}"
+    return title
+
+
+@router.get("/{group_id}/combined")
+def combined_events(
+    group_id: int,
+    start: str = Query(...),
+    end: str = Query(...),
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    group = _get_group_or_404(db, group_id)
+    _require_member(db, group, current_user)
+
+    try:
+        start_dt = datetime.fromisoformat(start.replace("Z", "+00:00"))
+        end_dt = datetime.fromisoformat(end.replace("Z", "+00:00"))
+    except ValueError:
+        raise HTTPException(400, "Invalid date format — use ISO 8601")
+    if start_dt.tzinfo is None:
+        start_dt = start_dt.replace(tzinfo=timezone.utc)
+    if end_dt.tzinfo is None:
+        end_dt = end_dt.replace(tzinfo=timezone.utc)
+
+    members = db.query(models.GroupMember).filter(models.GroupMember.group_id == group_id).all()
+    name_cache = {u.id: (u.display_name or u.username) for u in db.query(models.User).all()}
+    visibility_cache: dict[int, str] = {}
+
+    def visibility_for(user_id: int) -> str:
+        if user_id not in visibility_cache:
+            s = db.query(models.UserSettings).filter(models.UserSettings.user_id == user_id).first()
+            visibility_cache[user_id] = (s.private_event_visibility if s else None) or "busy"
+        return visibility_cache[user_id]
+
+    group_cal_id = _group_calendar_id(db, group_id)
+    group_cal_color = _group_calendar_color(db, group_cal_id)
+    # Server-defined colours so every client renders members/group consistently.
+    member_color = {
+        m.user_id: (m.color or MEMBER_PALETTE[i % len(MEMBER_PALETTE)])
+        for i, m in enumerate(members)
+    }
+    all_events: list[dict] = []
+
+    def emit_calendar(cal: models.LocalCalendar, owner_id: int, is_group: bool):
+        owner_user = name_cache.get(owner_id)
+        owner = {"id": owner_id, "display_name": owner_user}
+        events = (
+            db.query(models.LocalEvent)
+            .filter(
+                models.LocalEvent.calendar_id == cal.id,
+                or_(
+                    (models.LocalEvent.rrule == None) & (models.LocalEvent.start < end) & (models.LocalEvent.end > start),
+                    models.LocalEvent.rrule != None,
+                ),
+            )
+            .all()
+        )
+        for ev in events:
+            creator_owner_id = ev.creator_id or owner_id
+            # Private filtering for events that belong to someone else.
+            if ev.is_private and creator_owner_id != current_user.id:
+                vis = visibility_for(creator_owner_id)
+                if vis == "hidden":
+                    continue
+            creator = None
+            if ev.creator_id and name_cache.get(ev.creator_id):
+                creator = {"id": ev.creator_id, "display_name": name_cache[ev.creator_id]}
+            elif ev.creator_name_external:
+                creator = {"id": None, "display_name": f"{ev.creator_name_external} (importiert)"}
+
+            if ev.rrule:
+                built = expand_recurring_local(ev, cal, start_dt, end_dt, creator=creator, owner=owner, is_group_event=is_group)
+            else:
+                built = [build_local_event_dict(ev, cal, rrule=None, creator=creator, owner=owner, is_group_event=is_group)]
+
+            for b in built:
+                if ev.is_private and creator_owner_id != current_user.id and visibility_for(creator_owner_id) == "busy":
+                    b = mask_busy_event(b)
+                # Colour to render with: the group calendar's colour for group
+                # events, otherwise the owning member's group colour.
+                b["display_color"] = group_cal_color if is_group else member_color.get(owner_id)
+                # Decorated title (group icon / owner name) computed server-side
+                # so all clients render identically; raw `title` kept for editing.
+                b["display_title"] = _decorate_title(
+                    b.get("title", ""), is_group=is_group, creator=b.get("creator"),
+                    owner=owner, me_id=current_user.id,
+                )
+                all_events.append(b)
+
+    # Each member shares exactly one calendar into their groups, chosen in their
+    # settings (group_visible_calendar_id). Only that calendar is overlaid.
+    for m in members:
+        settings = (
+            db.query(models.UserSettings)
+            .filter(models.UserSettings.user_id == m.user_id)
+            .first()
+        )
+        visible_id = settings.group_visible_calendar_id if settings else None
+        if visible_id is None or visible_id == group_cal_id:
+            continue
+        cal = (
+            db.query(models.LocalCalendar)
+            .filter(
+                models.LocalCalendar.id == visible_id,
+                models.LocalCalendar.user_id == m.user_id,  # must be the member's own
+            )
+            .first()
+        )
+        if cal:
+            emit_calendar(cal, m.user_id, is_group=False)
+
+    # The group calendar itself.
+    if group_cal_id is not None:
+        group_cal = db.query(models.LocalCalendar).filter(models.LocalCalendar.id == group_cal_id).first()
+        if group_cal:
+            emit_calendar(group_cal, group_cal.user_id, is_group=True)
+
+    return {"events": all_events}
diff --git a/backend/routers/local_router.py b/backend/routers/local_router.py
index e7d6b97..5f4c980 100644
--- a/backend/routers/local_router.py
+++ b/backend/routers/local_router.py
@@ -1,17 +1,26 @@
 import uuid
-from typing import Optional
+from datetime import datetime, timezone
+from typing import List, Optional
 
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, Form, HTTPException, Query, UploadFile, File
+from fastapi.responses import Response
 from pydantic import BaseModel
 from sqlalchemy.orm import Session
 
+import ical_io
 import models
+import permissions
 from auth import get_current_user
 from database import get_db
+from local_events_util import build_local_event_dict, resolve_creator
 
 router = APIRouter()
 
 
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
 class CalendarCreate(BaseModel):
     name: str
     color: str = "#34a853"
@@ -33,6 +42,8 @@ class EventCreate(BaseModel):
     description: Optional[str] = None
     color: Optional[str] = None
     rrule: Optional[str] = None
+    private: bool = False
+    reminders: Optional[List[int]] = None  # minutes before start (0 = at start)
 
 
 class EventUpdate(BaseModel):
@@ -45,35 +56,34 @@ class EventUpdate(BaseModel):
     color: Optional[str] = None
     rrule: Optional[str] = None
     exdate: Optional[str] = None
+    private: Optional[bool] = None
+    reminders: Optional[List[int]] = None
 
 
-def _cal_dict(cal: models.LocalCalendar) -> dict:
-    return {
+class ShareCreate(BaseModel):
+    user_id: int
+    permission: str = "read"
+
+
+def _cal_dict(cal: models.LocalCalendar, *, owned: bool = True,
+              shared_by: Optional[str] = None, permission: Optional[str] = None) -> dict:
+    d = {
         "id": cal.id,
         "name": cal.name,
         "color": cal.color,
         "enabled": cal.enabled,
+        "type": "local",
+        "owned": owned,
     }
+    if shared_by is not None:
+        d["shared_by"] = shared_by
+    if permission is not None:
+        d["permission"] = permission
+    return d
 
 
-def _event_dict(ev: models.LocalEvent, cal: models.LocalCalendar) -> dict:
-    return {
-        "id": ev.uid,
-        "url": f"local://{ev.uid}",
-        "title": ev.title,
-        "start": ev.start,
-        "end": ev.end,
-        "allDay": ev.all_day,
-        "location": ev.location or "",
-        "description": ev.description or "",
-        "color": ev.color,
-        "rrule": ev.rrule,
-        "exdate": ev.exdate,
-        "calendar_id": f"local-{cal.id}",
-        "calendar_name": cal.name,
-        "calendarColor": cal.color,
-        "source": "local",
-    }
+def _event_dict(ev: models.LocalEvent, cal: models.LocalCalendar, db: Session) -> dict:
+    return build_local_event_dict(ev, cal, creator=resolve_creator(ev))
 
 
 # ── Calendar CRUD ─────────────────────────────────────────
@@ -83,12 +93,70 @@ def list_calendars(
     db: Session = Depends(get_db),
     current_user: models.User = Depends(get_current_user),
 ):
-    cals = (
+    # Map calendar_id -> group name for every group the user belongs to, so we
+    # can flag group calendars as such even when the user owns them (the creator
+    # owns the group calendar — it must still be marked group:true).
+    group_cal_map = {
+        cal_id: name
+        for cal_id, name in (
+            db.query(models.GroupCalendar.calendar_id, models.Group.name)
+            .join(models.Group, models.Group.id == models.GroupCalendar.group_id)
+            .join(models.GroupMember, models.GroupMember.group_id == models.GroupCalendar.group_id)
+            .filter(models.GroupMember.user_id == current_user.id)
+            .all()
+        )
+    }
+
+    # Own calendars
+    own = (
         db.query(models.LocalCalendar)
         .filter(models.LocalCalendar.user_id == current_user.id)
         .all()
     )
-    return [_cal_dict(c) for c in cals]
+    result = []
+    for c in own:
+        d = _cal_dict(c, owned=True)
+        if c.id in group_cal_map:
+            d["group"] = True
+            d["shared_by"] = group_cal_map[c.id]  # group name, for labelling
+        result.append(d)
+
+    seen_ids = {c.id for c in own}
+
+    # Calendars shared with this user
+    shares = (
+        db.query(models.CalendarShare)
+        .filter(models.CalendarShare.user_id == current_user.id)
+        .all()
+    )
+    for share in shares:
+        cal = share.calendar
+        if cal is None or cal.id in seen_ids:
+            continue
+        seen_ids.add(cal.id)
+        owner = db.query(models.User).filter(models.User.id == cal.user_id).first()
+        d = _cal_dict(
+            cal, owned=False,
+            shared_by=(owner.display_name or owner.username) if owner else None,
+            permission=share.permission,
+        )
+        if cal.id in group_cal_map:
+            d["group"] = True
+        result.append(d)
+
+    # Group calendars reached via membership (read_write) that aren't already
+    # listed, so members can select/see the group calendar.
+    for cal_id, group_name in group_cal_map.items():
+        if cal_id in seen_ids:
+            continue
+        cal = db.query(models.LocalCalendar).filter(models.LocalCalendar.id == cal_id).first()
+        if not cal:
+            continue
+        seen_ids.add(cal_id)
+        d = _cal_dict(cal, owned=False, shared_by=group_name, permission="read_write")
+        d["group"] = True
+        result.append(d)
+    return result
 
 
 @router.post("/calendars")
@@ -164,16 +232,10 @@ def create_event(
     db: Session = Depends(get_db),
     current_user: models.User = Depends(get_current_user),
 ):
-    cal = (
-        db.query(models.LocalCalendar)
-        .filter(
-            models.LocalCalendar.id == data.calendar_id,
-            models.LocalCalendar.user_id == current_user.id,
-        )
-        .first()
+    # Owner, shared (read_write), or group-member calendars are writable.
+    cal = permissions.accessible_local_calendar(
+        db, current_user, data.calendar_id, require_write=True
     )
-    if not cal:
-        raise HTTPException(404, "Calendar not found")
 
     ev = models.LocalEvent(
         calendar_id=cal.id,
@@ -186,11 +248,23 @@ def create_event(
         description=data.description,
         color=data.color,
         rrule=data.rrule,
+        is_private=data.private,
+        reminders=(",".join(str(m) for m in data.reminders) if data.reminders else None),
+        creator_id=current_user.id,  # server-side, never from the client
     )
     db.add(ev)
     db.commit()
     db.refresh(ev)
-    return _event_dict(ev, cal)
+    return _event_dict(ev, cal, db)
+
+
+def _writable_event(db: Session, current_user: models.User, uid: str) -> models.LocalEvent:
+    ev = db.query(models.LocalEvent).filter(models.LocalEvent.uid == uid).first()
+    if not ev:
+        raise HTTPException(404, "Event not found")
+    # Raises 404/403 unless the user may write this event's calendar.
+    permissions.accessible_local_calendar(db, current_user, ev.calendar_id, require_write=True)
+    return ev
 
 
 @router.put("/events/{uid}")
@@ -200,17 +274,9 @@ def update_event(
     db: Session = Depends(get_db),
     current_user: models.User = Depends(get_current_user),
 ):
-    ev = (
-        db.query(models.LocalEvent)
-        .join(models.LocalCalendar)
-        .filter(
-            models.LocalEvent.uid == uid,
-            models.LocalCalendar.user_id == current_user.id,
-        )
-        .first()
-    )
-    if not ev:
-        raise HTTPException(404, "Event not found")
+    ev = _writable_event(db, current_user, uid)
+    if data.private is not None:
+        ev.is_private = data.private
     if data.title is not None:
         ev.title = data.title
     if data.start is not None:
@@ -233,6 +299,8 @@ def update_event(
         if data.exdate not in dates:
             dates.append(data.exdate)
         ev.exdate = ",".join(dates)
+    if data.reminders is not None:
+        ev.reminders = ",".join(str(m) for m in data.reminders) if data.reminders else None
     db.commit()
     return {"ok": True}
 
@@ -243,17 +311,219 @@ def delete_event(
     db: Session = Depends(get_db),
     current_user: models.User = Depends(get_current_user),
 ):
-    ev = (
-        db.query(models.LocalEvent)
-        .join(models.LocalCalendar)
-        .filter(
-            models.LocalEvent.uid == uid,
-            models.LocalCalendar.user_id == current_user.id,
-        )
-        .first()
-    )
-    if not ev:
-        raise HTTPException(404, "Event not found")
+    ev = _writable_event(db, current_user, uid)
     db.delete(ev)
     db.commit()
     return {"ok": True}
+
+
+# ── Sharing (owner only) ──────────────────────────────────
+
+@router.get("/calendars/{calendar_id}/shares")
+def list_shares(
+    calendar_id: int,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    permissions.is_calendar_owner(db, current_user, calendar_id)
+    shares = (
+        db.query(models.CalendarShare)
+        .filter(models.CalendarShare.calendar_id == calendar_id)
+        .all()
+    )
+    out = []
+    for s in shares:
+        u = db.query(models.User).filter(models.User.id == s.user_id).first()
+        out.append({
+            "user_id": s.user_id,
+            "display_name": (u.display_name or u.username) if u else None,
+            "permission": s.permission,
+            "created_at": s.created_at,
+        })
+    return out
+
+
+@router.post("/calendars/{calendar_id}/shares")
+def add_share(
+    calendar_id: int,
+    data: ShareCreate,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    permissions.is_calendar_owner(db, current_user, calendar_id)
+    if data.permission not in ("read", "read_write"):
+        raise HTTPException(422, "permission must be 'read' or 'read_write'")
+    target = db.query(models.User).filter(models.User.id == data.user_id).first()
+    if not target:
+        raise HTTPException(404, "User not found")
+    if target.id == current_user.id:
+        raise HTTPException(422, "Cannot share a calendar with yourself")
+
+    share = (
+        db.query(models.CalendarShare)
+        .filter(
+            models.CalendarShare.calendar_id == calendar_id,
+            models.CalendarShare.user_id == data.user_id,
+        )
+        .first()
+    )
+    if share:
+        share.permission = data.permission  # update existing
+    else:
+        share = models.CalendarShare(
+            calendar_id=calendar_id,
+            user_id=data.user_id,
+            permission=data.permission,
+            created_at=_now_iso(),
+        )
+        db.add(share)
+    db.commit()
+    return {"ok": True}
+
+
+@router.delete("/calendars/{calendar_id}/shares/{user_id}")
+def remove_share(
+    calendar_id: int,
+    user_id: int,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    permissions.is_calendar_owner(db, current_user, calendar_id)
+    share = (
+        db.query(models.CalendarShare)
+        .filter(
+            models.CalendarShare.calendar_id == calendar_id,
+            models.CalendarShare.user_id == user_id,
+        )
+        .first()
+    )
+    if not share:
+        raise HTTPException(404, "Share not found")
+    db.delete(share)
+    db.commit()
+    return {"ok": True}
+
+
+# ── iCal Import / Export (local calendars only) ───────────
+
+def _import_ics_into(cal: models.LocalCalendar, raw: bytes, db: Session) -> dict:
+    parsed = ical_io.parse_ics(raw)
+    imported = 0
+    skipped = 0
+    errors = list(parsed["errors"])
+    # local_events.uid is globally unique. Dedupe against the DB AND within this
+    # file — e.g. Nextcloud exports recurring events as several VEVENTs sharing a
+    # UID (RECURRENCE-ID overrides), which would otherwise violate the constraint.
+    seen_uids: set[str] = set()
+    for item in parsed["events"]:
+        uid = item.get("uid") or str(uuid.uuid4())
+        if uid in seen_uids:
+            skipped += 1
+            continue
+        seen_uids.add(uid)
+        existing = db.query(models.LocalEvent).filter(models.LocalEvent.uid == uid).first()
+        if existing:
+            skipped += 1
+            continue
+        ev = models.LocalEvent(
+            calendar_id=cal.id,
+            uid=uid,
+            title=item.get("title") or "(ohne Titel)",
+            start=item["start"],
+            end=item["end"],
+            all_day=item.get("all_day", False),
+            location=item.get("location"),
+            description=item.get("description"),
+            rrule=item.get("rrule"),
+            exdate=item.get("exdate"),
+            creator_name_external=item.get("organizer"),
+        )
+        db.add(ev)
+        imported += 1
+    try:
+        db.commit()
+    except Exception as exc:
+        db.rollback()
+        raise ValueError(f"Import fehlgeschlagen: {exc}")
+    return {"imported": imported, "skipped": skipped, "errors": errors}
+
+
+# Cap .ics uploads so a huge file can't exhaust memory (read fully into RAM).
+MAX_ICS_BYTES = 5 * 1024 * 1024  # 5 MB — generous for calendars
+
+
+async def _read_capped(file: UploadFile) -> bytes:
+    raw = await file.read(MAX_ICS_BYTES + 1)
+    if len(raw) > MAX_ICS_BYTES:
+        raise HTTPException(413, "Datei zu groß (max. 5 MB)")
+    return raw
+
+
+@router.post("/calendars/{calendar_id}/import")
+async def import_calendar(
+    calendar_id: int,
+    file: UploadFile = File(...),
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    cal = permissions.accessible_local_calendar(db, current_user, calendar_id, require_write=True)
+    raw = await _read_capped(file)
+    try:
+        return _import_ics_into(cal, raw, db)
+    except ValueError as e:
+        raise HTTPException(422, str(e))
+
+
+@router.post("/import")
+async def import_generic(
+    file: UploadFile = File(...),
+    calendar_id: Optional[int] = Form(None),
+    create_calendar: bool = Form(False),
+    calendar_name: Optional[str] = Form(None),
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    # Read (capped) first so an oversized upload can't leave an empty calendar.
+    raw = await _read_capped(file)
+    if create_calendar:
+        cal = models.LocalCalendar(
+            user_id=current_user.id,
+            name=(calendar_name or "Importiert")[:120],
+        )
+        db.add(cal)
+        db.commit()
+        db.refresh(cal)
+    elif calendar_id is not None:
+        cal = permissions.accessible_local_calendar(db, current_user, calendar_id, require_write=True)
+    else:
+        raise HTTPException(422, "Provide calendar_id or create_calendar=true")
+
+    try:
+        result = _import_ics_into(cal, raw, db)
+    except ValueError as e:
+        raise HTTPException(422, str(e))
+    result["calendar_id"] = cal.id
+    return result
+
+
+@router.get("/calendars/{calendar_id}/export")
+def export_calendar(
+    calendar_id: int,
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    cal = permissions.accessible_local_calendar(db, current_user, calendar_id)
+    events = (
+        db.query(models.LocalEvent)
+        .filter(models.LocalEvent.calendar_id == cal.id)
+        .all()
+    )
+    # Resolve creator display names for ORGANIZER.
+    name_cache = {u.id: (u.display_name or u.username) for u in db.query(models.User).all()}
+    ics = ical_io.build_ics(cal, events, name_cache=name_cache)
+    safe_name = "".join(c for c in cal.name if c.isalnum() or c in (" ", "-", "_")).strip() or "calendar"
+    return Response(
+        content=ics,
+        media_type="text/calendar",
+        headers={"Content-Disposition": f'attachment; filename="{safe_name}.ics"'},
+    )
diff --git a/backend/routers/profile_router.py b/backend/routers/profile_router.py
index 564410b..1f16a37 100644
--- a/backend/routers/profile_router.py
+++ b/backend/routers/profile_router.py
@@ -1,4 +1,5 @@
 import io
+import re
 import base64
 from pathlib import Path
 from typing import Optional
@@ -8,11 +9,13 @@ import qrcode
 from fastapi import APIRouter, Depends, File, HTTPException, UploadFile
 from fastapi.responses import FileResponse, Response
 from PIL import Image
-from pydantic import BaseModel
+from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 
+from sqlalchemy import func
+
 import models
-from auth import get_current_user, get_password_hash, verify_password
+from auth import create_access_token, get_current_user, get_password_hash, verify_password
 from database import DATA_DIR, get_db
 
 router = APIRouter()
@@ -25,7 +28,16 @@ ALLOWED_TYPES = {"image/jpeg", "image/png", "image/webp"}
 
 # ── Schemas ───────────────────────────────────────────────
 class ProfileUpdate(BaseModel):
-    email: Optional[str] = None
+    # Length caps (SQLite ignores VARCHAR limits, so enforce here).
+    email: Optional[str] = Field(default=None, max_length=120)
+    display_name: Optional[str] = Field(default=None, max_length=80)
+    username: Optional[str] = Field(default=None, max_length=50)  # login name (stored lowercase)
+
+
+def _strip_controls(s: str) -> str:
+    """Remove control characters (defends against injected newlines / NULs that
+    could be reflected in other clients' calendar/sharing/group views)."""
+    return re.sub(r"[\x00-\x1f\x7f]", "", s).strip()
 
 
 class PasswordChange(BaseModel):
@@ -47,6 +59,7 @@ def get_profile(current_user: models.User = Depends(get_current_user)):
     return {
         "id": current_user.id,
         "username": current_user.username,
+        "display_name": current_user.display_name or current_user.username,
         "email": current_user.email,
         "is_admin": current_user.is_admin,
         "has_avatar": current_user.avatar_filename is not None,
@@ -60,10 +73,47 @@ def update_profile(
     db: Session = Depends(get_db),
     current_user: models.User = Depends(get_current_user),
 ):
+    result = {"ok": True}
     if data.email is not None:
-        current_user.email = data.email or None
+        email = _strip_controls(data.email)
+        if email:
+            if "@" not in email or "." not in email.split("@")[-1]:
+                raise HTTPException(422, "Invalid email address")
+            clash = (
+                db.query(models.User)
+                .filter(func.lower(models.User.email) == email.lower(),
+                        models.User.id != current_user.id)
+                .first()
+            )
+            if clash:
+                raise HTTPException(400, "Email already in use")
+            current_user.email = email
+        else:
+            current_user.email = None
+    if data.display_name is not None:
+        dn = _strip_controls(data.display_name)
+        current_user.display_name = dn or current_user.username
+    if data.username is not None:
+        new_login = _strip_controls(data.username).lower()
+        if not new_login:
+            raise HTTPException(422, "Login name cannot be empty")
+        if new_login != current_user.username:
+            taken = (
+                db.query(models.User)
+                .filter(func.lower(models.User.username) == new_login,
+                        models.User.id != current_user.id)
+                .first()
+            )
+            if taken:
+                raise HTTPException(400, "Username already taken")
+            current_user.username = new_login
+            db.commit()
+            # The JWT 'sub' is the login name — renaming it invalidates the old
+            # token, so hand back a fresh one for the client to store.
+            result["access_token"] = create_access_token({"sub": new_login})
+            return result
     db.commit()
-    return {"ok": True}
+    return result
 
 
 # ── Avatar ────────────────────────────────────────────────
diff --git a/backend/routers/settings_router.py b/backend/routers/settings_router.py
index a82ecb0..59a418b 100644
--- a/backend/routers/settings_router.py
+++ b/backend/routers/settings_router.py
@@ -1,6 +1,6 @@
 from typing import Optional
 
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException
 from pydantic import BaseModel
 from sqlalchemy.orm import Session
 
@@ -24,6 +24,12 @@ class SettingsUpdate(BaseModel):
     language: Optional[str] = None
     month_divider_color: Optional[str] = None
     month_label_color: Optional[str] = None
+    text_color: Optional[str] = None
+    line_color: Optional[str] = None
+    bg_color:   Optional[str] = None
+    private_event_visibility: Optional[str] = None
+    group_visible_calendar_id: Optional[int] = None
+    default_reminder_minutes: Optional[int] = None  # null = off
 
 
 def _settings_dict(s: models.UserSettings) -> dict:
@@ -40,6 +46,12 @@ def _settings_dict(s: models.UserSettings) -> dict:
         "language": s.language or "de",
         "month_divider_color": s.month_divider_color or "#7090c0",
         "month_label_color": s.month_label_color or "#7090c0",
+        "text_color": s.text_color,
+        "line_color": s.line_color,
+        "bg_color":   s.bg_color,
+        "private_event_visibility": s.private_event_visibility or "busy",
+        "group_visible_calendar_id": s.group_visible_calendar_id,
+        "default_reminder_minutes": s.default_reminder_minutes,
     }
 
 
@@ -76,8 +88,19 @@ def update_settings(
         settings = models.UserSettings(user_id=current_user.id)
         db.add(settings)
 
-    for field, value in data.model_dump(exclude_none=True).items():
-        setattr(settings, field, value)
+    if data.private_event_visibility is not None and data.private_event_visibility not in ("hidden", "busy"):
+        raise HTTPException(422, "private_event_visibility must be 'hidden' or 'busy'")
+
+    # For these three override colours, an explicit null is meaningful
+    # ("reset to default") and must be persisted as NULL. All other fields
+    # keep the previous behaviour where a null/missing value is ignored.
+    NULLABLE_OVERRIDES = {"text_color", "line_color", "bg_color", "group_visible_calendar_id", "default_reminder_minutes"}
+    update_data = data.model_dump(exclude_unset=True)
+    for field, value in update_data.items():
+        if field in NULLABLE_OVERRIDES:
+            setattr(settings, field, value or None)
+        elif value is not None:
+            setattr(settings, field, value)
 
     db.commit()
     return {"ok": True}
diff --git a/backend/routers/users_router.py b/backend/routers/users_router.py
index 7b50248..3c4831a 100644
--- a/backend/routers/users_router.py
+++ b/backend/routers/users_router.py
@@ -24,7 +24,13 @@ class ChangePasswordRequest(BaseModel):
 
 
 def _user_dict(u: models.User) -> dict:
-    return {"id": u.id, "username": u.username, "email": u.email, "is_admin": u.is_admin}
+    return {
+        "id": u.id,
+        "username": u.username,
+        "display_name": u.display_name or u.username,
+        "email": u.email,
+        "is_admin": u.is_admin,
+    }
 
 
 @router.get("/")
@@ -35,6 +41,25 @@ def list_users(
     return [_user_dict(u) for u in db.query(models.User).all()]
 
 
+@router.get("/directory")
+def user_directory(
+    db: Session = Depends(get_db),
+    current_user: models.User = Depends(get_current_user),
+):
+    """Lightweight list of all users (id + display_name) for sharing/group pickers.
+
+    Available to any authenticated user (unlike GET / which is admin-only).
+    Excludes the requesting user.
+    """
+    users = (
+        db.query(models.User)
+        .filter(models.User.id != current_user.id)
+        .order_by(models.User.username)
+        .all()
+    )
+    return [{"id": u.id, "display_name": u.display_name or u.username} for u in users]
+
+
 @router.post("/")
 def create_user(
     req: CreateUserRequest,
@@ -45,6 +70,7 @@ def create_user(
         raise HTTPException(400, "Username already taken")
     user = models.User(
         username=req.username.lower(),
+        display_name=req.username.strip(),  # keep the original casing for display
         email=req.email,
         password_hash=get_password_hash(req.password),
         is_admin=req.is_admin,
diff --git a/backend/tests/conftest.py b/backend/tests/conftest.py
new file mode 100644
index 0000000..105e3fd
--- /dev/null
+++ b/backend/tests/conftest.py
@@ -0,0 +1,61 @@
+"""Pytest fixtures: an isolated app + temp SQLite DB, wiped between tests."""
+
+import os
+import sys
+import tempfile
+from pathlib import Path
+
+# Use a throwaway data dir BEFORE importing the app (database.py reads DATA_DIR
+# at import time and builds the engine from it).
+os.environ.setdefault("DATA_DIR", tempfile.mkdtemp(prefix="calendarr-test-"))
+os.environ.setdefault("SECRET_KEY", "test-secret-key")
+
+BACKEND_DIR = Path(__file__).resolve().parents[1]
+sys.path.insert(0, str(BACKEND_DIR))
+
+import pytest
+from fastapi.testclient import TestClient
+
+import main  # noqa: E402  (creates tables + runs migrations against the temp DB)
+import models  # noqa: E402
+from database import engine  # noqa: E402
+
+
+@pytest.fixture
+def client():
+    return TestClient(main.app)
+
+
+@pytest.fixture(autouse=True)
+def clean_db():
+    """Wipe every table before each test for isolation."""
+    with engine.begin() as conn:
+        for table in reversed(models.Base.metadata.sorted_tables):
+            conn.execute(table.delete())
+    yield
+
+
+# ── Helpers ───────────────────────────────────────────────
+
+def register_admin(client, username="admin", password="pw"):
+    r = client.post("/api/auth/setup", json={"username": username, "password": password})
+    assert r.status_code == 200, r.text
+    return r.json()["access_token"]
+
+
+def create_user(client, admin_token, username, password="pw"):
+    r = client.post(
+        "/api/users/",
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json={"username": username, "password": password},
+    )
+    assert r.status_code == 200, r.text
+    uid = r.json()["id"]
+    # Log in to get the user's own token.
+    r2 = client.post("/api/auth/login", json={"username": username, "password": password})
+    assert r2.status_code == 200, r2.text
+    return uid, r2.json()["access_token"]
+
+
+def auth(token):
+    return {"Authorization": f"Bearer {token}"}
diff --git a/backend/tests/test_collaboration.py b/backend/tests/test_collaboration.py
new file mode 100644
index 0000000..2f2a89c
--- /dev/null
+++ b/backend/tests/test_collaboration.py
@@ -0,0 +1,411 @@
+"""Tests for sharing, group permissions, the iCal parser, and private filtering."""
+
+from conftest import register_admin, create_user, auth
+
+RANGE = {"start": "2026-06-01T00:00:00Z", "end": "2026-06-30T00:00:00Z"}
+
+
+def _make_calendar(client, token, name="Cal"):
+    r = client.post("/api/local/calendars", headers=auth(token), json={"name": name})
+    assert r.status_code == 200, r.text
+    return r.json()["id"]
+
+
+def _make_event(client, token, cal_id, title="Event", private=False,
+                start="2026-06-10T10:00:00+00:00", end="2026-06-10T11:00:00+00:00"):
+    r = client.post("/api/local/events", headers=auth(token), json={
+        "calendar_id": cal_id, "title": title, "start": start, "end": end,
+        "private": private,
+    })
+    assert r.status_code == 200, r.text
+    return r.json()
+
+
+# ── Sharing ───────────────────────────────────────────────
+
+def test_share_read_then_read_write(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+
+    cal_id = _make_calendar(client, admin, "Admins Kalender")
+    ev = _make_event(client, admin, cal_id, "Meeting")
+
+    # Creator field populated server-side.
+    assert ev["creator"]["display_name"] == "admin"
+    assert ev["type"] == "local"
+
+    # Share read-only with bob.
+    r = client.post(f"/api/local/calendars/{cal_id}/shares", headers=auth(admin),
+                    json={"user_id": b_id, "permission": "read"})
+    assert r.status_code == 200, r.text
+
+    # Bob sees the shared calendar with shared_by.
+    cals = client.get("/api/local/calendars", headers=auth(b_tok)).json()
+    shared = [c for c in cals if not c["owned"]]
+    assert len(shared) == 1
+    assert shared[0]["shared_by"] == "admin"
+    assert shared[0]["permission"] == "read"
+
+    # Bob sees the event in the merged read.
+    events = client.get("/api/caldav/events", headers=auth(b_tok), params=RANGE).json()["events"]
+    assert any(e["title"] == "Meeting" for e in events)
+
+    # Bob cannot write (read-only) -> 403.
+    r = client.post("/api/local/events", headers=auth(b_tok), json={
+        "calendar_id": cal_id, "title": "Nope",
+        "start": "2026-06-11T10:00:00+00:00", "end": "2026-06-11T11:00:00+00:00",
+    })
+    assert r.status_code == 403, r.text
+
+    # Upgrade to read_write -> bob can write.
+    client.post(f"/api/local/calendars/{cal_id}/shares", headers=auth(admin),
+                json={"user_id": b_id, "permission": "read_write"})
+    r = client.post("/api/local/events", headers=auth(b_tok), json={
+        "calendar_id": cal_id, "title": "Bobs Eintrag",
+        "start": "2026-06-11T10:00:00+00:00", "end": "2026-06-11T11:00:00+00:00",
+    })
+    assert r.status_code == 200, r.text
+    # Created by bob.
+    assert r.json()["creator"]["display_name"] == "bob"
+
+
+def test_non_owner_cannot_manage_shares(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    cal_id = _make_calendar(client, admin)
+    # Bob (no access at all) cannot list shares -> 404 (existence hidden).
+    r = client.get(f"/api/local/calendars/{cal_id}/shares", headers=auth(b_tok))
+    assert r.status_code == 404
+
+
+def test_unshared_calendar_invisible(client):
+    admin = register_admin(client)
+    _b_id, b_tok = create_user(client, admin, "bob")
+    cal_id = _make_calendar(client, admin)
+    _make_event(client, admin, cal_id, "Privat")
+    events = client.get("/api/caldav/events", headers=auth(b_tok), params=RANGE).json()["events"]
+    assert not any(e["title"] == "Privat" for e in events)
+
+
+# ── Groups ────────────────────────────────────────────────
+
+def test_group_create_and_members(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    c_id, c_tok = create_user(client, admin, "carol")
+
+    r = client.post("/api/groups/", headers=auth(admin),
+                    json={"name": "Familie", "member_ids": [b_id]})
+    assert r.status_code == 200, r.text
+    group = r.json()
+    gid = group["id"]
+    assert group["group_calendar_id"] is not None
+    assert {m["display_name"] for m in group["members"]} == {"admin", "bob"}
+
+    # Both members see the group.
+    assert any(g["id"] == gid for g in client.get("/api/groups/", headers=auth(b_tok)).json())
+    # Carol is not a member.
+    assert not any(g["id"] == gid for g in client.get("/api/groups/", headers=auth(c_tok)).json())
+    assert client.get(f"/api/groups/{gid}", headers=auth(c_tok)).status_code == 403
+
+    # Only owner adds members.
+    assert client.post(f"/api/groups/{gid}/members", headers=auth(b_tok),
+                       json={"user_id": c_id}).status_code == 403
+    assert client.post(f"/api/groups/{gid}/members", headers=auth(admin),
+                       json={"user_id": c_id}).status_code == 200
+
+    # Member can leave; owner cannot be removed.
+    assert client.delete(f"/api/groups/{gid}/members/{c_id}", headers=auth(c_tok)).status_code == 200
+    admin_id = client.get("/api/auth/me", headers=auth(admin)).json()["id"]
+    assert client.delete(f"/api/groups/{gid}/members/{admin_id}", headers=auth(admin)).status_code == 422
+
+
+def test_group_members_can_write_group_calendar(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    group = client.post("/api/groups/", headers=auth(admin),
+                        json={"name": "Team", "member_ids": [b_id]}).json()
+    gcal = group["group_calendar_id"]
+    # Bob (member, not owner of the calendar) can create in the group calendar.
+    r = client.post("/api/local/events", headers=auth(b_tok), json={
+        "calendar_id": gcal, "title": "Teamtermin",
+        "start": "2026-06-12T09:00:00+00:00", "end": "2026-06-12T10:00:00+00:00",
+    })
+    assert r.status_code == 200, r.text
+
+
+def test_group_member_colors_and_display_color(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    group = client.post("/api/groups/", headers=auth(admin),
+                        json={"name": "Team", "member_ids": [b_id]}).json()
+    gid = group["id"]
+    gcal = group["group_calendar_id"]
+
+    # Each member has a server-assigned colour; the group exposes its calendar colour.
+    detail = client.get(f"/api/groups/{gid}", headers=auth(admin)).json()
+    assert all(m.get("color") for m in detail["members"])
+    assert detail.get("group_calendar_color")
+
+    # Owner can recolour a member.
+    r = client.put(f"/api/groups/{gid}/members/{b_id}/color", headers=auth(admin),
+                   json={"color": "#123456"})
+    assert r.status_code == 200, r.text
+    detail2 = client.get(f"/api/groups/{gid}", headers=auth(admin)).json()
+    assert any(m["id"] == b_id and m["color"] == "#123456" for m in detail2["members"])
+
+    # Bob shares a calendar with an event; combined events carry display_color.
+    b_cal = _make_calendar(client, b_tok, "Bobs Kalender")
+    client.put("/api/settings/", headers=auth(b_tok), json={"group_visible_calendar_id": b_cal})
+    _make_event(client, b_tok, b_cal, "Bobs Termin")
+    _make_event(client, admin, gcal, "Gruppentermin")
+    evs = client.get(f"/api/groups/{gid}/combined", headers=auth(admin), params=RANGE).json()["events"]
+    by_title = {e["title"]: e for e in evs}
+    assert by_title["Bobs Termin"]["display_color"] == "#123456"  # Bob's member colour
+    assert by_title["Gruppentermin"]["display_color"] == detail2["group_calendar_color"]
+
+
+def test_group_calendar_listed_for_member(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    group = client.post("/api/groups/", headers=auth(admin),
+                        json={"name": "Team", "member_ids": [b_id]}).json()
+    gcal = group["group_calendar_id"]
+    # Bob (member, not owner) sees the group calendar in his local list, flagged.
+    cals = client.get("/api/local/calendars", headers=auth(b_tok)).json()
+    gc = [c for c in cals if c["id"] == gcal]
+    assert gc and gc[0].get("group") is True
+    assert gc[0]["permission"] == "read_write" and gc[0]["owned"] is False
+
+
+def test_combined_view_marks_owner_and_group_event(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    group = client.post("/api/groups/", headers=auth(admin),
+                        json={"name": "Team", "member_ids": [b_id]}).json()
+    gid = group["id"]
+    gcal = group["group_calendar_id"]
+
+    # Bob's own calendar + event; Bob designates it as his group-visible calendar.
+    b_cal = _make_calendar(client, b_tok, "Bobs Kalender")
+    client.put("/api/settings/", headers=auth(b_tok), json={"group_visible_calendar_id": b_cal})
+    _make_event(client, b_tok, b_cal, "Bobs Termin")
+    # A group-calendar event.
+    _make_event(client, admin, gcal, "Gruppentermin")
+
+    events = client.get(f"/api/groups/{gid}/combined", headers=auth(admin), params=RANGE).json()["events"]
+    titles = {e["title"]: e for e in events}
+    assert "Bobs Termin" in titles
+    assert titles["Bobs Termin"]["owner"]["display_name"] == "bob"
+    assert titles["Bobs Termin"].get("is_group_event") is not True
+    assert "Gruppentermin" in titles
+    assert titles["Gruppentermin"]["is_group_event"] is True
+
+
+# ── Private filtering ─────────────────────────────────────
+
+def _combined_titles(client, token, gid):
+    evs = client.get(f"/api/groups/{gid}/combined", headers=auth(token), params=RANGE).json()["events"]
+    return evs
+
+
+def test_private_visibility_hidden_and_busy(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    group = client.post("/api/groups/", headers=auth(admin),
+                        json={"name": "Team", "member_ids": [b_id]}).json()
+    gid = group["id"]
+
+    b_cal = _make_calendar(client, b_tok, "Bobs Kalender")
+    client.put("/api/settings/", headers=auth(b_tok), json={"group_visible_calendar_id": b_cal})
+    _make_event(client, b_tok, b_cal, "Geheimes", private=True,
+                start="2026-06-15T10:00:00+00:00", end="2026-06-15T11:00:00+00:00")
+
+    # Bob sees his own private event in full.
+    own = _combined_titles(client, b_tok, gid)
+    assert any(e["title"] == "Geheimes" for e in own)
+
+    # Default visibility = busy -> admin sees it as anonymous "Beschäftigt".
+    seen = _combined_titles(client, admin, gid)
+    busy = [e for e in seen if e["start"].startswith("2026-06-15")]
+    assert busy and all(e["title"] == "Beschäftigt" for e in busy)
+    assert all(e["location"] == "" and e["description"] == "" for e in busy)
+
+    # Switch bob to hidden -> admin no longer sees it at all.
+    client.put("/api/settings/", headers=auth(b_tok), json={"private_event_visibility": "hidden"})
+    seen2 = _combined_titles(client, admin, gid)
+    assert not any(e["start"].startswith("2026-06-15") for e in seen2)
+
+
+def test_member_calendar_hidden_until_designated(client):
+    admin = register_admin(client)
+    b_id, b_tok = create_user(client, admin, "bob")
+    group = client.post("/api/groups/", headers=auth(admin),
+                        json={"name": "Team", "member_ids": [b_id]}).json()
+    gid = group["id"]
+    b_cal = _make_calendar(client, b_tok, "Bobs Kalender")
+    _make_event(client, b_tok, b_cal, "Bobs Termin")
+
+    # Not designated yet -> admin doesn't see Bob's calendar in the combined view.
+    seen = _combined_titles(client, admin, gid)
+    assert not any(e["title"] == "Bobs Termin" for e in seen)
+
+    # After Bob designates it, it appears.
+    client.put("/api/settings/", headers=auth(b_tok), json={"group_visible_calendar_id": b_cal})
+    seen2 = _combined_titles(client, admin, gid)
+    assert any(e["title"] == "Bobs Termin" for e in seen2)
+
+
+def test_display_name_case_preserved_and_login_case_insensitive(client):
+    # Setup with mixed-case name: login name lowercased, display name kept.
+    r = client.post("/api/auth/setup", json={"username": "Guido", "password": "pw"})
+    assert r.status_code == 200, r.text
+    user = r.json()["user"]
+    assert user["username"] == "guido"
+    assert user["display_name"] == "Guido"
+
+    # Login is case-insensitive (typing the display name "GUIDO" works).
+    r2 = client.post("/api/auth/login", json={"username": "GUIDO", "password": "pw"})
+    assert r2.status_code == 200, r2.text
+    tok = r2.json()["access_token"]
+
+    # /me reflects the cased display name.
+    me = client.get("/api/auth/me", headers=auth(tok)).json()
+    assert me["display_name"] == "Guido" and me["username"] == "guido"
+
+
+def test_rename_login_name_returns_new_token(client):
+    admin = register_admin(client, "alice")
+    # Change display name (no token change).
+    r = client.put("/api/profile/", headers=auth(admin), json={"display_name": "Alice W."})
+    assert r.status_code == 200 and "access_token" not in r.json()
+    # Change login name -> fresh token, references survive (id is stable).
+    r2 = client.put("/api/profile/", headers=auth(admin), json={"username": "alice2"})
+    assert r2.status_code == 200 and r2.json().get("access_token")
+    new_tok = r2.json()["access_token"]
+    me = client.get("/api/auth/me", headers=auth(new_tok)).json()
+    assert me["username"] == "alice2" and me["display_name"] == "Alice W."
+
+
+def test_private_visibility_validation(client):
+    admin = register_admin(client)
+    r = client.put("/api/settings/", headers=auth(admin), json={"private_event_visibility": "bogus"})
+    assert r.status_code == 422
+
+
+# ── iCal import/export ────────────────────────────────────
+
+SAMPLE_ICS = b"""BEGIN:VCALENDAR
+VERSION:2.0
+PRODID:-//Test//EN
+BEGIN:VEVENT
+UID:evt-1@test
+SUMMARY:Importiert 1
+DTSTART:20260620T100000Z
+DTEND:20260620T110000Z
+LOCATION:Buero
+ORGANIZER;CN=Max Mustermann:mailto:max@example.com
+RRULE:FREQ=WEEKLY;BYDAY=MO
+END:VEVENT
+BEGIN:VEVENT
+UID:evt-2@test
+SUMMARY:Importiert 2
+DTSTART;VALUE=DATE:20260621
+DTEND;VALUE=DATE:20260622
+END:VEVENT
+END:VCALENDAR
+"""
+
+
+def test_ical_parser_roundtrip():
+    import ical_io
+    parsed = ical_io.parse_ics(SAMPLE_ICS)
+    assert len(parsed["events"]) == 2
+    ev1 = next(e for e in parsed["events"] if e["uid"] == "evt-1@test")
+    assert ev1["title"] == "Importiert 1"
+    assert ev1["location"] == "Buero"
+    assert ev1["organizer"] == "Max Mustermann"
+    assert ev1["rrule"] == "FREQ=WEEKLY;BYDAY=MO"
+    ev2 = next(e for e in parsed["events"] if e["uid"] == "evt-2@test")
+    assert ev2["all_day"] is True
+
+
+def test_import_dedupes_by_uid(client):
+    admin = register_admin(client)
+    cal_id = _make_calendar(client, admin, "Import-Ziel")
+
+    files = {"file": ("test.ics", SAMPLE_ICS, "text/calendar")}
+    r = client.post(f"/api/local/calendars/{cal_id}/import", headers=auth(admin), files=files)
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert body["imported"] == 2 and body["skipped"] == 0
+
+    # Re-import -> all skipped (UID dedupe).
+    files = {"file": ("test.ics", SAMPLE_ICS, "text/calendar")}
+    r2 = client.post(f"/api/local/calendars/{cal_id}/import", headers=auth(admin), files=files)
+    assert r2.json()["imported"] == 0 and r2.json()["skipped"] == 2
+
+    # Imported events carry the external creator name.
+    events = client.get("/api/caldav/events", headers=auth(admin), params=RANGE).json()["events"]
+    imported = [e for e in events if e["title"] == "Importiert 1"]
+    assert imported and imported[0]["creator"]["display_name"] == "Max Mustermann (importiert)"
+
+
+DUP_UID_ICS = b"""BEGIN:VCALENDAR
+VERSION:2.0
+PRODID:-//Nextcloud
+BEGIN:VEVENT
+UID:recurring@nc
+SUMMARY:Standup
+DTSTART:20260601T090000Z
+DTEND:20260601T091500Z
+RRULE:FREQ=WEEKLY;BYDAY=MO
+END:VEVENT
+BEGIN:VEVENT
+UID:recurring@nc
+RECURRENCE-ID:20260608T090000Z
+SUMMARY:Standup verschoben
+DTSTART:20260608T100000Z
+DTEND:20260608T101500Z
+END:VEVENT
+END:VCALENDAR
+"""
+
+
+def test_import_handles_duplicate_uid_in_file(client):
+    """Nextcloud exports recurring events as multiple VEVENTs sharing a UID;
+    importing must not 500 on the unique constraint."""
+    admin = register_admin(client)
+    cal_id = _make_calendar(client, admin, "NC")
+    files = {"file": ("nc.ics", DUP_UID_ICS, "text/calendar")}
+    r = client.post(f"/api/local/calendars/{cal_id}/import", headers=auth(admin), files=files)
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert body["imported"] == 1 and body["skipped"] == 1
+
+
+def test_export_contains_organizer_and_rrule(client):
+    admin = register_admin(client)
+    cal_id = _make_calendar(client, admin, "Export-Test")
+    _make_event(client, admin, cal_id, "Wöchentlich")
+    # Add a recurring rule via update.
+    events = client.get("/api/caldav/events", headers=auth(admin), params=RANGE).json()["events"]
+    uid = next(e["id"] for e in events if e["title"] == "Wöchentlich")
+    client.put(f"/api/local/events/{uid}", headers=auth(admin), json={"rrule": "FREQ=WEEKLY;BYDAY=MO"})
+
+    r = client.get(f"/api/local/calendars/{cal_id}/export", headers=auth(admin))
+    assert r.status_code == 200
+    assert r.headers["content-type"].startswith("text/calendar")
+    body = r.text
+    assert "BEGIN:VCALENDAR" in body
+    assert "ORGANIZER" in body and "admin" in body
+    assert "RRULE" in body
+
+
+def test_import_export_only_local(client):
+    """Import/export endpoints reject non-existent / inaccessible calendars."""
+    admin = register_admin(client)
+    _b, b_tok = create_user(client, admin, "bob")
+    cal_id = _make_calendar(client, admin, "Privat")
+    # Bob has no access -> 404 on export.
+    assert client.get(f"/api/local/calendars/{cal_id}/export", headers=auth(b_tok)).status_code == 404
diff --git a/frontend/css/app.css b/frontend/css/app.css
index 556a5db..e3f6e06 100644
--- a/frontend/css/app.css
+++ b/frontend/css/app.css
@@ -55,49 +55,129 @@ a { color: var(--primary); text-decoration: none; }
 .flex-col { display: flex; flex-direction: column; }
 .gap-8 { gap: 8px; }
 
-/* ── Buttons ────────────────────────────────────────────── */
+/* ── Buttons ──────────────────────────────────────────────
+   Modern pill style: fully rounded, subtle coloured shadow on the
+   prominent variants, lift on hover, snap back on press. The
+   primary-coloured glow follows --primary via color-mix(), so it adapts
+   when the user changes the theme colour in settings. */
 .btn {
-  display: inline-flex; align-items: center; gap: 6px;
-  padding: 8px 16px; border-radius: 20px;
-  font-weight: 500; transition: background var(--transition), color var(--transition);
+  display: inline-flex; align-items: center; justify-content: center;
+  gap: 8px;
+  padding: 10px 22px;
+  border-radius: 999px;
+  font-weight: 500; font-size: 14px;
+  letter-spacing: .1px;
   white-space: nowrap;
+  user-select: none;
+  -webkit-tap-highlight-color: transparent;
+  transition:
+    background var(--transition),
+    color var(--transition),
+    border-color var(--transition),
+    box-shadow .18s ease,
+    transform .12s ease,
+    filter var(--transition);
 }
+.btn:active { transform: translateY(0) scale(.985); transition-duration: .05s; }
+.btn:focus-visible {
+  outline: 2px solid var(--primary);
+  outline-offset: 2px;
+}
+
 .btn-primary {
   background: var(--primary);
   color: #fff;
+  box-shadow: 0 2px 8px rgba(66,133,244,.28);
+  box-shadow: 0 2px 8px color-mix(in srgb, var(--primary) 30%, transparent);
 }
-.btn-primary:hover { filter: brightness(1.12); }
+.btn-primary:hover {
+  filter: brightness(1.08);
+  transform: translateY(-1px);
+  box-shadow: 0 6px 18px rgba(66,133,244,.42);
+  box-shadow: 0 6px 18px color-mix(in srgb, var(--primary) 45%, transparent);
+}
+
 .btn-secondary {
   background: var(--bg-surface);
   color: var(--text-1);
   border: 1px solid var(--border);
 }
-.btn-secondary:hover { background: var(--bg-hover); }
-.btn-ghost { color: var(--primary); }
-.btn-ghost:hover { background: var(--primary-dim); }
-.btn-danger { background: var(--accent); color: #fff; }
-.btn-danger:hover { filter: brightness(1.1); }
-.btn-full { width: 100%; justify-content: center; }
+.btn-secondary:hover {
+  background: var(--bg-hover);
+  border-color: var(--primary);
+  transform: translateY(-1px);
+}
+
+.btn-ghost {
+  color: var(--primary);
+  background: transparent;
+}
+.btn-ghost:hover {
+  background: var(--primary-dim);
+  transform: translateY(-1px);
+}
+
+.btn-danger {
+  background: var(--accent);
+  color: #fff;
+  box-shadow: 0 2px 8px rgba(234,67,53,.28);
+  box-shadow: 0 2px 8px color-mix(in srgb, var(--accent) 30%, transparent);
+}
+.btn-danger:hover {
+  filter: brightness(1.08);
+  transform: translateY(-1px);
+  box-shadow: 0 6px 18px rgba(234,67,53,.42);
+  box-shadow: 0 6px 18px color-mix(in srgb, var(--accent) 45%, transparent);
+}
+
+.btn-full { width: 100%; }
+
+/* The big sidebar "Erstellen" button: same pill aesthetic, primary tinted,
+   lives in the calm dark sidebar so the shadow is a touch stronger. */
 .btn-fab {
   display: flex; align-items: center; gap: 10px;
-  padding: 12px 20px; border-radius: 24px;
-  background: var(--bg-surface);
-  color: var(--text-1);
+  padding: 12px 22px;
+  border-radius: 999px;
+  background: var(--primary);
+  color: #fff;
   font-weight: 600;
-  box-shadow: var(--shadow);
   margin: 16px 12px 8px;
-  transition: background var(--transition), box-shadow var(--transition);
+  box-shadow: 0 4px 14px rgba(66,133,244,.32);
+  box-shadow: 0 4px 14px color-mix(in srgb, var(--primary) 35%, transparent);
+  transition:
+    background var(--transition),
+    box-shadow .18s ease,
+    transform .12s ease,
+    filter var(--transition);
 }
-.btn-fab:hover { background: var(--bg-hover); box-shadow: var(--shadow-lg); }
+.btn-fab:hover {
+  filter: brightness(1.08);
+  transform: translateY(-1px);
+  box-shadow: 0 8px 22px rgba(66,133,244,.5);
+  box-shadow: 0 8px 22px color-mix(in srgb, var(--primary) 50%, transparent);
+}
+.btn-fab:active { transform: translateY(0) scale(.985); }
 
+/* Circular icon buttons (topbar nav, modal close, etc.) */
 .icon-btn {
   display: inline-flex; align-items: center; justify-content: center;
-  width: 40px; height: 40px; border-radius: 50%;
-  color: var(--text-2); transition: background var(--transition);
+  width: 40px; height: 40px;
+  border-radius: 50%;
+  color: var(--text-2);
   flex-shrink: 0;
+  -webkit-tap-highlight-color: transparent;
+  transition:
+    background var(--transition),
+    color var(--transition),
+    transform .1s ease;
 }
 .icon-btn svg { width: 20px; height: 20px; fill: currentColor; }
 .icon-btn:hover { background: var(--bg-hover); color: var(--text-1); }
+.icon-btn:active { transform: scale(.92); }
+.icon-btn:focus-visible {
+  outline: 2px solid var(--primary);
+  outline-offset: 2px;
+}
 
 /* ── Auth Screens ───────────────────────────────────────── */
 .auth-screen {
@@ -140,15 +220,22 @@ a { color: var(--primary); text-decoration: none; }
 .form-group input, .form-group select, .form-group textarea {
   background: var(--bg-app);
   border: 1px solid var(--border);
-  border-radius: var(--radius-sm);
-  padding: 10px 12px;
+  border-radius: 8px;
+  padding: 11px 14px;
   color: var(--text-1);
   outline: none;
-  transition: border-color var(--transition);
+  transition: border-color var(--transition), box-shadow var(--transition);
   width: 100%;
 }
+.form-group input:hover:not(:focus),
+.form-group select:hover:not(:focus),
+.form-group textarea:hover:not(:focus) {
+  border-color: var(--text-3);
+}
 .form-group input:focus, .form-group select:focus, .form-group textarea:focus {
   border-color: var(--primary);
+  box-shadow: 0 0 0 3px rgba(66,133,244,.18);
+  box-shadow: 0 0 0 3px color-mix(in srgb, var(--primary) 18%, transparent);
 }
 .form-group textarea { resize: vertical; }
 
@@ -448,8 +535,10 @@ a { color: var(--primary); text-decoration: none; }
   outline: none;
 }
 .cal-account-name { font-size: 11px; color: var(--text-3); padding: 4px 16px 2px; font-weight: 500; }
-.cal-item-remove { opacity: 0; }
-.cal-item:hover .cal-item-remove { opacity: 1; }
+/* Hide the remove/eye button until hover so the calendar name uses the full
+   width and only truncates while the button is visible. */
+.cal-item-remove { display: none; }
+.cal-item:hover .cal-item-remove { display: inline-flex; }
 
 /* ── Month View ─────────────────────────────────────────── */
 .month-view { display: flex; flex-direction: column; flex: 1; min-height: 0; }
@@ -493,7 +582,8 @@ a { color: var(--primary); text-decoration: none; }
 .cell-day {
   font-size: 12px; font-weight: 500; color: var(--text-2);
   width: 26px; height: 26px;
-  display: flex; align-items: center; justify-content: center;
+  display: inline-flex; align-items: center; justify-content: center;
+  vertical-align: top;
   border-radius: 50%; flex-shrink: 0;
 }
 .cell-day.today { background: var(--today-color); color: #fff; font-weight: 700; }
@@ -502,13 +592,8 @@ a { color: var(--primary); text-decoration: none; }
 .month-col {
   position: relative; /* anchor for divider pseudo-elements */
 }
-.month-col.first-of-month {
-  display: flex;
-  flex-direction: column;
-  align-items: flex-start;
-  gap: 0;
-  padding-top: 8px;
-}
+/* first-of-month keeps the normal block layout (number top-left); the month
+   label sits inline next to the number via .cell-day/.month-marker below. */
 /* Dividers via pseudo-elements so they render above events (z-index 2) */
 .month-col.month-divider-left::before {
   content: '';
@@ -552,14 +637,14 @@ a { color: var(--primary); text-decoration: none; }
   pointer-events: none;
 }
 .month-marker {
-  font-size: 14px;
-  font-weight: 700;
-  text-transform: uppercase;
-  letter-spacing: .5px;
+  font-size: 11px;
+  font-weight: 600;
+  text-transform: none;
+  letter-spacing: .3px;
   color: var(--month-label-color, #7090c0);
-  line-height: 1;
-  padding: 0 2px;
-  margin: 0 0 2px 4px;
+  line-height: 26px;          /* align with the day-number circle */
+  margin-left: 4px;
+  vertical-align: top;
   position: relative;
   z-index: 3; /* above events overlay (z-index 2) */
 }
@@ -568,10 +653,10 @@ a { color: var(--primary); text-decoration: none; }
   position: relative;
   z-index: 3;
 }
-/* Push events overlay down when row contains a first-of-month cell so the
-   day "1" (which sits below the month marker) isn't hidden by event bars */
+/* Month marker now sits inline next to the day number, so the header height is
+   uniform and the events overlay needs no extra offset for month-start weeks. */
 .month-row.has-month-marker .month-events-overlay {
-  top: 56px;
+  top: 30px;
 }
 /* Events overlay — pointer-events:none so clicks pass to columns */
 .month-events-overlay {
@@ -888,46 +973,131 @@ a { color: var(--primary); text-decoration: none; }
 }
 .ctx-item:hover { background: var(--bg-hover); }
 
-/* ── Event Popup ────────────────────────────────────────── */
+/* ── Event Popup ──────────────────────────────────────────
+   Layout: Color-Dot + Title links, kleine Icon-Toolbar rechts oben.
+   Icons sind im Ruhezustand transparent (nur das SVG selbst sichtbar),
+   bekommen erst beim Hover einen runden farbigen Hintergrund. Wirkt
+   modern und lässt dem Titel die meiste Breite. */
 .event-popup {
   position: fixed; z-index: 600;
-  background: var(--bg-surface);
-  border: 1px solid var(--border);
-  border-radius: var(--radius);
-  width: 300px;
-  box-shadow: var(--shadow-lg);
+  width: 320px;
+  background: var(--bg-surface); /* fallback for no color-mix */
+  background: color-mix(in srgb, var(--bg-surface) 86%, transparent);
+  -webkit-backdrop-filter: blur(22px) saturate(1.6);
+  backdrop-filter: blur(22px) saturate(1.6);
+  border: 1px solid color-mix(in srgb, var(--border) 80%, transparent);
+  border-radius: 16px;
+  box-shadow:
+    inset 0 1px 0 rgba(255,255,255,.05),
+    0 12px 40px rgba(0,0,0,.55),
+    0 2px 8px rgba(0,0,0,.4);
+  overflow: hidden;
+  transform-origin: top left;
+  animation: popupIn .18s cubic-bezier(.2,.8,.2,1);
 }
+@keyframes popupIn {
+  from { opacity: 0; transform: translateY(6px) scale(.97); }
+  to   { opacity: 1; transform: none; }
+}
+@media (prefers-reduced-motion: reduce) {
+  .event-popup { animation: none; }
+}
+
 .popup-header {
-  display: flex; align-items: center; gap: 8px;
-  padding: 12px 16px; border-bottom: 1px solid var(--border);
+  position: relative;
+  display: flex; align-items: flex-start; gap: 11px;
+  padding: 14px 10px 13px 18px;
+  background: linear-gradient(180deg,
+    color-mix(in srgb, var(--ev-color, var(--primary)) 13%, transparent), transparent);
 }
-.popup-color-dot { width: 12px; height: 12px; border-radius: 50%; flex-shrink: 0; }
-.popup-header h4 { flex: 1; font-size: 15px; font-weight: 500; }
-.popup-action, .popup-close { width: 32px; height: 32px; font-size: 16px; }
-.popup-body { padding: 12px 16px; }
-.popup-time, .popup-location, .popup-calendar { font-size: 13px; color: var(--text-2); margin-bottom: 6px; }
-.popup-description { font-size: 13px; color: var(--text-1); margin-bottom: 6px; white-space: pre-wrap; }
+/* Slim accent strip in the event's colour. */
+.popup-header::before {
+  content: ""; position: absolute; left: 0; top: 0; bottom: 0; width: 4px;
+  background: var(--ev-color, var(--primary));
+}
+.popup-color-dot {
+  width: 10px; height: 10px; border-radius: 50%;
+  background: var(--ev-color, var(--primary));
+  flex-shrink: 0; margin-top: 6px;
+  box-shadow: 0 0 0 3px color-mix(in srgb, var(--ev-color, var(--primary)) 22%, transparent);
+}
+.popup-header h4 {
+  flex: 1;
+  font-size: 15px; font-weight: 600;
+  line-height: 1.35; letter-spacing: -.01em;
+  color: var(--text-1);
+  word-break: break-word;
+  padding-top: 1px;
+}
+
+.popup-toolbar {
+  display: flex;
+  gap: 2px;
+  flex-shrink: 0;
+  margin-left: 4px;
+}
+.popup-icon-btn {
+  width: 32px; height: 32px;
+  border-radius: 10px;
+  display: inline-flex; align-items: center; justify-content: center;
+  background: transparent;
+  border: none;
+  cursor: pointer;
+  color: var(--text-3);
+  -webkit-tap-highlight-color: transparent;
+  transition:
+    background var(--transition),
+    color var(--transition),
+    transform .12s ease;
+}
+.popup-icon-btn svg { width: 16px; height: 16px; fill: currentColor; flex-shrink: 0; }
+.popup-icon-btn:hover {
+  background: rgba(66,133,244,.16);
+  background: color-mix(in srgb, var(--primary) 16%, transparent);
+  color: var(--primary);
+}
+.popup-icon-btn-danger:hover {
+  background: rgba(234,67,53,.16);
+  background: color-mix(in srgb, var(--accent) 16%, transparent);
+  color: var(--accent);
+}
+.popup-icon-btn-close:hover {
+  background: var(--bg-hover);
+  color: var(--text-1);
+}
+.popup-icon-btn:active { transform: scale(.88); }
+
+.popup-body { padding: 12px 16px 14px; display: flex; flex-direction: column; gap: 9px; }
+.popup-row { display: flex; align-items: flex-start; gap: 10px; font-size: 13px; line-height: 1.45; color: var(--text-2); }
+.popup-row-icon { width: 16px; height: 16px; flex-shrink: 0; margin-top: 1px; fill: var(--text-3); }
+#popup-time { color: var(--text-1); font-weight: 500; }
+.popup-row-desc { color: var(--text-1); }
+.popup-row-desc span { white-space: pre-wrap; }
+#popup-creator { font-style: italic; }
+
 .popup-copy-menu {
-  border-top: 1px solid var(--border);
-  padding: 4px 0;
+  border-top: 1px solid color-mix(in srgb, var(--border) 70%, transparent);
+  padding: 6px;
 }
 .popup-copy-label {
   font-size: 11px; font-weight: 600; text-transform: uppercase;
   letter-spacing: .5px; color: var(--text-3);
-  padding: 4px 14px 6px;
+  padding: 4px 10px 6px;
 }
 .popup-copy-item {
   display: flex; align-items: center; gap: 9px;
-  padding: 7px 14px; cursor: pointer; font-size: 13px; color: var(--text-1);
+  padding: 8px 10px; cursor: pointer; font-size: 13px; color: var(--text-1);
+  border-radius: 10px;
+  transition: background var(--transition);
 }
 .popup-copy-item:hover { background: var(--bg-hover); }
 .popup-copy-dot { width: 10px; height: 10px; border-radius: 50%; flex-shrink: 0; }
 .popup-copy-edit-toggle {
   display: flex; align-items: center; gap: 8px;
-  padding: 6px 14px 8px;
+  padding: 6px 10px 8px;
   font-size: 12px; color: var(--text-2);
   cursor: pointer;
-  border-bottom: 1px solid var(--border);
+  border-bottom: 1px solid color-mix(in srgb, var(--border) 70%, transparent);
   margin-bottom: 4px;
 }
 .popup-copy-edit-toggle input[type="checkbox"] { margin: 0; cursor: pointer; }
@@ -1557,15 +1727,12 @@ a { color: var(--primary); text-decoration: none; }
   .topbar-left { gap: 0; }
   .topbar-right { gap: 0; }
 
-  /* Event-Popup: Buttons kompakt halten, kein 44px-Override ───── */
-  .event-popup .icon-btn {
-    min-width: 32px !important;
-    min-height: 32px !important;
-    width: 32px;
-    height: 32px;
-  }
-  .event-popup .popup-header { gap: 2px; padding: 10px 12px; }
-  .event-popup { width: min(92vw, 340px); max-width: 92vw; }
+  /* Event-Popup auf Mobile: an Viewport-Breite anpassen */
+  .event-popup { width: min(94vw, 360px); max-width: 94vw; }
+  .popup-header { padding: 12px 8px 11px 16px; }
+  .popup-header h4 { font-size: 14.5px; }
+  .popup-icon-btn { width: 36px; height: 36px; }
+  .popup-icon-btn svg { width: 17px; height: 17px; }
 
   /* Monatsansicht: Startzeit ausblenden — nur Titel anzeigen ──── */
   .month-event-time { display: none; }
@@ -1627,3 +1794,180 @@ a { color: var(--primary); text-decoration: none; }
   }
 }
 
+
+/* ── Collaboration: sharing badges & user picker ───────────── */
+.cal-badge {
+  display: inline-block;
+  font-size: 11px;
+  padding: 2px 8px;
+  border-radius: 999px;
+  background: var(--bg-surface);
+  color: var(--text-2);
+  border: 1px solid var(--border);
+  white-space: nowrap;
+}
+.cal-badge-shared {
+  background: rgba(66, 133, 244, 0.15);
+  color: var(--primary);
+  border-color: transparent;
+}
+.share-user-picker {
+  margin-top: 8px;
+  max-height: 220px;
+  overflow-y: auto;
+  border: 1px solid var(--border);
+  border-radius: 10px;
+}
+.share-user-item {
+  padding: 10px 14px;
+  cursor: pointer;
+  border-bottom: 1px solid var(--border);
+}
+.share-user-item:last-child { border-bottom: none; }
+.share-user-item:hover { background: var(--bg-surface); }
+/* .popup-creator styling moved into the .popup-row / #popup-creator rules above. */
+
+/* ── Groups ─────────────────────────────────────────────────── */
+.group-view-banner {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  padding: 8px 16px;
+  background: var(--bg-surface); /* fallback for browsers without color-mix */
+  background: color-mix(in srgb, var(--accent) 15%, var(--bg-app));
+  border-bottom: 1px solid var(--accent);
+  font-size: 14px;
+  color: var(--text-1);
+}
+/* Group-member rows in the sidebar (colour dot = per-user colour, checkbox =
+   show/hide). Reuse the calendar-list item styling. */
+.gm-row .gm-dot { cursor: pointer; }
+
+.group-item-active {
+  background: var(--bg-surface);
+  background: color-mix(in srgb, var(--accent) 18%, transparent);
+  border-radius: 8px;
+}
+.group-item .cal-item-name { cursor: pointer; flex: 1; }
+.cal-list-empty {
+  padding: 6px 4px;
+  font-size: 13px;
+  color: var(--text-3);
+}
+
+/* Group member picker rows — checkbox left, name left, one per line. */
+.group-member-item {
+  display: flex;
+  align-items: center;
+  justify-content: flex-start;
+  gap: 10px;
+  padding: 10px 14px;
+  cursor: pointer;
+  border-bottom: 1px solid var(--border);
+  text-align: left;
+  text-transform: none;
+}
+.group-member-item:last-child { border-bottom: none; }
+.group-member-item:hover { background: var(--bg-surface); }
+.group-member-item input[type="checkbox"] { flex: 0 0 auto; margin: 0; }
+.group-member-name { flex: 1 1 auto; color: var(--text-1); }
+
+/* Calendar radio list (group-visible selection in settings). */
+.cal-radio-list {
+  border: 1px solid var(--border);
+  border-radius: 10px;
+  overflow: hidden;
+}
+.cal-radio-item {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 10px 14px;
+  cursor: pointer;
+  border-bottom: 1px solid var(--border);
+}
+.cal-radio-item:last-child { border-bottom: none; }
+.cal-radio-item:hover { background: var(--bg-surface); }
+.cal-radio-item .cal-item-dot { border-radius: 50%; flex: 0 0 auto; }
+
+/* Picker rows (group-visible calendar radio + group member checkboxes).
+   Deliberately NOT <label> elements, so the global ".form-group label"
+   uppercase/grey styling never applies. */
+.cal-radio-list,
+#group-member-picker {
+  border: 1px solid var(--border);
+  border-radius: 10px;
+  overflow: hidden;
+  max-height: 260px;
+  overflow-y: auto;
+}
+.pick-row {
+  display: flex;
+  align-items: center;
+  justify-content: flex-start;
+  gap: 10px;
+  padding: 10px 14px;
+  cursor: pointer;
+  border-bottom: 1px solid var(--border);
+  text-align: left;
+  text-transform: none;
+  letter-spacing: normal;
+  font-size: 14px;
+  color: var(--text-1);
+}
+.pick-row:last-child { border-bottom: none; }
+.pick-row:hover { background: var(--bg-surface); }
+.pick-row-sel { box-shadow: inset 3px 0 0 var(--accent); }
+.pick-mark {
+  flex: 0 0 auto;
+  width: 18px; height: 18px;
+  border: 2px solid var(--text-3);
+  display: inline-flex; align-items: center; justify-content: center;
+  font-size: 12px; line-height: 1; color: #fff;
+}
+.pick-check { border-radius: 4px; }
+.pick-radio { border-radius: 50%; }
+.pick-mark.on { background: var(--accent); border-color: var(--accent); }
+.pick-dot { flex: 0 0 auto; width: 12px; height: 12px; border-radius: 50%; }
+.pick-dot-empty { background: transparent; }
+.pick-name { flex: 1 1 auto; text-align: left; }
+
+/* Flat calendar list: inline source label + drag handle. */
+.cal-source {
+  margin-left: auto;
+  font-size: 11px;
+  color: var(--text-3);
+  white-space: nowrap;
+  max-width: 45%;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  padding-left: 8px;
+}
+.cal-drag-handle {
+  flex: 0 0 auto;
+  cursor: grab;
+  color: var(--text-3);
+  font-size: 14px;
+  user-select: none;
+}
+.cal-item.cal-dragging { opacity: .5; }
+
+/* Group emoji + icon picker */
+.group-emoji { flex: 0 0 auto; font-size: 16px; cursor: pointer; line-height: 1; }
+.cal-shared-flag { flex: 0 0 auto; font-size: 12px; opacity: .8; }
+.group-icon-picker { display: flex; flex-wrap: wrap; gap: 6px; }
+.group-icon-opt {
+  width: 38px; height: 38px;
+  display: inline-flex; align-items: center; justify-content: center;
+  font-size: 18px; line-height: 1;
+  background: var(--bg-app);
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  cursor: pointer;
+}
+.group-icon-opt { color: var(--text-1); }
+.group-icon-opt:hover { background: var(--bg-surface); }
+.group-icon-opt.on { border-color: var(--accent); box-shadow: 0 0 0 1px var(--accent) inset; color: var(--accent); }
+/* SVG group icons render as block so they centre cleanly (vs emoji baseline). */
+.group-emoji svg, .cal-shared-flag svg, .group-icon-opt svg { display: block; }
diff --git a/frontend/index.html b/frontend/index.html
index 8197413..49f0b92 100644
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -1,10 +1,10 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
 <html lang="de">
 <head>
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no, viewport-fit=cover" />
-  <!-- APP_VERSION: update here + version.js on every release -->
-  <title>Calendarr v11</title>
+  <!-- Title wird beim Laden aus version.js dynamisch gesetzt -->
+  <title>Calendarr</title>
   <link rel="icon" type="image/svg+xml" href="/static/favicon.svg" />
   <link rel="manifest" href="/manifest.json" />
   <meta name="theme-color" content="#4285f4" />
@@ -80,7 +80,7 @@
       <button type="submit" class="btn btn-primary btn-full">Anmelden</button>
     </form>
   </div>
-  <button class="impressum-link" onclick="openImpressum()">©&nbsp;2026&nbsp;Scarriffleservices&nbsp;·&nbsp;v11</button>
+  <button class="impressum-link" onclick="openImpressum()">©&nbsp;2026&nbsp;Scarriffleservices&nbsp;·&nbsp;v18</button>
 </div>
 
 <!-- ─── MAIN APP ──────────────────────────────────────────── -->
@@ -179,13 +179,21 @@
           <div class="mini-cal-days" id="mini-days"></div>
         </div>
 
+        <!-- Group members (shown only in the group overlay; hide/show people) -->
+        <div class="cal-list hidden" id="group-members">
+          <div class="cal-list-header">
+            <span data-i18n="group_members">Mitglieder</span>
+          </div>
+          <div id="group-members-items"></div>
+        </div>
+
         <!-- Calendar List -->
         <div class="cal-list" id="cal-list">
           <div class="cal-list-header">
             <span data-i18n="my_calendars">Meine Kalender</span>
             <div class="add-cal-dropdown-wrap">
               <button class="icon-btn mini-btn" id="btn-add-cal" title="Kalender hinzufügen">
-                <svg viewBox="0 0 24 24" fill="currentColor"><path d="M19 13h-6v11h-2v-6H5v-2h6V5h2v11h6v2z"/></svg>
+                <svg viewBox="0 0 24 24" fill="currentColor"><path d="M19 13h-6v6h-2v-6H5v-2h6V5h2v6h6v2z"/></svg>
               </button>
               <div class="add-cal-dropdown hidden" id="add-cal-dropdown">
                 <button data-action="local">Lokaler Kalender</button>
@@ -198,13 +206,30 @@
           </div>
           <div id="cal-list-items"></div>
         </div>
+
+        <!-- Groups -->
+        <div class="cal-list" id="group-list">
+          <div class="cal-list-header">
+            <span data-i18n="groups_title">Gruppen</span>
+            <button class="icon-btn mini-btn" id="btn-add-group" data-i18n-title="group_create" title="Gruppe erstellen">
+              <svg viewBox="0 0 24 24" fill="currentColor"><path d="M19 13h-6v6h-2v-6H5v-2h6V5h2v6h6v2z"/></svg>
+            </button>
+          </div>
+          <div id="group-list-items"></div>
+        </div>
       </div>
-      <button class="sidebar-copyright" onclick="openImpressum()">©&nbsp;2026&nbsp;Scarriffleservices&nbsp;·&nbsp;v11</button>
+      <button class="sidebar-copyright" id="sidebar-copyright" onclick="openImpressum()">©&nbsp;2026&nbsp;Scarriffleservices</button>
     </aside>
     <div id="sidebar-backdrop" class="sidebar-backdrop"></div>
 
     <!-- MAIN VIEW -->
     <main class="main-view" id="main-view">
+      <div id="group-view-banner" class="group-view-banner hidden">
+        <span id="group-view-label"></span>
+        <div style="flex:1"></div>
+        <button class="btn btn-primary btn-sm" id="group-view-new-event" data-i18n="group_new_event">+ Gruppentermin</button>
+        <button class="btn btn-ghost btn-sm" id="group-view-exit" data-i18n="group_exit">Gruppenansicht verlassen</button>
+      </div>
       <div id="view-container"></div>
     </main>
 
@@ -235,7 +260,7 @@
           <input type="hidden" id="ev-start" />
           <div class="dt-display" id="ev-start-display" tabindex="0" role="button">
             <span class="dt-display-text">—</span>
-            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v11H7z"/></svg>
+            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v17H7z"/></svg>
           </div>
         </div>
         <div class="form-group half">
@@ -243,7 +268,7 @@
           <input type="hidden" id="ev-end" />
           <div class="dt-display" id="ev-end-display" tabindex="0" role="button">
             <span class="dt-display-text">—</span>
-            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v11H7z"/></svg>
+            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v17H7z"/></svg>
           </div>
         </div>
       </div>
@@ -253,7 +278,7 @@
           <input type="hidden" id="ev-start-date" />
           <div class="dt-display" id="ev-start-date-display" tabindex="0" role="button">
             <span class="dt-display-text">—</span>
-            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v11H7z"/></svg>
+            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v17H7z"/></svg>
           </div>
         </div>
         <div class="form-group half">
@@ -261,7 +286,7 @@
           <input type="hidden" id="ev-end-date" />
           <div class="dt-display" id="ev-end-date-display" tabindex="0" role="button">
             <span class="dt-display-text">—</span>
-            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v11H7z"/></svg>
+            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v17H7z"/></svg>
           </div>
         </div>
       </div>
@@ -311,7 +336,7 @@
           <input type="hidden" id="ev-rec-until" />
           <div class="dt-display" id="ev-rec-until-display" tabindex="0" role="button">
             <span class="dt-display-text">—</span>
-            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v11H7z"/></svg>
+            <svg class="dt-display-icon" viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M19 3h-1V1h-2v2H8V1H6v2H5c-1.1 0-2 .9-2 2v24a2 2 0 002 2h14a2 2 0 002-2V5c0-1.1-.9-2-2-2zm0 16H5V8h14v21zM7 10h5v17H7z"/></svg>
           </div>
         </div>
       </div>
@@ -319,6 +344,11 @@
         <label>Kalender</label>
         <select id="ev-calendar"></select>
       </div>
+      <div class="form-row" id="ev-private-row" style="display:none">
+        <label class="toggle-label">
+          <input type="checkbox" id="ev-private" /> <span data-i18n="event_private">Privat</span>
+        </label>
+      </div>
       <div class="form-group">
         <label>Ort</label>
         <input type="text" id="ev-location" placeholder="Ort hinzufügen" />
@@ -344,6 +374,68 @@
   </div>
 </div>
 
+<!-- Create Group Modal -->
+<div id="modal-group" class="modal-overlay hidden">
+  <div class="modal-card" style="max-width:480px">
+    <div class="modal-header">
+      <h3 id="group-modal-title" data-i18n="group_create">Gruppe erstellen</h3>
+      <button class="icon-btn modal-close" data-modal="modal-group">&times;</button>
+    </div>
+    <div class="modal-body">
+      <div class="form-group">
+        <label data-i18n="group_name">Name</label>
+        <input type="text" id="group-name" data-i18n-placeholder="group_name_ph" placeholder="Gruppenname" />
+      </div>
+      <div class="form-group">
+        <label data-i18n="group_icon">Icon</label>
+        <div id="group-icon-picker" class="group-icon-picker"></div>
+      </div>
+      <div class="form-group">
+        <label data-i18n="group_members">Mitglieder</label>
+        <div id="group-member-picker" class="share-user-picker"></div>
+      </div>
+      <div class="form-group" id="group-colors-group" style="display:none">
+        <label data-i18n="group_member_colors">Farben der Mitglieder</label>
+        <div id="group-member-colors"></div>
+      </div>
+    </div>
+    <div class="modal-footer">
+      <button class="btn btn-danger hidden" id="group-delete" data-i18n="group_delete">Gruppe löschen</button>
+      <div style="flex:1"></div>
+      <button class="btn btn-ghost" data-modal="modal-group" data-i18n="cancel">Abbrechen</button>
+      <button class="btn btn-primary" id="group-save" data-i18n="save">Speichern</button>
+    </div>
+  </div>
+</div>
+
+<!-- Share Calendar Modal -->
+<div id="modal-share" class="modal-overlay hidden">
+  <div class="modal-card" style="max-width:480px">
+    <div class="modal-header">
+      <h3 data-i18n="share_title">Kalender teilen</h3>
+      <button class="icon-btn modal-close" data-modal="modal-share">&times;</button>
+    </div>
+    <div class="modal-body">
+      <h4 class="panel-title" data-i18n="share_current">Aktuelle Freigaben</h4>
+      <div id="share-current-list" class="accounts-list"></div>
+
+      <h4 class="panel-title" style="margin-top:20px" data-i18n="share_add">Benutzer hinzufügen</h4>
+      <div class="form-row" style="gap:8px;align-items:center">
+        <input type="text" id="share-user-search" data-i18n-placeholder="share_search" placeholder="Benutzer suchen…" style="flex:1" />
+        <select id="share-permission">
+          <option value="read" data-i18n="perm_read">Nur lesen</option>
+          <option value="read_write" data-i18n="perm_read_write">Lesen &amp; schreiben</option>
+        </select>
+      </div>
+      <div id="share-user-picker" class="share-user-picker"></div>
+    </div>
+    <div class="modal-footer">
+      <div style="flex:1"></div>
+      <button class="btn btn-primary" data-modal="modal-share" data-i18n="done">Fertig</button>
+    </div>
+  </div>
+</div>
+
 <!-- Delete Confirm Modal -->
 <div id="modal-delete-confirm" class="modal-overlay hidden">
   <div class="modal-card" style="max-width:400px">
@@ -375,22 +467,42 @@
   <div class="popup-header">
     <div class="popup-color-dot" id="popup-color-dot"></div>
     <h4 id="popup-title"></h4>
-    <button class="icon-btn popup-action" id="popup-edit" title="Bearbeiten">
-      <svg viewBox="0 0 24 24" fill="currentColor"><path d="M3 17.25V21h3.75L17.81 9.94l-3.75-3.75L3 17.25zM20.71 7.04c.39-.39.39-1.02 0-1.41l-2.34-2.34c-.39-.39-1.02-.39-1.41 0l-1.83 1.83 3.75 3.75 1.83-1.83z"/></svg>
-    </button>
-    <button class="icon-btn popup-action" id="popup-copy" title="Kopieren nach…">
-      <svg viewBox="0 0 24 24" fill="currentColor"><path d="M16 1H4c-1.1 0-2 .9-2 2v24h2V3h12V1zm3 4H8c-1.1 0-2 .9-2 2v24c0 1.1.9 2 2 2h11c1.1 0 2-.9 2-2V7c0-1.1-.9-2-2-2zm0 16H8V7h11v24z"/></svg>
-    </button>
-    <button class="icon-btn popup-action" id="popup-delete" title="Löschen">
-      <svg viewBox="0 0 24 24" fill="currentColor"><path d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v22zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"/></svg>
-    </button>
-    <button class="icon-btn popup-close" id="popup-close">&times;</button>
+    <div class="popup-toolbar">
+      <button class="popup-icon-btn" id="popup-edit" title="Bearbeiten" aria-label="Bearbeiten">
+        <svg width="15" height="15" viewBox="0 0 24 24" fill="currentColor"><path d="M3 17.25V21h3.75L17.81 9.94l-3.75-3.75L3 17.25zM20.71 7.04c.39-.39.39-1.02 0-1.41l-2.34-2.34c-.39-.39-1.02-.39-1.41 0l-1.83 1.83 3.75 3.75 1.83-1.83z"/></svg>
+      </button>
+      <button class="popup-icon-btn" id="popup-copy" title="Kopieren" aria-label="Kopieren">
+        <svg width="15" height="15" viewBox="0 0 24 24" fill="currentColor"><path d="M16 1H4c-1.1 0-2 .9-2 2v14h2V3h12V1zm3 4H8c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h11c1.1 0 2-.9 2-2V7c0-1.1-.9-2-2-2zm0 16H8V7h11v14z"/></svg>
+      </button>
+      <button class="popup-icon-btn popup-icon-btn-danger" id="popup-delete" title="Löschen" aria-label="Löschen">
+        <svg width="15" height="15" viewBox="0 0 24 24" fill="currentColor"><path d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"/></svg>
+      </button>
+      <button class="popup-icon-btn popup-icon-btn-close" id="popup-close" title="Schließen" aria-label="Schließen">
+        <svg width="15" height="15" viewBox="0 0 24 24" fill="currentColor"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
+      </button>
+    </div>
   </div>
   <div class="popup-body">
-    <div class="popup-time" id="popup-time"></div>
-    <div class="popup-location" id="popup-location"></div>
-    <div class="popup-description" id="popup-description"></div>
-    <div class="popup-calendar" id="popup-calendar"></div>
+    <div class="popup-row" id="popup-row-time">
+      <svg class="popup-row-icon" viewBox="0 0 24 24"><path d="M12 2a10 10 0 100 20 10 10 0 000-20zm0 18a8 8 0 110-16 8 8 0 010 16zm.5-13H11v6l5.25 3.15.75-1.23-4.5-2.67V7z"/></svg>
+      <span id="popup-time"></span>
+    </div>
+    <div class="popup-row" id="popup-row-location" style="display:none">
+      <svg class="popup-row-icon" viewBox="0 0 24 24"><path d="M12 2C8.13 2 5 5.13 5 9c0 5.25 7 13 7 13s7-7.75 7-13c0-3.87-3.13-7-7-7zm0 9.5A2.5 2.5 0 1112 6.5a2.5 2.5 0 010 5z"/></svg>
+      <span id="popup-location"></span>
+    </div>
+    <div class="popup-row popup-row-desc" id="popup-row-description" style="display:none">
+      <svg class="popup-row-icon" viewBox="0 0 24 24"><path d="M3 5h18v2H3V5zm0 6h18v2H3v-2zm0 6h12v2H3v-2z"/></svg>
+      <span id="popup-description"></span>
+    </div>
+    <div class="popup-row" id="popup-row-calendar">
+      <svg class="popup-row-icon" viewBox="0 0 24 24"><path d="M19 4h-1V2h-2v2H8V2H6v2H5a2 2 0 00-2 2v14a2 2 0 002 2h14a2 2 0 002-2V6a2 2 0 00-2-2zm0 16H5V10h14v10zm0-12H5V6h14v2z"/></svg>
+      <span id="popup-calendar"></span>
+    </div>
+    <div class="popup-row" id="popup-row-creator" style="display:none">
+      <svg class="popup-row-icon" viewBox="0 0 24 24"><path d="M12 12a5 5 0 100-10 5 5 0 000 10zm0 2c-5.33 0-8 2.67-8 6v2h16v-2c0-3.33-2.67-6-8-6z"/></svg>
+      <span id="popup-creator"></span>
+    </div>
   </div>
   <div id="popup-copy-menu" class="popup-copy-menu hidden"></div>
 </div>
@@ -563,15 +675,53 @@
     <div class="settings-page-body">
       <div class="settings-nav-backdrop" id="settings-nav-backdrop"></div>
       <nav class="settings-nav">
-        <button class="settings-nav-btn active" data-panel="general" data-i18n="settings_nav_appearance">Darstellung</button>
-        <button class="settings-nav-btn" data-panel="accounts" data-i18n="settings_nav_accounts">Konten</button>
+        <button class="settings-nav-btn active" data-panel="profile" data-i18n="settings_nav_profile">Profil</button>
+        <button class="settings-nav-btn" data-panel="general" data-i18n="settings_nav_appearance">Darstellung</button>
+        <button class="settings-nav-btn" data-panel="view" data-i18n="settings_nav_view">Ansicht</button>
+        <button class="settings-nav-btn" data-panel="accounts" data-i18n="settings_nav_calendars">Kalender</button>
         <button class="settings-nav-btn hidden" data-panel="users" id="settings-nav-users" data-i18n="settings_nav_users">Benutzerverwaltung</button>
       </nav>
 
       <div class="settings-panels">
 
-        <!-- Einstellungen (merged: Darstellung + Ansicht & Raster + Ausgeblendete Kalender) -->
-        <div class="settings-panel active" id="settings-panel-general">
+        <!-- Profil: Name, Privatsphäre, geteilter Kalender -->
+        <div class="settings-panel active" id="settings-panel-profile">
+          <h4 class="panel-title" data-i18n="profile_account">Konto</h4>
+          <div class="form-group">
+            <label data-i18n="profile_display_name">Anzeigename</label>
+            <input type="text" id="cfg-display-name" data-i18n-placeholder="profile_display_name_ph" placeholder="Anzeigename" />
+          </div>
+          <div class="form-group">
+            <label data-i18n="profile_login_name">Login-Name</label>
+            <input type="text" id="cfg-login-name" spellcheck="false" autocapitalize="none" />
+            <p class="panel-desc" data-i18n="profile_login_name_desc">Klein geschrieben, fürs Anmelden. Groß-/Kleinschreibung egal.</p>
+          </div>
+          <div class="form-group">
+            <label>E-Mail</label>
+            <input type="email" id="cfg-email" placeholder="Keine E-Mail hinterlegt" />
+          </div>
+          <button class="btn btn-primary btn-sm" id="cfg-profile-save" data-i18n="save">Speichern</button>
+
+          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_privacy">Privatsphäre</h4>
+          <p class="panel-desc" data-i18n="settings_private_visibility_desc">Wie private Termine für andere Gruppenmitglieder erscheinen</p>
+          <div class="form-group">
+            <label data-i18n="settings_private_visibility">Private Termine für Gruppenmitglieder</label>
+            <select id="cfg-private-visibility">
+              <option value="busy" data-i18n="private_visibility_busy">Als „Beschäftigt“ anzeigen</option>
+              <option value="hidden" data-i18n="private_visibility_hidden">Ausblenden</option>
+            </select>
+          </div>
+
+          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_calendars">Geteilter Kalender</h4>
+          <p class="panel-desc" data-i18n="settings_group_visible_desc">Wähle, welcher deiner Kalender für deine Gruppenmitglieder sichtbar ist</p>
+          <div class="form-group">
+            <label data-i18n="settings_group_visible">Für Gruppen sichtbarer Kalender</label>
+            <div id="cfg-group-visible-list" class="cal-radio-list"></div>
+          </div>
+        </div>
+
+        <!-- Darstellung: Sprache, Farben, Stundenhöhe -->
+        <div class="settings-panel" id="settings-panel-general">
 
           <h4 class="panel-title" data-i18n="settings_language">Sprache</h4>
           <div class="form-group">
@@ -618,25 +768,44 @@
             </div>
           </div>
 
-          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_text_contrast">Schriftkontrast</h4>
-          <p class="panel-desc" data-i18n="settings_text_contrast_desc">Helligkeit der Beschriftungen und Texte</p>
-          <div class="contrast-selector" id="cfg-text-contrast" data-setting="text_contrast">
-            <button class="contrast-btn" data-val="1"><span style="color:#606070">Aa</span><span class="contrast-lbl" data-i18n="contrast_dark">Dunkel</span></button>
-            <button class="contrast-btn" data-val="2"><span style="color:#9090a8">Aa</span><span class="contrast-lbl" data-i18n="contrast_medium">Mittel</span></button>
-            <button class="contrast-btn" data-val="3"><span style="color:#c8c8d8">Aa</span><span class="contrast-lbl" data-i18n="contrast_light">Hell</span></button>
-            <button class="contrast-btn" data-val="4"><span style="color:#ffffff">Aa</span><span class="contrast-lbl" data-i18n="contrast_max">Maximum</span></button>
+          <div class="form-group">
+            <label data-i18n="settings_text_color">Schriftfarbe</label>
+            <div class="ev-color-row">
+              <input type="text" id="cfg-text-color-hex" class="ev-color-hex" maxlength="7" spellcheck="false" placeholder="auto" />
+              <div class="ev-color-preview" id="cfg-text-color-preview" data-i18n-title="color_pick" title="Farbe wählen"></div>
+              <button type="button" class="btn btn-ghost btn-sm" id="cfg-text-color-reset" data-i18n="reset" title="Zurücksetzen">Reset</button>
+            </div>
+          </div>
+          <div class="form-group">
+            <label data-i18n="settings_line_color">Linienfarbe</label>
+            <div class="ev-color-row">
+              <input type="text" id="cfg-line-color-hex" class="ev-color-hex" maxlength="7" spellcheck="false" placeholder="auto" />
+              <div class="ev-color-preview" id="cfg-line-color-preview" data-i18n-title="color_pick" title="Farbe wählen"></div>
+              <button type="button" class="btn btn-ghost btn-sm" id="cfg-line-color-reset" data-i18n="reset" title="Zurücksetzen">Reset</button>
+            </div>
+          </div>
+          <div class="form-group">
+            <label data-i18n="settings_bg_color">Hintergrundfarbe</label>
+            <div class="ev-color-row">
+              <input type="text" id="cfg-bg-color-hex" class="ev-color-hex" maxlength="7" spellcheck="false" placeholder="auto" />
+              <div class="ev-color-preview" id="cfg-bg-color-preview" data-i18n-title="color_pick" title="Farbe wählen"></div>
+              <button type="button" class="btn btn-ghost btn-sm" id="cfg-bg-color-reset" data-i18n="reset" title="Zurücksetzen">Reset</button>
+            </div>
           </div>
 
-          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_line_contrast">Linienkontrast</h4>
-          <p class="panel-desc" data-i18n="settings_line_contrast_desc">Sichtbarkeit von Trennlinien und Rahmen</p>
-          <div class="contrast-selector" id="cfg-line-contrast" data-setting="line_contrast">
-            <button class="contrast-btn" data-val="1"><span class="line-preview" style="border-color:#1e1e2c"></span><span class="contrast-lbl" data-i18n="line_barely">Kaum</span></button>
-            <button class="contrast-btn" data-val="2"><span class="line-preview" style="border-color:#2a2a3c"></span><span class="contrast-lbl" data-i18n="line_subtle">Subtil</span></button>
-            <button class="contrast-btn" data-val="3"><span class="line-preview" style="border-color:#3a3a52"></span><span class="contrast-lbl" data-i18n="line_normal">Normal</span></button>
-            <button class="contrast-btn" data-val="4"><span class="line-preview" style="border-color:#5a5a78"></span><span class="contrast-lbl" data-i18n="line_strong">Stark</span></button>
+          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_hour_height">Stundenhöhe (Wochen- &amp; Tagesansicht)</h4>
+          <p class="panel-desc" data-i18n="settings_hour_height_desc">Wie viel Platz eine Stunde in der Zeitrasteransicht einnimmt</p>
+          <div class="contrast-selector" id="cfg-hour-height" data-setting="hour_height">
+            <button class="contrast-btn" data-val="28"><span class="hour-preview">━━</span><span class="contrast-lbl" data-i18n="hour_compact">Kompakt</span></button>
+            <button class="contrast-btn" data-val="44"><span class="hour-preview">━━━</span><span class="contrast-lbl" data-i18n="hour_normal">Normal</span></button>
+            <button class="contrast-btn" data-val="60"><span class="hour-preview">━━━━</span><span class="contrast-lbl" data-i18n="hour_comfort">Komfort</span></button>
+            <button class="contrast-btn" data-val="80"><span class="hour-preview">━━━━━</span><span class="contrast-lbl" data-i18n="hour_large">Gross</span></button>
           </div>
+        </div>
 
-          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_calendar_view">Kalenderansicht</h4>
+        <!-- Ansicht: Standardansicht, Wochenstart, vergangene Termine, ausgeblendete Kalender -->
+        <div class="settings-panel" id="settings-panel-view">
+          <h4 class="panel-title" data-i18n="settings_calendar_view">Kalenderansicht</h4>
           <div class="form-group">
             <label data-i18n="settings_default_view">Standardansicht</label>
             <select id="cfg-default-view">
@@ -661,22 +830,13 @@
             </label>
           </div>
 
-          <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_hour_height">Stundenhöhe (Wochen- &amp; Tagesansicht)</h4>
-          <p class="panel-desc" data-i18n="settings_hour_height_desc">Wie viel Platz eine Stunde in der Zeitrasteransicht einnimmt</p>
-          <div class="contrast-selector" id="cfg-hour-height" data-setting="hour_height">
-            <button class="contrast-btn" data-val="28"><span class="hour-preview">━━</span><span class="contrast-lbl" data-i18n="hour_compact">Kompakt</span></button>
-            <button class="contrast-btn" data-val="44"><span class="hour-preview">━━━</span><span class="contrast-lbl" data-i18n="hour_normal">Normal</span></button>
-            <button class="contrast-btn" data-val="60"><span class="hour-preview">━━━━</span><span class="contrast-lbl" data-i18n="hour_comfort">Komfort</span></button>
-            <button class="contrast-btn" data-val="80"><span class="hour-preview">━━━━━</span><span class="contrast-lbl" data-i18n="hour_large">Gross</span></button>
-          </div>
-
           <h4 class="panel-title" style="margin-top:24px" data-i18n="settings_hidden_cals">Ausgeblendete Kalender</h4>
           <div id="hidden-cals-list"><span style="font-size:13px;color:var(--text-3)" data-i18n="settings_no_hidden_cals">Keine ausgeblendeten Kalender</span></div>
         </div>
 
         <!-- Konten (CalDAV, Lokal, iCal, Google) -->
         <div class="settings-panel" id="settings-panel-accounts">
-          <h4 class="panel-title" data-i18n="settings_nav_accounts">Konten</h4>
+          <h4 class="panel-title" data-i18n="settings_nav_calendars">Kalender</h4>
 
           <div class="accounts-section">
             <div class="accounts-section-heading" data-i18n="settings_accounts_caldav">CalDAV-Konten</div>
@@ -755,16 +915,21 @@
 
       <!-- Account Info -->
       <div class="settings-section">
-        <h4>Konto</h4>
+        <h4 data-i18n="profile_account">Konto</h4>
         <div class="form-group">
-          <label>Benutzername</label>
-          <input type="text" id="profile-username" disabled class="input-disabled" />
+          <label data-i18n="profile_display_name">Anzeigename</label>
+          <input type="text" id="profile-display-name-input" data-i18n-placeholder="profile_display_name_ph" placeholder="Anzeigename" />
+        </div>
+        <div class="form-group">
+          <label data-i18n="profile_login_name">Login-Name</label>
+          <input type="text" id="profile-username" spellcheck="false" autocapitalize="none" />
+          <p class="panel-desc" data-i18n="profile_login_name_desc">Klein geschrieben, fürs Anmelden. Groß-/Kleinschreibung egal.</p>
         </div>
         <div class="form-group">
           <label>E-Mail</label>
           <input type="email" id="profile-email" placeholder="Keine E-Mail hinterlegt" />
         </div>
-        <button class="btn btn-primary btn-sm" id="profile-save-info">Speichern</button>
+        <button class="btn btn-primary btn-sm" id="profile-save-info" data-i18n="save">Speichern</button>
       </div>
 
       <!-- Password -->
@@ -884,7 +1049,7 @@
       <a href="mailto:scarriffleservices@gmail.com">scarriffleservices@gmail.com</a></p>
     </div>
     <div class="modal-footer" style="justify-content:space-between;align-items:center">
-      <span style="font-size:12px;color:var(--text-3)">Calendarr v11</span>
+      <span id="impressum-version" style="font-size:12px;color:var(--text-3)">Calendarr</span>
       <button class="btn btn-ghost" onclick="closeImpressum()">Schliessen</button>
     </div>
   </div>
diff --git a/frontend/js/api.js b/frontend/js/api.js
index b715277..6c2c1b6 100644
--- a/frontend/js/api.js
+++ b/frontend/js/api.js
@@ -50,19 +50,58 @@ async function uploadRequest(path, formData) {
     return null;
   }
   if (!res.ok) {
-    const err = await res.json().catch(() => ({ detail: t('unknown_error') }));
-    throw new Error(err.detail || `HTTP ${res.status}`);
+    // Upload errors may be non-JSON (e.g. an nginx 413/502 HTML page); fall back
+    // to the HTTP status so the message is diagnostic, not "unknown error".
+    const err = await res.json().catch(() => null);
+    const detail = (err && err.detail)
+      ? err.detail
+      : (res.status === 413 ? t('upload_too_large') : `HTTP ${res.status} ${res.statusText || ''}`.trim());
+    throw new Error(detail);
   }
   if (res.status === 204) return null;
   return res.json();
 }
 
+async function downloadRequest(path, fallbackName) {
+  const token = localStorage.getItem('token');
+  const headers = {};
+  if (token) headers['Authorization'] = `Bearer ${token}`;
+
+  const res = await fetch(`${BASE}${path}`, { method: 'GET', headers });
+  if (res.status === 401) {
+    localStorage.removeItem('token');
+    localStorage.removeItem('user');
+    window.location.reload();
+    return null;
+  }
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ detail: t('unknown_error') }));
+    throw new Error(err.detail || `HTTP ${res.status}`);
+  }
+  // Derive filename from Content-Disposition if present.
+  let filename = fallbackName || 'calendar.ics';
+  const cd = res.headers.get('Content-Disposition') || '';
+  const m = cd.match(/filename="?([^"]+)"?/);
+  if (m) filename = m[1];
+
+  const blob = await res.blob();
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement('a');
+  a.href = url;
+  a.download = filename;
+  document.body.appendChild(a);
+  a.click();
+  a.remove();
+  URL.revokeObjectURL(url);
+}
+
 export const api = {
   get:    (path)        => request('GET',    path),
   post:   (path, body)  => request('POST',   path, body),
   put:    (path, body)  => request('PUT',    path, body),
   delete: (path)        => request('DELETE', path),
   upload: (path, form)  => uploadRequest(path, form),
+  download: (path, name) => downloadRequest(path, name),
 
   login: (username, password, totp_code = null, remember_me = false) =>
     request('POST', '/auth/login', { username, password, totp_code, remember_me }),
diff --git a/frontend/js/app.js b/frontend/js/app.js
index cf2c277..78773f8 100644
--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -60,7 +60,7 @@ async function launchApp() {
 
   // User dropdown menu
   const dropdown = document.getElementById('user-dropdown');
-  document.getElementById('dropdown-username').textContent = user.username || 'Benutzer';
+  document.getElementById('dropdown-username').textContent = user.display_name || user.username || 'Benutzer';
 
   avatar.addEventListener('click', e => {
     e.stopPropagation();
diff --git a/frontend/js/calendar.js b/frontend/js/calendar.js
index 061431e..2a40ee8 100644
--- a/frontend/js/calendar.js
+++ b/frontend/js/calendar.js
@@ -1,5 +1,5 @@
 import { api } from './api.js';
-import { applyTheme, isToday, isSameDay, toLocalDatetimeInput, toDateInput, dateKey, dayOfWeek, weekStart } from './utils.js';
+import { applyTheme, isToday, isSameDay, toLocalDatetimeInput, toDateInput, dateKey, dayOfWeek, weekStart, DEFAULT_TEXT_COLOR, DEFAULT_LINE_COLOR, DEFAULT_BG_COLOR } from './utils.js';
 import { renderMonth }  from './views/month.js';
 import { renderWeek }   from './views/week.js';
 import { renderAgenda } from './views/agenda.js';
@@ -7,6 +7,16 @@ import { renderQuarter } from './views/quarter.js';
 import { openColorPicker } from './color-picker.js';
 import { openDatePicker, formatDtDisplay } from './date-picker.js';
 import { t, setLang, getLang } from './i18n.js';
+import { APP_VERSION } from './version.js';
+
+// Version sofort beim Modul-Load ueberall sichtbar setzen.
+document.title = `Calendarr ${APP_VERSION}`;
+document.addEventListener('DOMContentLoaded', () => {
+  const imp = document.getElementById('impressum-version');
+  if (imp) imp.textContent = `Calendarr ${APP_VERSION}`;
+  const side = document.getElementById('sidebar-copyright');
+  if (side) side.innerHTML = `©&nbsp;2026&nbsp;Scarriffleservices&nbsp;·&nbsp;${APP_VERSION}`;
+});
 
 // Fetch avatar image as blob URL (with auth header)
 function fetchAvatarBlob() {
@@ -38,8 +48,50 @@ let state = {
   dimPast: false,
   editingEvent: null,      // null = new event
   selectedEventColor: '',  // '' = use calendar color
+  groups: [],
+  activeGroupId: null,     // when set, the calendar shows the combined group view
+  activeGroupDetail: null, // full detail (members + colours) of the active group
+  hiddenGroupMembers: new Set(), // member ids / 'gc' hidden in the group overlay
 };
 
+// ── URL state ────────────────────────────────────────────
+// View + Date werden in der URL als #date=YYYY-MM-DD&view=<view> gespiegelt,
+// damit Reload/PWA-restore den letzten Stand wiederherstellen statt auf
+// heute zu springen.
+const VALID_VIEWS = ['month', 'week', 'day', 'quarter', 'agenda'];
+
+function readUrlState() {
+  const hash = window.location.hash.replace(/^#/, '');
+  if (!hash) return {};
+  const params = new URLSearchParams(hash);
+  const out = {};
+  const view = params.get('view');
+  if (view && VALID_VIEWS.includes(view)) out.view = view;
+  const date = params.get('date');
+  if (date && /^\d{4}-\d{2}-\d{2}$/.test(date)) {
+    const d = new Date(date + 'T00:00:00');
+    if (!isNaN(d.getTime())) out.date = d;
+  }
+  out.settings = params.get('settings') === '1';
+  return out;
+}
+
+// Tracks whether the settings modal is open, so a reload returns to settings
+// instead of the calendar view.
+let uiSettingsOpen = false;
+
+function writeUrlState() {
+  const d = state.currentDate;
+  const dateStr = `${d.getFullYear()}-${String(d.getMonth()+1).padStart(2,'0')}-${String(d.getDate()).padStart(2,'0')}`;
+  let newHash = `date=${dateStr}&view=${state.currentView}`;
+  if (uiSettingsOpen) newHash += '&settings=1';
+  if (window.location.hash.replace(/^#/,'') !== newHash) {
+    // replaceState statt pushState: prev/next-Klicks sollen nicht jeden
+    // einzelnen Tag in den Browser-History-Stack drücken
+    window.history.replaceState(null, '', '#' + newHash);
+  }
+}
+
 // ── Public init ───────────────────────────────────────────
 export async function initCalendar() {
   const [settings, accounts, localCalendars, icalSubscriptions, googleAccounts, haAccounts] = await Promise.all([
@@ -61,6 +113,14 @@ export async function initCalendar() {
   state.dimPast = settings.dim_past_events;
   weekStartDay = settings.week_start_day || 'monday';
 
+  // URL state takes precedence over defaults (settings + today)
+  const urlState = readUrlState();
+  if (urlState.date) state.currentDate = urlState.date;
+  if (urlState.view) state.currentView = urlState.view;
+  // Preserve the settings flag through the first writeUrlState() (fired by the
+  // initial fetchAndRender) so a reload reopens settings instead of stripping it.
+  uiSettingsOpen = urlState.settings === true;
+
   setLang(settings.language || 'de');
   applyTheme(settings);
   updateViewButtons();
@@ -76,8 +136,29 @@ export async function initCalendar() {
   bindHAAccountModal();
   bindSettingsModal();
   bindProfileModal();
+  bindGroupUI();
   bindSwipeNavigation();
   handleHAOAuthReturn();
+  loadGroups();
+
+  // Reopen the settings modal after a reload if the URL says we were in it.
+  if (urlState.settings) openSettingsModal();
+
+  // Browser-Back/Forward: URL-Hash → State synchronisieren
+  window.addEventListener('hashchange', () => {
+    const u = readUrlState();
+    let changed = false;
+    if (u.view && u.view !== state.currentView) {
+      state.currentView = u.view;
+      updateViewButtons();
+      changed = true;
+    }
+    if (u.date && !isSameDay(u.date, state.currentDate)) {
+      state.currentDate = u.date;
+      changed = true;
+    }
+    if (changed) fetchAndRender();
+  });
 }
 
 function handleHAOAuthReturn() {
@@ -91,7 +172,7 @@ function handleHAOAuthReturn() {
   };
   if (params.has('ha_connected')) {
     showToast('Home Assistant verbunden');
-    window.history.replaceState({}, '', window.location.pathname);
+    window.history.replaceState({}, '', window.location.pathname + window.location.hash);
     fetchAndRender(true);
     api.get('/homeassistant/accounts').then(accs => {
       state.haAccounts = accs || [];
@@ -101,7 +182,7 @@ function handleHAOAuthReturn() {
   } else if (params.has('ha_error')) {
     const code = params.get('ha_error');
     showToast(errMap[code] || `HA-Anmeldung fehlgeschlagen: ${code}`, true);
-    window.history.replaceState({}, '', window.location.pathname);
+    window.history.replaceState({}, '', window.location.pathname + window.location.hash);
   }
 }
 
@@ -186,9 +267,86 @@ function prefetchIfNeeded(viewStart, viewEnd) {
 }
 
 // ── Data fetching ─────────────────────────────────────────
+function firstName(name) {
+  if (!name) return '';
+  return String(name).trim().split(/\s+/)[0];
+}
+
+// Stable per-owner colour so each member's events read as a group in the
+// combined view (Google-Family style).
+const OWNER_PALETTE = ['#4285f4', '#ea4335', '#34a853', '#fbbc05', '#9c27b0', '#ff7043', '#46bdc6', '#7090c0'];
+function ownerColor(ownerId) {
+  if (ownerId == null) return null;
+  return OWNER_PALETTE[(Number(ownerId) >>> 0) % OWNER_PALETTE.length];
+}
+
+// Per-user (per-device) member-colour overrides for the group overlay, so each
+// viewer can recolour members just for their own view. Kept in localStorage,
+// keyed by group id then member key ("<userId>" or "gc" for the group calendar).
+function loadGroupColors() {
+  try { return JSON.parse(localStorage.getItem('groupMemberColors') || '{}'); } catch (e) { return {}; }
+}
+function groupColorOverride(groupId, key) {
+  return (loadGroupColors()[groupId] || {})[key] || null;
+}
+function setGroupColorOverride(groupId, key, hex) {
+  const all = loadGroupColors();
+  all[groupId] = all[groupId] || {};
+  if (hex) all[groupId][key] = hex; else delete all[groupId][key];
+  try { localStorage.setItem('groupMemberColors', JSON.stringify(all)); } catch (e) { /* ignore */ }
+}
+
 async function fetchAndRender(force = false, silent = false) {
   const { start, end } = getViewRange();
 
+  // ── Combined group view ────────────────────────────────
+  // No client cache here; reload the combined events for the visible range.
+  if (state.activeGroupId) {
+    const fStart = new Date(start.getTime() - CACHE_BUF);
+    const fEnd   = new Date(end.getTime()   + CACHE_BUF);
+    if (!silent) showLoading();
+    try {
+      const resp = await api.get(
+        `/groups/${state.activeGroupId}/combined?start=${fStart.toISOString()}&end=${fEnd.toISOString()}`);
+      const me = JSON.parse(localStorage.getItem('user') || '{}');
+      const evs = (resp.events || []).map(ev => {
+        const ownerId = ev.owner && ev.owner.id;
+        // The server provides the decorated `display_title` (group icon + owner
+        // prefix) so web, iOS and Android render identically; fall back to the
+        // client-side prefix only for older servers.
+        let title = ev.display_title;
+        if (!title) {
+          const ownerName = ev.owner && ev.owner.display_name;
+          const isMine = ownerId != null && me.id != null && ownerId === me.id;
+          if (ev.is_group_event) {
+            const cName = ev.creator && ev.creator.display_name;
+            const cId = ev.creator && ev.creator.id;
+            title = (cName && cId !== me.id) ? `👥 ${firstName(cName)}: ${ev.title}` : `👥 ${ev.title}`;
+          } else if (ownerName && !isMine) {
+            title = `${firstName(ownerName)}: ${ev.title}`;
+          } else {
+            title = ev.title;
+          }
+        }
+        // Colour: this viewer's local override first, else the server-defined
+        // member/group colour, else a palette fallback.
+        const ownerKey = ev.is_group_event ? 'gc' : (ownerId != null ? String(ownerId) : null);
+        const override = ownerKey ? groupColorOverride(state.activeGroupId, ownerKey) : null;
+        const color = override || ev.display_color || ownerColor(ownerId) || ev.color;
+        return { ...ev, title, color };
+      });
+      eventCache.start = null; eventCache.end = null; // invalidate normal cache
+      state.events = evs;
+    } catch (e) {
+      showToast(e.message, true);
+      state.events = [];
+    }
+    renderView();
+    updateTitle();
+    renderMiniCal();
+    return;
+  }
+
   // Cache hit: requested range is fully within what we already have
   if (!force && eventCache.start && eventCache.end &&
       start >= eventCache.start && end <= eventCache.end) {
@@ -196,6 +354,7 @@ async function fetchAndRender(force = false, silent = false) {
     renderView();
     updateTitle();
     renderMiniCal();
+    writeUrlState();
     prefetchIfNeeded(start, end); // extend cache in background if approaching an edge
     return;
   }
@@ -224,6 +383,7 @@ async function fetchAndRender(force = false, silent = false) {
   renderView();
   updateTitle();
   renderMiniCal();
+  writeUrlState();
 }
 
 function getViewRange() {
@@ -317,6 +477,16 @@ function renderView() {
 }
 
 function filterEvents(events) {
+  // Group overlay: hide individual members' calendars / the group calendar
+  // (Outlook-style), filtered client-side by event owner.
+  const hidden = state.hiddenGroupMembers;
+  if (state.activeGroupId && hidden && hidden.size) {
+    return events.filter(ev => {
+      if (ev.is_group_event) return !hidden.has('gc');
+      const oid = ev.owner && ev.owner.id;
+      return oid == null || !hidden.has(oid);
+    });
+  }
   // If dimPast is enabled, events are still shown but CSS handles opacity via .past class
   return events;
 }
@@ -370,7 +540,7 @@ function updateTitle() {
   titleEl.innerHTML =
     `<span class="view-title-main">${main}</span>` +
     (year ? `<span class="view-title-year">${year}</span>` : '');
-  document.title = `Calendarr - ${fullText}`;
+  document.title = `Calendarr ${APP_VERSION} - ${fullText}`;
 }
 
 function updateViewButtons() {
@@ -450,103 +620,147 @@ function renderMiniCal() {
 }
 
 // ── Calendar List ─────────────────────────────────────────
+const CAL_ORDER_KEY = 'cal_order';
+function loadCalOrder() {
+  try { return JSON.parse(localStorage.getItem(CAL_ORDER_KEY) || '[]'); }
+  catch (e) { return []; }
+}
+function saveCalOrder(keys) {
+  localStorage.setItem(CAL_ORDER_KEY, JSON.stringify(keys));
+}
+
+// Drag & drop reordering of the flat calendar list (persisted per device).
+// The dragged row is moved live among its siblings during dragover, so the
+// list visibly "makes space" and you can see where it will land.
+function bindCalDragReorder(container) {
+  // Find the row the cursor is currently above (by vertical midpoint), so we
+  // know before which sibling to insert the dragged row.
+  const rowAfter = (y) => {
+    const rows = [...container.querySelectorAll('.cal-item:not(.cal-dragging)')];
+    return rows.reduce((closest, row) => {
+      const box = row.getBoundingClientRect();
+      const offset = y - box.top - box.height / 2;
+      if (offset < 0 && offset > closest.offset) return { offset, el: row };
+      return closest;
+    }, { offset: Number.NEGATIVE_INFINITY, el: null }).el;
+  };
+
+  container.querySelectorAll('.cal-item').forEach(item => {
+    item.addEventListener('dragstart', e => {
+      // Don't start a drag from interactive children (checkbox, color dot, buttons).
+      if (e.target.closest('input, button, .cal-item-dot')) { e.preventDefault(); return; }
+      e.dataTransfer.effectAllowed = 'move';
+      // Defer the class so the drag image is the full opaque row, then dim it.
+      requestAnimationFrame(() => item.classList.add('cal-dragging'));
+    });
+    item.addEventListener('dragend', () => {
+      item.classList.remove('cal-dragging');
+      // Persist the final DOM order; no full re-render needed.
+      saveCalOrder([...container.querySelectorAll('.cal-item')].map(el => el.dataset.key));
+    });
+  });
+
+  // Live reorder: move the dragged row to the hovered position as the cursor
+  // moves. Bound once on the (stable) container to avoid stacking listeners on
+  // every re-render.
+  if (!container.__dragBound) {
+    container.__dragBound = true;
+    container.addEventListener('dragover', e => {
+      e.preventDefault();
+      const dragging = container.querySelector('.cal-dragging');
+      if (!dragging) return;
+      const after = rowAfter(e.clientY);
+      if (after == null) container.appendChild(dragging);
+      else if (after !== dragging) container.insertBefore(dragging, after);
+    });
+  }
+}
+
 function renderCalendarList() {
   const container = document.getElementById('cal-list-items');
-  let html = '';
+  // Eye-off (hide external calendar) and trash (delete local/ical) icons.
+  const EYE_OFF = `<svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M12 7c2.76 0 5 2.24 5 5 0 .65-.13 1.26-.36 1.83l2.92 2.92c1.51-1.26 2.7-2.89 3.43-4.75-1.73-4.39-6-7.5-11-7.5-1.4 0-2.74.25-3.98.7l2.16 2.16C10.74 7.13 11.35 7 12 7zM2 4.27l2.28 2.28.46.46C3.08 8.3 1.78 10.02 1 12c1.73 4.39 6 7.5 11 7.5 1.55 0 3.03-.3 4.38-.84l.42.42L19.73 22 21 20.73 3.27 3 2 4.27zM7.53 9.8l1.55 1.55c-.05.21-.08.43-.08.65 0 1.66 1.34 3 3 3 .22 0 .44-.03.65-.08l1.55 1.55c-.67.33-1.41.53-2.2.53-2.76 0-5-2.24-5-5 0-.79.2-1.53.53-2.2zm4.31-.78l3.15 3.15.02-.16c0-1.66-1.34-3-3-3l-.17.01z"/></svg>`;
+  const TRASH = `<svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"/></svg>`;
 
-  // ── CalDAV accounts ────────────────────────────────────
-  if (state.accounts.length) {
-    html += state.accounts.map(acc => {
-      const visibleCals = acc.calendars.filter(c => !c.sidebar_hidden);
-      if (!visibleCals.length) return '';
-      return `<div class="cal-account-name">${escHtml(acc.name)}</div>` +
-        visibleCals.map(cal =>
-          `<div class="cal-item" data-cal-id="${cal.id}" data-source="caldav">
-            <input type="checkbox" ${cal.enabled ? 'checked' : ''} data-cal-id="${cal.id}" data-source="caldav" />
-            <div class="cal-item-dot" style="background:${cal.color}" data-cal-id="${cal.id}" data-source="caldav" title="${t('change_color')}"></div>
-            <span class="cal-item-name" data-source="caldav">${escHtml(cal.name)}</span>
-            <button class="icon-btn mini-btn cal-item-remove" data-cal-id="${cal.id}" data-source="caldav" title="${t('hide_cal')}">
-              <svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M12 7c2.76 0 5 2.24 5 5 0 .65-.13 1.26-.36 1.83l2.92 2.92c1.51-1.26 2.7-2.89 3.43-4.75-1.73-4.39-6-7.5-11-7.5-1.4 0-2.74.25-3.98.7l2.16 2.16C10.74 7.13 11.35 7 12 7zM2 4.27l2.28 2.28.46.46C3.08 8.3 1.78 10.02 1 12c1.73 4.39 6 7.5 11 7.5 1.55 0 3.03-.3 4.38-.84l.42.42L19.73 22 21 20.73 3.27 3 2 4.27zM7.53 9.8l1.55 1.55c-.05.21-.08.43-.08.65 0 1.66 1.34 3 3 3 .22 0 .44-.03.65-.08l1.55 1.55c-.67.33-1.41.53-2.2.53-2.76 0-5-2.24-5-5 0-.79.2-1.53.53-2.2zm4.31-.78l3.15 3.15.02-.16c0-1.66-1.34-3-3-3l-.17.01z"/></svg>
-            </button>
-          </div>`
-        ).join('');
-    }).join('');
-  }
+  // Build a single flat list of all calendars. The source/account is shown
+  // inline (small, grey) next to the name and section headers are gone, so the
+  // whole list can be freely reordered via drag & drop.
+  const entries = [];
+  state.accounts.forEach(acc => {
+    (acc.calendars || []).filter(c => !c.sidebar_hidden).forEach(cal => {
+      entries.push({ key: `caldav:${cal.id}`, source: 'caldav', dataId: `data-cal-id="${cal.id}"`,
+        name: cal.name, color: cal.color || '#4285f4', enabled: cal.enabled,
+        sourceLabel: acc.name, remove: { icon: EYE_OFF, title: t('hide_cal') } });
+    });
+  });
+  const groupVisibleId = state.settings && state.settings.group_visible_calendar_id;
+  state.localCalendars.filter(c => c.owned !== false && !c.group).forEach(cal => {
+    entries.push({ key: `local:${cal.id}`, source: 'local', dataId: `data-cal-id="${cal.id}"`,
+      name: cal.name, color: cal.color, enabled: cal.enabled,
+      sourceLabel: t('cal_local'), groupVisible: cal.id === groupVisibleId,
+      remove: { icon: TRASH, title: t('remove_cal') } });
+  });
+  state.localCalendars.filter(c => c.owned === false && !c.group).forEach(cal => {
+    entries.push({ key: `local:${cal.id}`, source: 'local', dataId: `data-cal-id="${cal.id}"`,
+      name: cal.name, color: cal.color, enabled: cal.enabled,
+      sourceLabel: `${t('shared_with_me')} · ${cal.shared_by || ''}`, remove: null });
+  });
+  // Group calendars (owned by the creator or reached via membership) — shown so
+  // they can be toggled/recoloured; marked with the group emoji.
+  state.localCalendars.filter(c => c.group).forEach(cal => {
+    entries.push({ key: `local:${cal.id}`, source: 'local', dataId: `data-cal-id="${cal.id}"`,
+      name: cal.name, color: cal.color, enabled: cal.enabled,
+      sourceLabel: `${t('groups_title')} · ${cal.shared_by || ''}`, isGroupCal: true, remove: null });
+  });
+  state.icalSubscriptions.forEach(sub => {
+    entries.push({ key: `ical:${sub.id}`, source: 'ical', dataId: `data-sub-id="${sub.id}"`,
+      name: sub.name, color: sub.color, enabled: sub.enabled,
+      sourceLabel: t('cal_ical'), remove: { icon: TRASH, title: t('remove_ical_sub') } });
+  });
+  state.googleAccounts.forEach(acc => {
+    (acc.calendars || []).filter(c => !c.sidebar_hidden).forEach(cal => {
+      entries.push({ key: `google:${cal.id}`, source: 'google', dataId: `data-cal-id="${cal.id}"`,
+        name: cal.name, color: cal.color || '#4285f4', enabled: cal.enabled,
+        sourceLabel: acc.email, remove: { icon: EYE_OFF, title: t('hide_cal') } });
+    });
+  });
+  state.haAccounts.forEach(acc => {
+    (acc.calendars || []).filter(c => !c.sidebar_hidden).forEach(cal => {
+      entries.push({ key: `homeassistant:${cal.id}`, source: 'homeassistant', dataId: `data-cal-id="${cal.id}"`,
+        name: cal.name, color: cal.color || '#03a9f4', enabled: cal.enabled,
+        sourceLabel: acc.name, remove: { icon: EYE_OFF, title: t('hide_cal') } });
+    });
+  });
 
-  // ── Local calendars ────────────────────────────────────
-  if (state.localCalendars.length) {
-    html += `<div class="cal-account-name">${t('cal_local')}</div>`;
-    html += state.localCalendars.map(cal =>
-      `<div class="cal-item" data-cal-id="${cal.id}" data-source="local">
-        <input type="checkbox" ${cal.enabled ? 'checked' : ''} data-cal-id="${cal.id}" data-source="local" />
-        <div class="cal-item-dot" style="background:${cal.color}" data-cal-id="${cal.id}" data-source="local" title="${t('change_color')}"></div>
-        <span class="cal-item-name" data-source="local">${escHtml(cal.name)}</span>
-        <button class="icon-btn mini-btn cal-item-remove" data-cal-id="${cal.id}" data-source="local" title="${t('remove_cal')}">
-          <svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"/></svg>
-        </button>
-      </div>`
-    ).join('');
-  }
+  // Apply the saved manual order (per device); unknown calendars append at end.
+  const order = loadCalOrder();
+  entries.sort((a, b) => {
+    const ia = order.indexOf(a.key), ib = order.indexOf(b.key);
+    if (ia === -1 && ib === -1) return 0;
+    if (ia === -1) return 1;
+    if (ib === -1) return -1;
+    return ia - ib;
+  });
+  saveCalOrder(entries.map(e => e.key));
 
-  // ── iCal subscriptions ─────────────────────────────────
-  if (state.icalSubscriptions.length) {
-    html += `<div class="cal-account-name">${t('cal_ical')}</div>`;
-    html += state.icalSubscriptions.map(sub =>
-      `<div class="cal-item" data-sub-id="${sub.id}" data-source="ical">
-        <input type="checkbox" ${sub.enabled ? 'checked' : ''} data-sub-id="${sub.id}" data-source="ical" />
-        <div class="cal-item-dot" style="background:${sub.color}" data-sub-id="${sub.id}" data-source="ical" title="${t('change_color')}"></div>
-        <span class="cal-item-name" data-source="ical">${escHtml(sub.name)}</span>
-        <button class="icon-btn mini-btn cal-item-remove" data-sub-id="${sub.id}" data-source="ical" title="${t('remove_ical_sub')}">
-          <svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"/></svg>
-        </button>
-      </div>`
-    ).join('');
-  }
-
-  // ── Google accounts ───────────────────────────────────
-  if (state.googleAccounts.length) {
-    html += state.googleAccounts.map(acc => {
-      const visibleCals = acc.calendars.filter(c => !c.sidebar_hidden);
-      if (!visibleCals.length) return `<div class="cal-account-name">${escHtml(acc.email)}</div>`;
-      return `<div class="cal-account-name">${escHtml(acc.email)}</div>` +
-        visibleCals.map(cal =>
-          `<div class="cal-item" data-cal-id="${cal.id}" data-source="google">
-            <input type="checkbox" ${cal.enabled ? 'checked' : ''} data-cal-id="${cal.id}" data-source="google" />
-            <div class="cal-item-dot" style="background:${cal.color || '#4285f4'}" data-cal-id="${cal.id}" data-source="google" title="${t('change_color')}"></div>
-            <span class="cal-item-name" data-source="google">${escHtml(cal.name)}</span>
-            <button class="icon-btn mini-btn cal-item-remove" data-cal-id="${cal.id}" data-source="google" title="${t('hide_cal')}">
-              <svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M12 7c2.76 0 5 2.24 5 5 0 .65-.13 1.26-.36 1.83l2.92 2.92c1.51-1.26 2.7-2.89 3.43-4.75-1.73-4.39-6-7.5-11-7.5-1.4 0-2.74.25-3.98.7l2.16 2.16C10.74 7.13 11.35 7 12 7zM2 4.27l2.28 2.28.46.46C3.08 8.3 1.78 10.02 1 12c1.73 4.39 6 7.5 11 7.5 1.55 0 3.03-.3 4.38-.84l.42.42L19.73 22 21 20.73 3.27 3 2 4.27zM7.53 9.8l1.55 1.55c-.05.21-.08.43-.08.65 0 1.66 1.34 3 3 3 .22 0 .44-.03.65-.08l1.55 1.55c-.67.33-1.41.53-2.2.53-2.76 0-5-2.24-5-5 0-.79.2-1.53.53-2.2zm4.31-.78l3.15 3.15.02-.16c0-1.66-1.34-3-3-3l-.17.01z"/></svg>
-            </button>
-          </div>`
-        ).join('');
-    }).join('');
-  }
-
-  // ── Home Assistant accounts ───────────────────────────
-  if (state.haAccounts.length) {
-    html += state.haAccounts.map(acc => {
-      const visibleCals = acc.calendars.filter(c => !c.sidebar_hidden);
-      if (!visibleCals.length) return `<div class="cal-account-name">${escHtml(acc.name)}</div>`;
-      return `<div class="cal-account-name">${escHtml(acc.name)}</div>` +
-        visibleCals.map(cal =>
-          `<div class="cal-item" data-cal-id="${cal.id}" data-source="homeassistant">
-            <input type="checkbox" ${cal.enabled ? 'checked' : ''} data-cal-id="${cal.id}" data-source="homeassistant" />
-            <div class="cal-item-dot" style="background:${cal.color || '#03a9f4'}" data-cal-id="${cal.id}" data-source="homeassistant" title="${t('change_color')}"></div>
-            <span class="cal-item-name" data-source="homeassistant">${escHtml(cal.name)}</span>
-            <button class="icon-btn mini-btn cal-item-remove" data-cal-id="${cal.id}" data-source="homeassistant" title="${t('hide_cal')}">
-              <svg viewBox="0 0 24 24" fill="currentColor" width="14" height="14"><path d="M12 7c2.76 0 5 2.24 5 5 0 .65-.13 1.26-.36 1.83l2.92 2.92c1.51-1.26 2.7-2.89 3.43-4.75-1.73-4.39-6-7.5-11-7.5-1.4 0-2.74.25-3.98.7l2.16 2.16C10.74 7.13 11.35 7 12 7zM2 4.27l2.28 2.28.46.46C3.08 8.3 1.78 10.02 1 12c1.73 4.39 6 7.5 11 7.5 1.55 0 3.03-.3 4.38-.84l.42.42L19.73 22 21 20.73 3.27 3 2 4.27zM7.53 9.8l1.55 1.55c-.05.21-.08.43-.08.65 0 1.66 1.34 3 3 3 .22 0 .44-.03.65-.08l1.55 1.55c-.67.33-1.41.53-2.2.53-2.76 0-5-2.24-5-5 0-.79.2-1.53.53-2.2zm4.31-.78l3.15 3.15.02-.16c0-1.66-1.34-3-3-3l-.17.01z"/></svg>
-            </button>
-          </div>`
-        ).join('');
-    }).join('');
-  }
-
-  if (!html) {
+  if (!entries.length) {
     container.innerHTML = `<div style="padding:8px 16px;font-size:12px;color:var(--text-3)">${t('error_no_calendars')}</div>`;
     return;
   }
 
-  container.innerHTML = html;
+  container.innerHTML = entries.map(e =>
+    `<div class="cal-item" draggable="true" data-key="${e.key}" data-source="${e.source}" ${e.dataId} title="${escHtml(e.name)} · ${escHtml(e.sourceLabel)}">
+      <span class="cal-drag-handle" title="${t('drag_reorder')}">⠿</span>
+      <input type="checkbox" ${e.enabled ? 'checked' : ''} data-source="${e.source}" ${e.dataId} />
+      <div class="cal-item-dot" style="background:${e.color}" data-source="${e.source}" ${e.dataId} title="${t('change_color')}"></div>
+      <span class="cal-item-name" data-source="${e.source}">${escHtml(e.name)}</span>
+      ${e.isGroupCal ? `<span class="cal-shared-flag" title="${escHtml(e.sourceLabel)}">${groupIconSvg('people', 13)}</span>` : ''}
+      ${e.groupVisible ? `<span class="cal-shared-flag" title="${t('group_visible_flag')}">${groupIconSvg('people', 13)}</span>` : ''}
+      ${e.remove ? `<button class="icon-btn mini-btn cal-item-remove" data-source="${e.source}" ${e.dataId} title="${e.remove.title}">${e.remove.icon}</button>` : ''}
+    </div>`
+  ).join('');
+
+  bindCalDragReorder(container);
 
   // ── Checkbox handlers ──────────────────────────────────
   container.querySelectorAll('input[type=checkbox]').forEach(cb => {
@@ -565,8 +779,12 @@ function renderCalendarList() {
         cacheCalId = calId; // numeric integer in cached events
       } else if (source === 'local') {
         const calId = parseInt(cb.dataset.calId);
-        await api.put(`/local/calendars/${calId}`, { enabled: cb.checked });
         const cal = state.localCalendars.find(c => c.id === calId);
+        // `enabled` is the owner's property — only the owner may PUT it.
+        // For shared/group calendars just toggle visibility client-side.
+        if (cal && cal.owned !== false) {
+          await api.put(`/local/calendars/${calId}`, { enabled: cb.checked });
+        }
         if (cal) cal.enabled = cb.checked;
         cacheCalId = `local-${calId}`;
       } else if (source === 'ical') {
@@ -617,6 +835,7 @@ function renderCalendarList() {
       } else if (source === 'local') {
         const calId = parseInt(dot.dataset.calId);
         const cal = state.localCalendars.find(c => c.id === calId);
+        if (cal && cal.owned === false) { showToast(t('only_owner_color'), true); return; }
         const picked = await openColorPicker(dot, cal?.color || '#34a853');
         if (picked) {
           await api.put(`/local/calendars/${calId}`, { color: picked });
@@ -1116,6 +1335,7 @@ function showEventPopup(ev, anchor) {
 
   const color = ev.color || ev.calendarColor || '#4285f4';
   document.getElementById('popup-color-dot').style.background = color;
+  popup.style.setProperty('--ev-color', color);
   document.getElementById('popup-title').textContent = ev.title;
 
   // Time
@@ -1133,14 +1353,24 @@ function showEventPopup(ev, anchor) {
   }
 
   document.getElementById('popup-location').textContent = ev.location || '';
-  document.getElementById('popup-location').style.display = ev.location ? '' : 'none';
+  document.getElementById('popup-row-location').style.display = ev.location ? '' : 'none';
   document.getElementById('popup-description').textContent = ev.description || '';
-  document.getElementById('popup-description').style.display = ev.description ? '' : 'none';
+  document.getElementById('popup-row-description').style.display = ev.description ? '' : 'none';
   document.getElementById('popup-calendar').textContent = ev.calendar_name || '';
+  document.getElementById('popup-row-calendar').style.display = ev.calendar_name ? '' : 'none';
+
+  // Creator — only shown when it isn't the current user.
+  const me = JSON.parse(localStorage.getItem('user') || '{}');
+  if (ev.creator && ev.creator.display_name && ev.creator.id !== me.id) {
+    document.getElementById('popup-creator').textContent = t('created_by', { name: ev.creator.display_name });
+    document.getElementById('popup-row-creator').style.display = '';
+  } else {
+    document.getElementById('popup-row-creator').style.display = 'none';
+  }
 
   // Position near anchor
   const rect = anchor.getBoundingClientRect();
-  const pw = 300, ph = 200;
+  const pw = 320, ph = 200;
   let left = rect.right + 8;
   let top  = rect.top;
   if (left + pw > window.innerWidth) left = rect.left - pw - 8;
@@ -1233,11 +1463,12 @@ function populateCalendarSelect(selectedId) {
       sel.appendChild(opt);
     });
   });
-  // Local calendars
+  // Local calendars (group calendars marked with 👥 so group events can be
+  // created from anywhere, not just the group view).
   state.localCalendars.filter(c => !c.sidebar_hidden).forEach(cal => {
     const opt = document.createElement('option');
     opt.value = `local-${cal.id}`;
-    opt.textContent = cal.name;
+    opt.textContent = cal.group ? `👥 ${cal.name}` : cal.name;
     if (`local-${cal.id}` === selectedId) opt.selected = true;
     sel.appendChild(opt);
   });
@@ -1310,6 +1541,7 @@ function openNewEventModal(date) {
 
   toggleAlldayFields(false);
   populateCalendarSelect(null);
+  updatePrivateRow(false);
   resetColorPicker('');
   resetRecurrenceUI();
   document.getElementById('ev-delete').classList.add('hidden');
@@ -1345,6 +1577,7 @@ function openCopyEditModal(ev, targetCal) {
   if (targetCal.type === 'caldav') selectedId = targetCal.id;
   else                              selectedId = `${targetCal.type}-${targetCal.id}`;
   populateCalendarSelect(selectedId);
+  updatePrivateRow(ev.private);
 
   resetColorPicker(ev.color || '');
   resetRecurrenceUI();
@@ -1377,6 +1610,7 @@ function openEditEventModal(ev) {
   }
 
   populateCalendarSelect(ev.calendar_id);
+  updatePrivateRow(ev.private);
   resetColorPicker(ev.color || '');
 
   // Recurrence
@@ -1404,6 +1638,18 @@ function toggleAlldayFields(allDay) {
   document.getElementById('ev-date-row').style.display = allDay ? '' : 'none';
 }
 
+// The "Privat" toggle only applies to local calendars; hide it otherwise.
+function updatePrivateRow(isPrivate) {
+  const calVal = document.getElementById('ev-calendar').value || '';
+  const isLocal = calVal.startsWith('local-');
+  const row = document.getElementById('ev-private-row');
+  row.style.display = isLocal ? '' : 'none';
+  if (isPrivate !== undefined) {
+    document.getElementById('ev-private').checked = !!isPrivate;
+  }
+  if (!isLocal) document.getElementById('ev-private').checked = false;
+}
+
 function resetColorPicker(color) {
   state.selectedEventColor = color;
   const hex = document.getElementById('ev-color-hex');
@@ -1494,6 +1740,9 @@ function bindEventModal() {
     toggleAlldayFields(e.target.checked);
   });
 
+  // The "Privat" toggle is only relevant for local calendars.
+  document.getElementById('ev-calendar').addEventListener('change', () => updatePrivateRow());
+
   // Date/time pickers with auto-adjustment logic
   [
     { displayId: 'ev-start-display',      inputId: 'ev-start',      mode: 'datetime', role: 'start' },
@@ -1619,6 +1868,7 @@ function bindEventModal() {
     const desc    = document.getElementById('ev-description').value.trim();
     const color   = state.selectedEventColor;
     const rrule   = buildRruleFromUI();
+    const isPrivate = isLocal && document.getElementById('ev-private').checked;
 
     let start, end;
     if (allDay) {
@@ -1646,7 +1896,7 @@ function bindEventModal() {
           );
         } else if (ev.source === 'local') {
           await api.put(`/local/events/${encodeURIComponent(ev.id)}`,
-            { title, start, end, allDay, location: loc, description: desc, color: color || null, rrule: rrule || '' }
+            { title, start, end, allDay, location: loc, description: desc, color: color || null, rrule: rrule || '', private: isPrivate }
           );
         } else if (ev.source === 'ical') {
           showToast(t('event_readonly'), true);
@@ -1668,6 +1918,7 @@ function bindEventModal() {
           location: loc, description: desc,
           color: color || null,
           rrule: rrule || null,
+          private: ev.source === 'local' ? isPrivate : ev.private,
         });
         showToast(t('event_updated'));
       } else if (isGoogle) {
@@ -1682,7 +1933,7 @@ function bindEventModal() {
         await api.post('/local/events', {
           calendar_id: calId, title, start, end, allDay,
           location: loc, description: desc, color: color || null,
-          rrule: rrule || null,
+          rrule: rrule || null, private: isPrivate,
         });
         showToast(t('event_created'));
       } else if (isHA) {
@@ -1960,8 +2211,435 @@ function bindICalSubModal() {
   };
 }
 
+// ── iCal Import ───────────────────────────────────────────
+// Open a file picker and import the chosen .ics into the given local calendar.
+function triggerIcsImport(calendarId) {
+  const input = document.createElement('input');
+  input.type = 'file';
+  input.accept = '.ics,text/calendar';
+  input.style.display = 'none';
+  document.body.appendChild(input);
+  input.addEventListener('change', async () => {
+    const file = input.files && input.files[0];
+    input.remove();
+    if (!file) return;
+    const form = new FormData();
+    form.append('file', file);
+    try {
+      showToast(t('importing'));
+      const res = await api.upload(`/local/calendars/${calendarId}/import`, form);
+      showToast(t('import_result', { imported: res.imported, skipped: res.skipped }));
+      fetchAndRender(true);
+    } catch (e) { showToast(e.message, true); }
+  });
+  input.click();
+}
+
+// ── Sharing ───────────────────────────────────────────────
+async function openShareModal(calendarId) {
+  const modal = document.getElementById('modal-share');
+  modal.dataset.calId = String(calendarId);
+  const search = document.getElementById('share-user-search');
+  search.value = '';
+  search.oninput = renderShareUserPicker;
+  document.getElementById('share-permission').value = 'read';
+  openModal('modal-share');
+  await refreshShareModal(calendarId);
+}
+
+async function refreshShareModal(calendarId) {
+  // Load current shares + the user directory (for the picker).
+  let shares = [], users = [];
+  try { shares = await api.get(`/local/calendars/${calendarId}/shares`); } catch (e) { showToast(e.message, true); }
+  try { users = await api.get('/users/directory'); } catch (e) { /* ignore */ }
+
+  const sharedIds = new Set(shares.map(s => s.user_id));
+  const listEl = document.getElementById('share-current-list');
+  listEl.innerHTML = shares.length
+    ? shares.map(s =>
+        `<div class="accounts-row">
+          <span class="accounts-row-name">${escHtml(s.display_name || '')}</span>
+          <div class="accounts-row-actions">
+            <span class="cal-badge">${s.permission === 'read_write' ? t('perm_read_write') : t('perm_read')}</span>
+            <button class="btn btn-ghost btn-sm" data-share-remove="${s.user_id}">${t('remove')}</button>
+          </div>
+        </div>`
+      ).join('')
+    : `<span class="accounts-section-empty">${t('share_none')}</span>`;
+
+  listEl.querySelectorAll('[data-share-remove]').forEach(btn => {
+    btn.addEventListener('click', async () => {
+      try {
+        await api.delete(`/local/calendars/${calendarId}/shares/${btn.dataset.shareRemove}`);
+        await refreshShareModal(calendarId);
+      } catch (e) { showToast(e.message, true); }
+    });
+  });
+
+  // Store the directory (minus already-shared users) for the picker.
+  document.getElementById('modal-share').__users = users.filter(u => !sharedIds.has(u.id));
+  renderShareUserPicker();
+}
+
+function renderShareUserPicker() {
+  const modal = document.getElementById('modal-share');
+  const users = modal.__users || [];
+  const q = (document.getElementById('share-user-search').value || '').toLowerCase();
+  const filtered = users.filter(u => (u.display_name || '').toLowerCase().includes(q));
+  const picker = document.getElementById('share-user-picker');
+  picker.innerHTML = filtered.length
+    ? filtered.map(u =>
+        `<div class="share-user-item" data-user-id="${u.id}">${escHtml(u.display_name || '')}</div>`
+      ).join('')
+    : `<span class="accounts-section-empty">${t('share_no_users')}</span>`;
+  picker.querySelectorAll('.share-user-item').forEach(el => {
+    el.addEventListener('click', async () => {
+      const calId = parseInt(modal.dataset.calId);
+      const permission = document.getElementById('share-permission').value;
+      try {
+        await api.post(`/local/calendars/${calId}/shares`,
+                       { user_id: parseInt(el.dataset.userId), permission });
+        await refreshShareModal(calId);
+      } catch (e) { showToast(e.message, true); }
+    });
+  });
+}
+
+// ── Groups ────────────────────────────────────────────────
+async function loadGroups() {
+  try {
+    state.groups = await api.get('/groups/') || [];
+  } catch (e) { state.groups = []; }
+  renderGroupList();
+}
+
+function renderGroupList() {
+  const el = document.getElementById('group-list-items');
+  if (!el) return;
+  if (!state.groups.length) {
+    el.innerHTML = `<div class="cal-list-empty">${t('groups_none')}</div>`;
+    return;
+  }
+  el.innerHTML = state.groups.map(g =>
+    `<div class="cal-item group-item ${g.id === state.activeGroupId ? 'group-item-active' : ''}" data-group-id="${g.id}">
+      <span class="group-emoji" data-group-open="${g.id}">${groupIconHtml(g.icon)}</span>
+      <span class="cal-item-name" data-group-open="${g.id}">${escHtml(g.name)}</span>
+      <button class="icon-btn mini-btn" data-group-edit="${g.id}" title="${t('group_manage')}">
+        <svg viewBox="0 0 24 24" fill="currentColor" width="16" height="16"><path d="M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z"/></svg>
+      </button>
+    </div>`
+  ).join('');
+  el.querySelectorAll('[data-group-open]').forEach(s => {
+    s.addEventListener('click', () => enterGroupView(parseInt(s.dataset.groupOpen)));
+  });
+  el.querySelectorAll('[data-group-edit]').forEach(b => {
+    b.addEventListener('click', e => { e.stopPropagation(); openGroupModal(parseInt(b.dataset.groupEdit)); });
+  });
+}
+
+// Open the new-event editor preselected to the active group's shared calendar.
+function openGroupEventModal() {
+  const g = state.groups.find(x => x.id === state.activeGroupId);
+  if (!g || !g.group_calendar_id) { showToast(t('groups_none'), true); return; }
+  openNewEventModal(state.selectedDate || state.currentDate);
+  const sel = document.getElementById('ev-calendar');
+  sel.value = `local-${g.group_calendar_id}`;
+  updatePrivateRow(false);
+}
+
+async function enterGroupView(groupId) {
+  state.activeGroupId = groupId;
+  state.hiddenGroupMembers = new Set();
+  state.activeGroupDetail = null;
+  const g = state.groups.find(x => x.id === groupId);
+  document.getElementById('group-view-banner').classList.remove('hidden');
+  document.getElementById('group-view-label').textContent =
+    t('group_view_label', { name: g ? g.name : '' });
+  renderGroupList();
+  // Load the member list (with server colours) for the per-member filter.
+  try { state.activeGroupDetail = await api.get(`/groups/${groupId}`); } catch (e) { /* ignore */ }
+  renderGroupMemberFilter();
+  fetchAndRender(true);
+}
+
+function exitGroupView() {
+  state.activeGroupId = null;
+  state.activeGroupDetail = null;
+  state.hiddenGroupMembers = new Set();
+  document.getElementById('group-view-banner').classList.add('hidden');
+  renderGroupMemberFilter();
+  renderGroupList();
+  fetchAndRender(true);
+}
+
+// Group members live in the sidebar (like the calendar list): each row has a
+// colour dot (tap to recolour that member just for your view) and a checkbox to
+// hide/show them in the combined overlay. The personal calendar list is hidden
+// while a group is active.
+function renderGroupMemberFilter() {
+  const section = document.getElementById('group-members');
+  const items = document.getElementById('group-members-items');
+  const calList = document.getElementById('cal-list');
+  const active = !!(state.activeGroupId && state.activeGroupDetail);
+  if (section) section.classList.toggle('hidden', !active);
+  if (calList) calList.classList.toggle('hidden', !!state.activeGroupId);
+  if (!active || !items) return;
+
+  const g = state.activeGroupDetail;
+  const gid = state.activeGroupId;
+  const row = (numKey, colorKey, name, baseColor) => {
+    const hidden = state.hiddenGroupMembers.has(numKey);
+    const color = groupColorOverride(gid, colorKey) || baseColor || '#4285f4';
+    return `<div class="cal-item gm-row">
+      <input type="checkbox" class="gm-vis" ${hidden ? '' : 'checked'} data-k="${colorKey}" />
+      <div class="cal-item-dot gm-dot" style="background:${color}" data-k="${colorKey}" data-color="${color}" title="${t('change_color')}"></div>
+      <span class="cal-item-name">${escHtml(name)}</span>
+    </div>`;
+  };
+  const parts = (g.members || []).map(m => row(m.id, String(m.id), m.display_name || '—', m.color));
+  parts.push(row('gc', 'gc', t('group_calendar'), g.group_calendar_color));
+  items.innerHTML = parts.join('');
+
+  items.querySelectorAll('.gm-vis').forEach(cb => {
+    cb.addEventListener('change', () => {
+      const ck = cb.dataset.k;
+      const key = ck === 'gc' ? 'gc' : parseInt(ck);
+      if (cb.checked) state.hiddenGroupMembers.delete(key);
+      else state.hiddenGroupMembers.add(key);
+      renderView();
+    });
+  });
+  items.querySelectorAll('.gm-dot').forEach(dot => {
+    dot.addEventListener('click', async () => {
+      const picked = await openColorPicker(dot, dot.dataset.color || '#4285f4');
+      if (picked) {
+        setGroupColorOverride(gid, dot.dataset.k, picked);
+        renderGroupMemberFilter();
+        fetchAndRender(true);
+      }
+    });
+  });
+}
+
+// Open the group modal in create mode (no id) or manage mode (existing group).
+async function openGroupModal(groupId) {
+  const modal = document.getElementById('modal-group');
+  modal.dataset.groupId = groupId ? String(groupId) : '';
+  const isEdit = !!groupId;
+  document.getElementById('group-modal-title').textContent =
+    isEdit ? t('group_manage') : t('group_create');
+  document.getElementById('group-delete').classList.toggle('hidden', !isEdit);
+
+  let detail = null, directory = [];
+  try { directory = await api.get('/users/directory') || []; } catch (e) { /* ignore */ }
+  if (isEdit) {
+    try { detail = await api.get(`/groups/${groupId}`); } catch (e) { showToast(e.message, true); }
+  }
+  const me = JSON.parse(localStorage.getItem('user') || '{}');
+  const existingMemberIds = new Set((detail ? detail.members : []).map(m => m.id));
+
+  document.getElementById('group-name').value = detail ? detail.name : '';
+  document.getElementById('group-name').disabled = false;  // rename supported via PUT
+
+  // Icon picker
+  modal.__icon = (detail && GROUP_ICON_KEYS.includes(detail.icon)) ? detail.icon : 'people';
+  renderGroupIconPicker();
+
+  // Member picker: current members are checked; the owner (me) is excluded.
+  modal.__directory = directory;
+  modal.__memberIds = new Set([...existingMemberIds].filter(id => id !== me.id));
+  renderGroupMemberPicker();
+
+  // Member colours (edit mode only): owner can recolour any member.
+  const colorsGroup = document.getElementById('group-colors-group');
+  if (isEdit && detail) {
+    colorsGroup.style.display = '';
+    renderGroupMemberColors(groupId, detail.members || []);
+  } else {
+    colorsGroup.style.display = 'none';
+  }
+
+  openModal('modal-group');
+}
+
+function renderGroupMemberColors(groupId, members) {
+  const el = document.getElementById('group-member-colors');
+  if (!el) return;
+  el.innerHTML = members.map(m =>
+    `<div class="pick-row" style="cursor:default">
+      <span class="cal-item-dot group-color-dot" data-uid="${m.id}" data-color="${m.color || '#4285f4'}"
+            style="background:${m.color || '#4285f4'};cursor:pointer" title="${t('change_color')}"></span>
+      <span class="pick-name">${escHtml(m.display_name || '')}</span>
+    </div>`
+  ).join('');
+  el.querySelectorAll('.group-color-dot').forEach(dot => {
+    dot.addEventListener('click', async () => {
+      const picked = await openColorPicker(dot, dot.dataset.color);
+      if (!picked) return;
+      try {
+        await api.put(`/groups/${groupId}/members/${dot.dataset.uid}/color`, { color: picked });
+        dot.style.background = picked;
+        dot.dataset.color = picked;
+      } catch (e) { showToast(e.message, true); }
+    });
+  });
+}
+
+// Cross-platform group icons: semantic keys stored server-side, rendered as
+// inline SVG here (SF Symbols on iOS, Material on Android) so they look the same
+// everywhere instead of relying on OS-specific emoji.
+const GROUP_ICON_KEYS = ['people', 'home', 'heart', 'work', 'school', 'sports',
+                         'party', 'pet', 'travel', 'music', 'food', 'star'];
+const GROUP_ICON_PATHS = {
+  people: 'M16 11c1.66 0 2.99-1.34 2.99-3S17.66 5 16 5c-1.66 0-3 1.34-3 3s1.34 3 3 3zm-8 0c1.66 0 2.99-1.34 2.99-3S9.66 5 8 5 5 6.34 5 8s1.34 3 3 3zm0 2c-2.33 0-7 1.17-7 3.5V19h14v-2.5c0-2.33-4.67-3.5-7-3.5zm8 0c-.29 0-.62.02-.97.05 1.16.84 1.97 1.97 1.97 3.45V19h6v-2.5c0-2.33-4.67-3.5-7-3.5z',
+  home: 'M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z',
+  heart: 'M12 21.35l-1.45-1.32C5.4 15.36 2 12.28 2 8.5 2 5.42 4.42 3 7.5 3c1.74 0 3.41.81 4.5 2.09C13.09 3.81 14.76 3 16.5 3 19.58 3 22 5.42 22 8.5c0 3.78-3.4 6.86-8.55 11.54L12 21.35z',
+  work: 'M20 6h-4V4c0-1.11-.89-2-2-2h-4c-1.11 0-2 .89-2 2v2H4c-1.11 0-1.99.89-1.99 2L2 19c0 1.11.89 2 2 2h16c1.11 0 2-.89 2-2V8c0-1.11-.89-2-2-2zm-6 0h-4V4h4v2z',
+  school: 'M5 13.18v4L12 21l7-3.82v-4L12 17l-7-3.82zM12 3L1 9l11 6 9-4.91V17h2V9L12 3z',
+  sports: 'M19 5h-2V3H7v2H5c-1.1 0-2 .9-2 2v1c0 2.55 1.92 4.63 4.39 4.94.63 1.5 1.98 2.63 3.61 2.96V19H7v2h10v-2h-4v-3.1c1.63-.33 2.98-1.46 3.61-2.96C19.08 12.63 21 10.55 21 8V7c0-1.1-.9-2-2-2zM5 8V7h2v3.82C5.84 10.4 5 9.3 5 8zm14 0c0 1.3-.84 2.4-2 2.82V7h2v1z',
+  party: 'M19 9l1.25-2.75L23 5l-2.75-1.25L19 1l-1.25 2.75L15 5l2.75 1.25L19 9zm-7.5.5L9 4 6.5 9.5 1 12l5.5 2.5L9 20l2.5-5.5L17 12l-5.5-2.5zM19 15l-1.25 2.75L15 19l2.75 1.25L19 23l1.25-2.75L23 19l-2.75-1.25L19 15z',
+  pet: 'M12 14c-2.5 0-4.5 1.8-4.5 4 0 .6.4 1 1 1h7c.6 0 1-.4 1-1 0-2.2-2-4-4.5-4zM6 9.5a1.5 2 0 1 0 0 4 1.5 2 0 0 0 0-4zm12 0a1.5 2 0 1 0 0 4 1.5 2 0 0 0 0-4zM9 6a1.5 2 0 1 0 0 4 1.5 2 0 0 0 0-4zm6 0a1.5 2 0 1 0 0 4 1.5 2 0 0 0 0-4z',
+  travel: 'M21 16v-2l-8-5V3.5c0-.83-.67-1.5-1.5-1.5S10 2.67 10 3.5V9l-8 5v2l8-2.5V19l-2 1.5V22l3.5-1 3.5 1v-1.5L13 19v-5.5l8 2.5z',
+  music: 'M12 3v10.55c-.59-.34-1.27-.55-2-.55-2.21 0-4 1.79-4 4s1.79 4 4 4 4-1.79 4-4V7h4V3h-6z',
+  food: 'M11 9H9V2H7v7H5V2H3v7c0 2.12 1.66 3.84 3.75 3.97V22h2.5v-9.03C11.34 12.84 13 11.12 13 9V2h-2v7zm5-3v8h2.5v8H21V2c-2.76 0-5 2.24-5 4z',
+  star: 'M12 17.27L18.18 21l-1.64-7.03L22 9.24l-7.19-.61L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21z',
+};
+function groupIconSvg(key, size = 18) {
+  const p = GROUP_ICON_PATHS[key] || GROUP_ICON_PATHS.people;
+  return `<svg viewBox="0 0 24 24" width="${size}" height="${size}" fill="currentColor" aria-hidden="true"><path d="${p}"/></svg>`;
+}
+// Render a group's stored icon: SVG for known keys, legacy emoji as-is.
+function groupIconHtml(icon, size = 18) {
+  if (GROUP_ICON_KEYS.includes(icon)) return groupIconSvg(icon, size);
+  if (icon) return escHtml(icon);
+  return groupIconSvg('people', size);
+}
+function renderGroupIconPicker() {
+  const modal = document.getElementById('modal-group');
+  const sel = modal.__icon || 'people';
+  const picker = document.getElementById('group-icon-picker');
+  if (!picker) return;
+  picker.innerHTML = GROUP_ICON_KEYS.map(ic =>
+    `<button type="button" class="group-icon-opt ${ic === sel ? 'on' : ''}" data-icon="${ic}">${groupIconSvg(ic, 22)}</button>`
+  ).join('');
+  picker.querySelectorAll('.group-icon-opt').forEach(b => {
+    b.addEventListener('click', () => {
+      modal.__icon = b.dataset.icon;
+      renderGroupIconPicker();
+    });
+  });
+}
+
+function renderGroupMemberPicker() {
+  const modal = document.getElementById('modal-group');
+  const dir = modal.__directory || [];
+  const picked = modal.__memberIds || new Set();
+  const picker = document.getElementById('group-member-picker');
+  picker.innerHTML = dir.length
+    ? dir.map(u => {
+        const on = picked.has(u.id);
+        return `<div class="pick-row ${on ? 'pick-row-sel' : ''}" data-member-id="${u.id}" role="checkbox" aria-checked="${on}">
+          <span class="pick-mark pick-check ${on ? 'on' : ''}">${on ? '✓' : ''}</span>
+          <span class="pick-name">${escHtml(u.display_name || '')}</span>
+        </div>`;
+      }).join('')
+    : `<span class="accounts-section-empty">${t('share_no_users')}</span>`;
+  picker.querySelectorAll('.pick-row').forEach(rowEl => {
+    rowEl.addEventListener('click', () => {
+      const id = parseInt(rowEl.dataset.memberId);
+      if (picked.has(id)) picked.delete(id); else picked.add(id);
+      renderGroupMemberPicker();
+    });
+  });
+}
+
+function bindGroupUI() {
+  const addBtn = document.getElementById('btn-add-group');
+  if (addBtn) addBtn.onclick = () => openGroupModal(null);
+  const exitBtn = document.getElementById('group-view-exit');
+  if (exitBtn) exitBtn.onclick = exitGroupView;
+  const newEvtBtn = document.getElementById('group-view-new-event');
+  if (newEvtBtn) newEvtBtn.onclick = openGroupEventModal;
+
+  document.getElementById('group-save').onclick = async () => {
+    const modal = document.getElementById('modal-group');
+    const groupId = modal.dataset.groupId;
+    const memberIds = [...(modal.__memberIds || new Set())];
+    try {
+      const name = document.getElementById('group-name').value.trim();
+      const icon = modal.__icon || 'people';
+      if (!name) { showToast(t('error_enter_title'), true); return; }
+      if (groupId) {
+        // Manage mode: update name/icon, then sync member additions/removals.
+        await api.put(`/groups/${groupId}`, { name, icon });
+        const detail = await api.get(`/groups/${groupId}`);
+        const me = JSON.parse(localStorage.getItem('user') || '{}');
+        const current = new Set(detail.members.map(m => m.id).filter(id => id !== me.id));
+        for (const id of memberIds) if (!current.has(id)) await api.post(`/groups/${groupId}/members`, { user_id: id });
+        for (const id of current) if (!memberIds.includes(id)) await api.delete(`/groups/${groupId}/members/${id}`);
+        showToast(t('group_saved'));
+      } else {
+        await api.post('/groups/', { name, member_ids: memberIds, icon });
+        showToast(t('group_created'));
+      }
+      closeModal('modal-group');
+      await loadGroups();
+      // Refresh local calendars too (a new group creates a group calendar).
+      try { state.localCalendars = await api.get('/local/calendars') || state.localCalendars; } catch (e) {}
+      renderCalendarList();
+    } catch (e) { showToast(e.message, true); }
+  };
+
+  document.getElementById('group-delete').onclick = async () => {
+    const modal = document.getElementById('modal-group');
+    const groupId = modal.dataset.groupId;
+    if (!groupId) return;
+    if (!confirm(t('group_delete_confirm'))) return;
+    try {
+      await api.delete(`/groups/${groupId}`);
+      if (state.activeGroupId === parseInt(groupId)) exitGroupView();
+      closeModal('modal-group');
+      await loadGroups();
+      showToast(t('group_deleted'));
+    } catch (e) { showToast(e.message, true); }
+  };
+}
+
+// Radio list of the user's OWN local calendars to pick the one visible to
+// group members (plus a "none" option). Selection is read on settings save.
+function renderGroupVisibleList(selectedId) {
+  const el = document.getElementById('cfg-group-visible-list');
+  if (!el) return;
+  el.dataset.selected = (selectedId == null) ? '' : String(selectedId);
+  const own = state.localCalendars.filter(c => c.owned !== false && !c.group);
+  const selVal = el.dataset.selected;
+  const row = (id, name, color) => {
+    const val = (id == null) ? '' : String(id);
+    const sel = val === selVal;
+    const dot = color
+      ? `<span class="pick-dot" style="background:${color}"></span>`
+      : `<span class="pick-dot pick-dot-empty"></span>`;
+    return `<div class="pick-row ${sel ? 'pick-row-sel' : ''}" data-pick="${val}" role="radio" aria-checked="${sel}">
+      <span class="pick-mark pick-radio ${sel ? 'on' : ''}"></span>
+      ${dot}
+      <span class="pick-name">${escHtml(name)}</span>
+    </div>`;
+  };
+  el.innerHTML =
+    row(null, t('group_visible_none'), null) +
+    own.map(c => row(c.id, c.name, c.color)).join('');
+  el.querySelectorAll('.pick-row').forEach(r => {
+    r.addEventListener('click', () => {
+      el.dataset.selected = r.dataset.pick;
+      renderGroupVisibleList(r.dataset.pick === '' ? null : parseInt(r.dataset.pick));
+    });
+  });
+}
+
 // ── Settings Modal ────────────────────────────────────────
 function openSettingsModal() {
+  uiSettingsOpen = true;
+  writeUrlState();
   const s = state.settings;
   document.getElementById('cfg-default-view').value  = s.default_view   || 'month';
   document.getElementById('cfg-week-start').value    = s.week_start_day || 'monday';
@@ -1976,8 +2654,32 @@ function openSettingsModal() {
     document.getElementById(id + '-hex').value = val.toUpperCase();
     document.getElementById(id + '-preview').style.background = val;
   });
+
+  // Override-Farben — leeres Hex-Input bedeutet "Default verwenden",
+  // aber die Preview zeigt trotzdem die aktuell wirksame Farbe.
+  [
+    { id: 'cfg-text-color', val: s.text_color, fallback: DEFAULT_TEXT_COLOR },
+    { id: 'cfg-line-color', val: s.line_color, fallback: DEFAULT_LINE_COLOR },
+    { id: 'cfg-bg-color',   val: s.bg_color,   fallback: DEFAULT_BG_COLOR },
+  ].forEach(({ id, val, fallback }) => {
+    const hex = document.getElementById(id + '-hex');
+    const prev = document.getElementById(id + '-preview');
+    if (!hex || !prev) return;
+    hex.value = val ? String(val).toUpperCase() : '';
+    prev.style.background = val || fallback;
+  });
   document.getElementById('cfg-dim-past').checked = !!s.dim_past_events;
   document.getElementById('cfg-language').value = getLang();
+  document.getElementById('cfg-private-visibility').value = s.private_event_visibility || 'busy';
+  renderGroupVisibleList(s.group_visible_calendar_id);
+
+  // Profile chapter: name (from cached user) + email (fresh from /profile).
+  const pu = JSON.parse(localStorage.getItem('user') || '{}');
+  document.getElementById('cfg-display-name').value = pu.display_name || pu.username || '';
+  document.getElementById('cfg-login-name').value = pu.username || '';
+  api.get('/profile/').then(p => {
+    document.getElementById('cfg-email').value = p.email || '';
+  }).catch(() => {});
 
   // Set active contrast/hour-height buttons
   [
@@ -2110,14 +2812,40 @@ function renderAllAccounts() {
     if (!state.localCalendars.length) {
       localList.innerHTML = `<span class="accounts-section-empty">${t('settings_no_local_cals')}</span>`;
     } else {
-      localList.innerHTML = state.localCalendars.map(cal =>
-        `<div class="accounts-row">
+      localList.innerHTML = state.localCalendars.map(cal => {
+        const owned = cal.owned !== false;
+        const sharedBadge = !owned
+          ? `<span class="cal-badge cal-badge-shared">${t('shared_by', { name: cal.shared_by || '' })}</span>`
+          : '';
+        const canWrite = owned || cal.permission === 'read_write';
+        const actions = [];
+        if (owned) actions.push(`<button class="btn btn-ghost btn-sm" data-local-share="${cal.id}">${t('share')}</button>`);
+        if (canWrite) actions.push(`<button class="btn btn-ghost btn-sm" data-local-import="${cal.id}">${t('import')}</button>`);
+        actions.push(`<button class="btn btn-ghost btn-sm" data-local-export="${cal.id}" data-local-name="${escHtml(cal.name)}">${t('export')}</button>`);
+        return `<div class="accounts-row">
           <div style="display:flex;align-items:center;gap:8px;min-width:0">
             <span class="accounts-local-dot" style="background:${cal.color || '#34a853'}"></span>
             <span class="accounts-row-name">${escHtml(cal.name)}</span>
+            ${sharedBadge}
           </div>
-        </div>`
-      ).join('');
+          <div class="accounts-row-actions">${actions.join('')}</div>
+        </div>`;
+      }).join('');
+
+      localList.querySelectorAll('[data-local-export]').forEach(btn => {
+        btn.addEventListener('click', async () => {
+          try {
+            await api.download(`/local/calendars/${btn.dataset.localExport}/export`,
+                               `${btn.dataset.localName || 'calendar'}.ics`);
+          } catch (e) { showToast(e.message, true); }
+        });
+      });
+      localList.querySelectorAll('[data-local-import]').forEach(btn => {
+        btn.addEventListener('click', () => triggerIcsImport(parseInt(btn.dataset.localImport)));
+      });
+      localList.querySelectorAll('[data-local-share]').forEach(btn => {
+        btn.addEventListener('click', () => openShareModal(parseInt(btn.dataset.localShare)));
+      });
     }
   }
 
@@ -2307,6 +3035,68 @@ function bindSettingsModal() {
     });
   });
 
+  // Optional override colours (text / line / background) — empty = use default.
+  // Live-apply to the page so the user sees the effect while typing, not only after Save.
+  const overrideFieldMap = {
+    'cfg-text-color': 'text_color',
+    'cfg-line-color': 'line_color',
+    'cfg-bg-color':   'bg_color',
+  };
+  const liveApplyOverride = (prefix, value) => {
+    const field = overrideFieldMap[prefix];
+    if (!field) return;
+    state.settings[field] = value || null;
+    applyTheme(state.settings);
+  };
+  [
+    { prefix: 'cfg-text-color', defaultColor: DEFAULT_TEXT_COLOR },
+    { prefix: 'cfg-line-color', defaultColor: DEFAULT_LINE_COLOR },
+    { prefix: 'cfg-bg-color',   defaultColor: DEFAULT_BG_COLOR },
+  ].forEach(({ prefix, defaultColor }) => {
+    const preview = document.getElementById(prefix + '-preview');
+    const hex = document.getElementById(prefix + '-hex');
+    const reset = document.getElementById(prefix + '-reset');
+    if (!preview || !hex || !reset) return;
+
+    const normalize = (raw) => {
+      let v = (raw || '').trim();
+      if (!v) return '';
+      if (!v.startsWith('#')) v = '#' + v;
+      return /^#[0-9a-fA-F]{6}$/.test(v) ? v.toUpperCase() : null;
+    };
+
+    preview.addEventListener('click', async () => {
+      const picked = await openColorPicker(preview, hex.value || defaultColor);
+      if (picked) {
+        hex.value = picked.toUpperCase();
+        preview.style.background = picked;
+        liveApplyOverride(prefix, picked);
+      }
+    });
+
+    const onTyped = () => {
+      const norm = normalize(hex.value);
+      if (norm === '') {
+        preview.style.background = defaultColor;
+        liveApplyOverride(prefix, null);
+      } else if (norm) {
+        preview.style.background = norm;
+        liveApplyOverride(prefix, norm);
+      }
+    };
+    hex.addEventListener('input', onTyped);
+    hex.addEventListener('change', () => {
+      const norm = normalize(hex.value);
+      if (norm) hex.value = norm;
+    });
+
+    reset.addEventListener('click', () => {
+      hex.value = '';
+      preview.style.background = defaultColor;
+      liveApplyOverride(prefix, null);
+    });
+  });
+
   // Panel navigation
   document.querySelectorAll('.settings-nav-btn').forEach(btn => {
     btn.addEventListener('click', () => activateSettingsPanel(btn.dataset.panel));
@@ -2341,11 +3131,42 @@ function bindSettingsModal() {
     } catch (e) { showToast(e.message, true); }
   };
 
+  // Profile chapter save (name/login/email → /profile, separate from settings).
+  const profileSaveBtn = document.getElementById('cfg-profile-save');
+  if (profileSaveBtn) profileSaveBtn.onclick = async () => {
+    const email = document.getElementById('cfg-email').value.trim();
+    const displayName = document.getElementById('cfg-display-name').value.trim();
+    const loginName = document.getElementById('cfg-login-name').value.trim();
+    const user = JSON.parse(localStorage.getItem('user') || '{}');
+    const body = { email: email || null };
+    if (displayName) body.display_name = displayName;
+    if (loginName && loginName.toLowerCase() !== (user.username || '')) body.username = loginName;
+    try {
+      const res = await api.put('/profile/', body);
+      if (res && res.access_token) localStorage.setItem('token', res.access_token);
+      const updated = { ...user };
+      if (displayName) updated.display_name = displayName;
+      if (body.username) updated.username = body.username.toLowerCase();
+      localStorage.setItem('user', JSON.stringify(updated));
+      const dd = document.getElementById('dropdown-username');
+      if (dd) dd.textContent = updated.display_name || updated.username || 'Benutzer';
+      showToast(t('profile_saved'));
+    } catch (e) { showToast(e.message, true); }
+  };
+
   document.getElementById('settings-save').onclick = async () => {
     const getActive = (id) => {
       const btn = document.querySelector(`#${id} .contrast-btn.active`);
       return btn ? Number(btn.dataset.val) : null;
     };
+    // Optional override colours: empty input → null (use default).
+    // Tolerant: accepts both "ff0000" and "#ff0000".
+    const colourOrNull = (id) => {
+      let v = (document.getElementById(id).value || '').trim();
+      if (!v) return null;
+      if (!v.startsWith('#')) v = '#' + v;
+      return /^#[0-9a-fA-F]{6}$/.test(v) ? v.toUpperCase() : null;
+    };
     const settings = {
       default_view:        document.getElementById('cfg-default-view').value,
       week_start_day:      document.getElementById('cfg-week-start').value,
@@ -2354,12 +3175,16 @@ function bindSettingsModal() {
       today_color:         document.getElementById('cfg-today-hex').value,
       month_divider_color: document.getElementById('cfg-month-divider-hex').value,
       month_label_color:   document.getElementById('cfg-month-label-hex').value,
+      text_color:          colourOrNull('cfg-text-color-hex'),
+      line_color:          colourOrNull('cfg-line-color-hex'),
+      bg_color:            colourOrNull('cfg-bg-color-hex'),
       dim_past_events:     document.getElementById('cfg-dim-past').checked,
-      text_contrast:       getActive('cfg-text-contrast') || 3,
-      line_contrast:       getActive('cfg-line-contrast') || 3,
       hour_height:         getActive('cfg-hour-height')   || 44,
       language:            document.getElementById('cfg-language').value,
+      private_event_visibility: document.getElementById('cfg-private-visibility').value,
     };
+    const gvVal = document.getElementById('cfg-group-visible-list')?.dataset.selected;
+    settings.group_visible_calendar_id = gvVal ? parseInt(gvVal) : null;
     try {
       await api.put('/settings/', settings);
       state.settings = { ...state.settings, ...settings };
@@ -2379,9 +3204,10 @@ function bindSettingsModal() {
 export function openProfileModal() {
   const user = JSON.parse(localStorage.getItem('user') || '{}');
 
-  // Username & email
+  // Names & email
   document.getElementById('profile-username').value = user.username || '';
-  document.getElementById('profile-display-name').textContent = user.username || '';
+  document.getElementById('profile-display-name-input').value = user.display_name || user.username || '';
+  document.getElementById('profile-display-name').textContent = user.display_name || user.username || '';
 
   // Load fresh profile data
   api.get('/profile/').then(profile => {
@@ -2449,11 +3275,26 @@ function renderProfileCalendars() {
 }
 
 function bindProfileModal() {
-  // Save profile info (email)
+  // Save profile info (display name, login name, email)
   document.getElementById('profile-save-info').onclick = async () => {
     const email = document.getElementById('profile-email').value.trim();
+    const displayName = document.getElementById('profile-display-name-input').value.trim();
+    const loginName = document.getElementById('profile-username').value.trim();
+    const user = JSON.parse(localStorage.getItem('user') || '{}');
+    const body = { email: email || null };
+    if (displayName) body.display_name = displayName;
+    if (loginName && loginName.toLowerCase() !== (user.username || '')) body.username = loginName;
     try {
-      await api.put('/profile/', { email: email || null });
+      const res = await api.put('/profile/', body);
+      // A login-name change returns a fresh token (the old one is now invalid).
+      if (res && res.access_token) localStorage.setItem('token', res.access_token);
+      // Keep the cached user (menu, "created by", etc.) in sync.
+      const updated = { ...user };
+      if (displayName) updated.display_name = displayName;
+      if (body.username) updated.username = body.username.toLowerCase();
+      localStorage.setItem('user', JSON.stringify(updated));
+      const dd = document.getElementById('dropdown-username');
+      if (dd) dd.textContent = updated.display_name || updated.username || 'Benutzer';
       showToast(t('profile_saved'));
     } catch (e) { showToast(e.message, true); }
   };
@@ -2675,6 +3516,10 @@ function openModal(id) {
 }
 function closeModal(id) {
   document.getElementById(id).classList.add('hidden');
+  if (id === 'modal-settings') {
+    uiSettingsOpen = false;
+    writeUrlState();
+  }
 }
 
 // Close button bindings (added once)
diff --git a/frontend/js/i18n.js b/frontend/js/i18n.js
index ab9310b..3fb1d3f 100644
--- a/frontend/js/i18n.js
+++ b/frontend/js/i18n.js
@@ -60,6 +60,9 @@ const translations = {
     // Settings
     settings_title: 'Einstellungen',
     settings_nav_appearance: 'Darstellung',
+    settings_nav_profile: 'Profil',
+    settings_nav_view: 'Ansicht',
+    settings_nav_calendars: 'Kalender',
     settings_nav_google: 'Google Konten',
     settings_nav_users: 'Benutzerverwaltung',
     settings_colors: 'Farben',
@@ -67,6 +70,10 @@ const translations = {
     settings_today_color: 'Heutige-Tag-Farbe',
     settings_month_divider_color: 'Monatswechsel-Linie',
     settings_month_label_color: 'Monatskürzel-Farbe',
+    settings_text_color: 'Schriftfarbe',
+    settings_line_color: 'Linienfarbe',
+    settings_bg_color: 'Hintergrundfarbe',
+    reset: 'Reset',
     settings_text_contrast: 'Schriftkontrast',
     settings_text_contrast_desc: 'Helligkeit der Beschriftungen und Texte',
     contrast_dark: 'Dunkel', contrast_medium: 'Mittel',
@@ -80,6 +87,61 @@ const translations = {
     settings_week_start: 'Erster Wochentag',
     week_start_monday: 'Montag', week_start_sunday: 'Sonntag',
     settings_dim_past: 'Vergangene Termine ausgrauen',
+    settings_privacy: 'Privatsphäre',
+    settings_private_visibility: 'Private Termine für Gruppenmitglieder',
+    settings_private_visibility_desc: 'Wie private Termine für andere Gruppenmitglieder erscheinen',
+    private_visibility_busy: 'Als „Beschäftigt“ anzeigen',
+    private_visibility_hidden: 'Ausblenden',
+    created_by: 'Erstellt von: {name}',
+    event_private: 'Privat',
+    share: 'Teilen',
+    import: 'Importieren',
+    export: 'Exportieren',
+    importing: 'Importiere…',
+    import_result: '{imported} importiert, {skipped} übersprungen',
+    shared_by: 'geteilt von {name}',
+    share_title: 'Kalender teilen',
+    share_current: 'Aktuelle Freigaben',
+    share_add: 'Benutzer hinzufügen',
+    share_search: 'Benutzer suchen…',
+    share_none: 'Noch nicht geteilt',
+    share_no_users: 'Keine Benutzer gefunden',
+    perm_read: 'Nur lesen',
+    perm_read_write: 'Lesen & schreiben',
+    remove: 'Entfernen',
+    done: 'Fertig',
+    groups_title: 'Gruppen',
+    groups_none: 'Noch keine Gruppen',
+    group_create: 'Gruppe erstellen',
+    group_manage: 'Gruppe verwalten',
+    group_name: 'Name',
+    group_name_ph: 'Gruppenname',
+    group_members: 'Mitglieder',
+    group_delete: 'Gruppe löschen',
+    group_delete_confirm: 'Diese Gruppe und ihren Gruppenkalender wirklich löschen?',
+    group_deleted: 'Gruppe gelöscht',
+    group_saved: 'Gruppe gespeichert',
+    group_created: 'Gruppe erstellt',
+    group_view_label: 'Gruppenansicht: {name}',
+    group_exit: 'Gruppenansicht verlassen',
+    group_calendar: 'Gruppenkalender',
+    group_icon: 'Icon',
+    group_visible_flag: 'Für deine Gruppen sichtbar',
+    group_new_event: '+ Gruppentermin',
+    group_member_colors: 'Farben der Mitglieder',
+    only_owner_color: 'Nur der Besitzer kann die Farbe ändern',
+    upload_too_large: 'Datei zu groß (Server-Limit). Bitte Upload-Limit erhöhen.',
+    shared_with_me: 'Mit dir geteilt',
+    settings_calendars: 'Kalender',
+    settings_group_visible: 'Für Gruppen sichtbarer Kalender',
+    settings_group_visible_desc: 'Wähle, welcher deiner Kalender für deine Gruppenmitglieder sichtbar ist',
+    group_visible_none: 'Keiner',
+    drag_reorder: 'Zum Sortieren ziehen',
+    profile_account: 'Konto',
+    profile_display_name: 'Anzeigename',
+    profile_display_name_ph: 'Anzeigename',
+    profile_login_name: 'Login-Name',
+    profile_login_name_desc: 'Klein geschrieben, fürs Anmelden. Groß-/Kleinschreibung egal.',
     settings_hour_height: 'Stundenhöhe (Wochen- & Tagesansicht)',
     settings_hour_height_desc: 'Wie viel Platz eine Stunde in der Zeitrasteransicht einnimmt',
     hour_compact: 'Kompakt', hour_normal: 'Normal',
@@ -154,7 +216,7 @@ const translations = {
     rec_every: 'Alle', rec_days: 'Tage', rec_weeks: 'Wochen', rec_months: 'Monate',
     rec_ends: 'Endet', rec_never: 'Nie', rec_after_count: 'Nach Anzahl',
     rec_on_date: 'Am Datum', rec_occurrences: 'Termine',
-    copy_to_calendar: 'Kopieren nach…', event_copied: 'Termin kopiert',
+    copy_to_calendar: 'Kopieren nach…', event_copied: 'Termin kopiert', copy: 'Kopieren',
     edit_before_copy: 'Vor dem Kopieren bearbeiten',
     event_updated: 'Termin aktualisiert', event_created: 'Termin erstellt',
     confirm_delete_event: '"{title}" wirklich löschen?',
@@ -271,6 +333,9 @@ const translations = {
     // Settings
     settings_title: 'Settings',
     settings_nav_appearance: 'Appearance',
+    settings_nav_profile: 'Profile',
+    settings_nav_view: 'View',
+    settings_nav_calendars: 'Calendars',
     settings_nav_google: 'Google Accounts',
     settings_nav_users: 'User Management',
     settings_colors: 'Colors',
@@ -278,6 +343,10 @@ const translations = {
     settings_today_color: 'Today highlight color',
     settings_month_divider_color: 'Month divider line',
     settings_month_label_color: 'Month label color',
+    settings_text_color: 'Text color',
+    settings_line_color: 'Line color',
+    settings_bg_color: 'Background color',
+    reset: 'Reset',
     settings_text_contrast: 'Text contrast',
     settings_text_contrast_desc: 'Brightness of labels and text',
     contrast_dark: 'Dark', contrast_medium: 'Medium',
@@ -291,6 +360,61 @@ const translations = {
     settings_week_start: 'First day of week',
     week_start_monday: 'Monday', week_start_sunday: 'Sunday',
     settings_dim_past: 'Dim past events',
+    settings_privacy: 'Privacy',
+    settings_private_visibility: 'Private events for group members',
+    settings_private_visibility_desc: 'How your private events appear to other group members',
+    private_visibility_busy: 'Show as "Busy"',
+    private_visibility_hidden: 'Hide completely',
+    created_by: 'Created by: {name}',
+    event_private: 'Private',
+    share: 'Share',
+    import: 'Import',
+    export: 'Export',
+    importing: 'Importing…',
+    import_result: '{imported} imported, {skipped} skipped',
+    shared_by: 'shared by {name}',
+    share_title: 'Share calendar',
+    share_current: 'Current shares',
+    share_add: 'Add user',
+    share_search: 'Search users…',
+    share_none: 'Not shared yet',
+    share_no_users: 'No users found',
+    perm_read: 'Read only',
+    perm_read_write: 'Read & write',
+    remove: 'Remove',
+    done: 'Done',
+    groups_title: 'Groups',
+    groups_none: 'No groups yet',
+    group_create: 'Create group',
+    group_manage: 'Manage group',
+    group_name: 'Name',
+    group_name_ph: 'Group name',
+    group_members: 'Members',
+    group_delete: 'Delete group',
+    group_delete_confirm: 'Really delete this group and its group calendar?',
+    group_deleted: 'Group deleted',
+    group_saved: 'Group saved',
+    group_created: 'Group created',
+    group_view_label: 'Group view: {name}',
+    group_exit: 'Exit group view',
+    group_calendar: 'Group calendar',
+    group_icon: 'Icon',
+    group_visible_flag: 'Visible to your groups',
+    group_new_event: '+ Group event',
+    group_member_colors: 'Member colours',
+    only_owner_color: 'Only the owner can change the colour',
+    upload_too_large: 'File too large (server limit). Please raise the upload limit.',
+    shared_with_me: 'Shared with me',
+    settings_calendars: 'Calendars',
+    settings_group_visible: 'Calendar visible to groups',
+    settings_group_visible_desc: 'Choose which of your calendars your group members can see',
+    group_visible_none: 'None',
+    drag_reorder: 'Drag to reorder',
+    profile_account: 'Account',
+    profile_display_name: 'Display name',
+    profile_display_name_ph: 'Display name',
+    profile_login_name: 'Login name',
+    profile_login_name_desc: 'Lowercase, used to sign in. Case-insensitive.',
     settings_hour_height: 'Hour height (week & day view)',
     settings_hour_height_desc: 'How much space one hour takes in the time grid',
     hour_compact: 'Compact', hour_normal: 'Normal',
@@ -365,7 +489,7 @@ const translations = {
     rec_every: 'Every', rec_days: 'days', rec_weeks: 'weeks', rec_months: 'months',
     rec_ends: 'Ends', rec_never: 'Never', rec_after_count: 'After count',
     rec_on_date: 'On date', rec_occurrences: 'occurrences',
-    copy_to_calendar: 'Copy to…', event_copied: 'Event copied',
+    copy_to_calendar: 'Copy to…', event_copied: 'Event copied', copy: 'Copy',
     edit_before_copy: 'Edit before copying',
     event_updated: 'Event updated', event_created: 'Event created',
     confirm_delete_event: 'Really delete "{title}"?',
@@ -442,15 +566,26 @@ export function t(key, vars = {}) {
   return val.replace(/\{(\w+)\}/g, (_, k) => vars[k] ?? '');
 }
 
+// Look up a translation but return null if the key is undefined in both
+// the current language and German. Lets callers fall back to the existing
+// HTML default rather than displaying the raw key.
+function tOrNull(key) {
+  const dict = translations[currentLang] ?? translations.de;
+  const val = dict[key] ?? translations.de[key];
+  return typeof val === 'string' ? val : null;
+}
+
 export function applyLang() {
   document.querySelectorAll('[data-i18n]').forEach(el => {
-    const v = t(el.dataset.i18n);
-    if (typeof v === 'string') el.textContent = v;
+    const v = tOrNull(el.dataset.i18n);
+    if (v != null) el.textContent = v;
   });
   document.querySelectorAll('[data-i18n-ph]').forEach(el => {
-    el.placeholder = t(el.dataset.i18nPh);
+    const v = tOrNull(el.dataset.i18nPh);
+    if (v != null) el.placeholder = v;
   });
   document.querySelectorAll('[data-i18n-title]').forEach(el => {
-    el.title = t(el.dataset.i18nTitle);
+    const v = tOrNull(el.dataset.i18nTitle);
+    if (v != null) el.title = v;
   });
 }
diff --git a/frontend/js/utils.js b/frontend/js/utils.js
index 5db6786..b0e9b36 100644
--- a/frontend/js/utils.js
+++ b/frontend/js/utils.js
@@ -76,6 +76,12 @@ const LINE_CONTRAST = {
   4: { border: '#5a5a78', light: '#484860' },
 };
 
+// Defaults wenn kein Custom-Override gesetzt ist.
+// Bewusst hart "weiss auf schwarz" damit man nie unsichtbar landet.
+export const DEFAULT_TEXT_COLOR = '#FFFFFF';
+export const DEFAULT_LINE_COLOR = '#3A3A52';
+export const DEFAULT_BG_COLOR   = '#000000';
+
 export function applyTheme(settings) {
   const root = document.documentElement;
   root.style.setProperty('--primary',     settings.primary_color || '#4285f4');
@@ -83,14 +89,33 @@ export function applyTheme(settings) {
   root.style.setProperty('--accent',      settings.accent_color  || '#ea4335');
   root.style.setProperty('--today-color', settings.today_color   || '#4285f4');
 
-  const tc = TEXT_CONTRAST[settings.text_contrast || 3];
-  root.style.setProperty('--text-1', tc.t1);
-  root.style.setProperty('--text-2', tc.t2);
-  root.style.setProperty('--text-3', tc.t3);
+  // Effektive Farben bestimmen (Override > Default).
+  let textColor = settings.text_color || DEFAULT_TEXT_COLOR;
+  let lineColor = settings.line_color || DEFAULT_LINE_COLOR;
+  let bgColor   = settings.bg_color   || DEFAULT_BG_COLOR;
 
-  const lc = LINE_CONTRAST[settings.line_contrast || 3];
-  root.style.setProperty('--border',       lc.border);
-  root.style.setProperty('--border-light', lc.light);
+  // Sicherheitsbremse: Wenn Schrift- und Hintergrundfarbe nicht genug
+  // Kontrast haben (passiert wenn man aus Versehen text=bg eingibt),
+  // erzwinge weiss-auf-schwarz, damit man nicht in einer unbedienbaren
+  // Seite landet.
+  if (contrastRatio(textColor, bgColor) < 2.5) {
+    textColor = DEFAULT_TEXT_COLOR;
+    bgColor   = DEFAULT_BG_COLOR;
+  }
+
+  root.style.setProperty('--text-1', textColor);
+  root.style.setProperty('--text-2', shadeHex(textColor, -0.25));
+  root.style.setProperty('--text-3', shadeHex(textColor, -0.55));
+
+  root.style.setProperty('--border',       lineColor);
+  root.style.setProperty('--border-light', shadeHex(lineColor, -0.25));
+
+  root.style.setProperty('--bg-app',     bgColor);
+  root.style.setProperty('--bg-topbar',  shadeHex(bgColor, 0.10));
+  root.style.setProperty('--bg-sidebar', shadeHex(bgColor, 0.10));
+  root.style.setProperty('--bg-surface', shadeHex(bgColor, 0.18));
+  root.style.setProperty('--bg-hover',   shadeHex(bgColor, 0.26));
+  root.style.setProperty('--bg-active',  shadeHex(bgColor, 0.40));
 
   const hh = settings.hour_height || 44;
   root.style.setProperty('--hour-h', hh + 'px');
@@ -99,9 +124,48 @@ export function applyTheme(settings) {
   root.style.setProperty('--month-label-color',   settings.month_label_color   || '#7090c0');
 }
 
+function luminance(hex) {
+  const c = (n) => {
+    const v = n / 255;
+    return v <= 0.03928 ? v / 12.92 : Math.pow((v + 0.055) / 1.055, 2.4);
+  };
+  const r = c(parseInt(hex.slice(1, 3), 16));
+  const g = c(parseInt(hex.slice(3, 5), 16));
+  const b = c(parseInt(hex.slice(5, 7), 16));
+  return 0.2126 * r + 0.7152 * g + 0.0722 * b;
+}
+function contrastRatio(c1, c2) {
+  try {
+    const l1 = luminance(c1);
+    const l2 = luminance(c2);
+    return (Math.max(l1, l2) + 0.05) / (Math.min(l1, l2) + 0.05);
+  } catch { return 21; }
+}
+
 function hexToRgba(hex, alpha) {
   const r = parseInt(hex.slice(1,3), 16);
   const g = parseInt(hex.slice(3,5), 16);
   const b = parseInt(hex.slice(5,7), 16);
   return `rgba(${r},${g},${b},${alpha})`;
 }
+
+// Brighten (positive amount) or darken (negative) a hex colour.
+// Used to derive supporting shades (sidebar bg, hover bg, secondary text…)
+// from a single user-picked colour so the whole UI stays in the same family.
+function shadeHex(hex, amount) {
+  let r = parseInt(hex.slice(1,3), 16);
+  let g = parseInt(hex.slice(3,5), 16);
+  let b = parseInt(hex.slice(5,7), 16);
+  if (amount >= 0) {
+    r = Math.round(r + (255 - r) * amount);
+    g = Math.round(g + (255 - g) * amount);
+    b = Math.round(b + (255 - b) * amount);
+  } else {
+    const a = 1 + amount; // amount is negative: e.g. -0.25 → keep 75%
+    r = Math.round(r * a);
+    g = Math.round(g * a);
+    b = Math.round(b * a);
+  }
+  const h = n => Math.max(0, Math.min(255, n)).toString(16).padStart(2, '0');
+  return '#' + h(r) + h(g) + h(b);
+}
diff --git a/frontend/js/version.js b/frontend/js/version.js
index 3fc6af0..edad6d1 100644
--- a/frontend/js/version.js
+++ b/frontend/js/version.js
@@ -1,2 +1,2 @@
 // Increment APP_VERSION with every code change
-export const APP_VERSION = 'v11';
+export const APP_VERSION = 'v44';
diff --git a/frontend/js/views/month.js b/frontend/js/views/month.js
index e213a75..4e61fa0 100644
--- a/frontend/js/views/month.js
+++ b/frontend/js/views/month.js
@@ -149,11 +149,11 @@ export function renderMonth(container, currentDate, events, onDayClick, onEventC
       if (monthChangeIdx > 0 && idx < monthChangeIdx) dividerClasses.push('month-divider-bottom');
       const dividerCls = dividerClasses.join(' ');
       const monthLabel = isFirstOfMonth
-        ? `<div class="month-marker">${monthsShort[cell.getMonth()]}</div>`
+        ? `<span class="month-marker">${monthsShort[cell.getMonth()]}</span>`
         : '';
       colsHtml += `<div class="month-col ${todayCls} ${otherCls} ${selectedCls} ${firstCls} ${dividerCls}" data-date="${key}">
-        ${monthLabel}
         <div class="cell-day ${numCls}">${cell.getDate()}</div>
+        ${monthLabel}
       </div>`;
     });
 
diff --git a/frontend/js/views/week.js b/frontend/js/views/week.js
index bc440bc..e84c0cb 100644
--- a/frontend/js/views/week.js
+++ b/frontend/js/views/week.js
@@ -63,8 +63,19 @@ export function renderWeek(container, currentDate, events, onSlotClick, onEventC
     const color = ev.color || ev.calendarColor || '#4285f4';
     const pastCls  = isPast(ev) ? 'past' : '';
     const multiCls = isMultiTimed ? 'multiday-timed' : '';
-    const cL = new Date(ev.start) < new Date(days[0]) ? 'continues-left' : '';
-    const cR = new Date(ev.end)   > (() => { const d = new Date(days[n-1]); d.setHours(24,0,0,0); return d; })() ? 'continues-right' : '';
+    // continues-left/right: compute on date-only basis for all-day events
+    let evStart = new Date(ev.start);
+    let evEnd   = new Date(ev.end);
+    if (ev.allDay) {
+      evStart.setHours(0, 0, 0, 0);
+      evEnd.setHours(0, 0, 0, 0);
+      if (evEnd > evStart) evEnd.setDate(evEnd.getDate() - 1);
+    }
+    const firstDay = new Date(days[0]);   firstDay.setHours(0, 0, 0, 0);
+    const lastDayMidnight = new Date(days[n-1]); lastDayMidnight.setHours(24, 0, 0, 0);
+    const lastDay = new Date(days[n-1]);  lastDay.setHours(0, 0, 0, 0);
+    const cL = evStart < firstDay ? 'continues-left' : '';
+    const cR = (ev.allDay ? evEnd > lastDay : evEnd > lastDayMidnight) ? 'continues-right' : '';
     const label = isMultiTimed && isSameDay(new Date(ev.start), days[colStart])
       ? `${fmtTime(new Date(ev.start))} ${ev.title}`
       : ev.title;
@@ -236,11 +247,28 @@ function renderNowLine(container, days, hourH = 60) {
 function layoutWeekAllDay(evs, days) {
   const items = [];
   evs.forEach(ev => {
+    // For all-day events, normalize to date-only with inclusive end-day
+    // (iCal stores exclusive end → subtract 1). For timed events, keep
+    // the original strict-overlap logic so events ending exactly at
+    // midnight don't bleed into the next day.
+    let ns, ne;
+    if (ev.allDay) {
+      ns = new Date(ev.start); ns.setHours(0, 0, 0, 0);
+      ne = new Date(ev.end);   ne.setHours(0, 0, 0, 0);
+      if (ne > ns) ne.setDate(ne.getDate() - 1);
+    }
+
     let colStart = -1, colEnd = -1;
     days.forEach((day, i) => {
       const ds = new Date(day); ds.setHours(0, 0, 0, 0);
-      const de = new Date(day); de.setHours(24, 0, 0, 0);
-      if (new Date(ev.start) < de && new Date(ev.end) > ds) {
+      let matches;
+      if (ev.allDay) {
+        matches = ds >= ns && ds <= ne;
+      } else {
+        const de = new Date(day); de.setHours(24, 0, 0, 0);
+        matches = new Date(ev.start) < de && new Date(ev.end) > ds;
+      }
+      if (matches) {
         if (colStart === -1) colStart = i;
         colEnd = i;
       }
diff --git a/frontend/sw.js b/frontend/sw.js
index a76f4fb..79c4d88 100644
--- a/frontend/sw.js
+++ b/frontend/sw.js
@@ -1,39 +1,21 @@
-// Calendarr Service Worker
-// Cache-first for static assets, network-first for /api/* (graceful offline)
+// Calendarr Service Worker — minimal-cache strategy
+//
+// Strategy: network-first for everything. The cache is only used as a
+// last-resort fallback when offline (so the app shell still opens). This
+// means every online request hits the network and respects the
+// server's Cache-Control headers (≤ 2h for static assets, no-cache for
+// the entry HTML / version files). New releases take effect on the next
+// reload, no manual SW unregister required.
 
-const CACHE_VERSION = 'calendarr-v11';
-const STATIC_ASSETS = [
-  '/',
-  '/index.html',
-  '/manifest.json',
-  '/static/css/app.css',
-  '/static/favicon.svg',
-  '/static/js/app.js',
-  '/static/js/api.js',
-  '/static/js/calendar.js',
-  '/static/js/color-picker.js',
-  '/static/js/date-picker.js',
-  '/static/js/i18n.js',
-  '/static/js/utils.js',
-  '/static/js/version.js',
-  '/static/js/views/agenda.js',
-  '/static/js/views/month.js',
-  '/static/js/views/quarter.js',
-  '/static/js/views/week.js',
-  '/icons/icon-192.png',
-  '/icons/icon-512.png',
-  '/icons/icon.svg',
-];
+const CACHE_VERSION  = 'calendarr-v23';
+const OFFLINE_SHELL  = ['/', '/index.html'];
 
 self.addEventListener('install', event => {
   event.waitUntil(
     caches.open(CACHE_VERSION).then(cache =>
-      // Use addAll with a fallback so a single missing file doesn't abort install
-      Promise.all(
-        STATIC_ASSETS.map(url =>
-          cache.add(url).catch(err => console.warn('[SW] skip', url, err))
-        )
-      )
+      Promise.all(OFFLINE_SHELL.map(url =>
+        cache.add(url).catch(err => console.warn('[SW] skip', url, err))
+      ))
     ).then(() => self.skipWaiting())
   );
 });
@@ -52,7 +34,8 @@ self.addEventListener('fetch', event => {
 
   const url = new URL(req.url);
 
-  // Network-first for API routes — fail silently if offline
+  // API routes: always go to the network, no offline fallback (we'd just
+  // be returning stale account/event data otherwise).
   if (url.pathname.startsWith('/api/')) {
     event.respondWith(
       fetch(req).catch(() =>
@@ -65,45 +48,29 @@ self.addEventListener('fetch', event => {
     return;
   }
 
-  // Network-first for navigation (HTML) and the version-defining files —
-  // ensures users always get the freshest entry point so new releases
-  // take effect on the next reload without a manual SW unregister.
-  const isHtml = req.mode === 'navigate'
-    || url.pathname === '/'
-    || url.pathname === '/index.html';
-  const isVersionFile = url.pathname === '/static/js/version.js';
-
-  if (isHtml || isVersionFile) {
-    event.respondWith(
-      fetch(req).then(resp => {
-        if (resp && resp.status === 200) {
-          const clone = resp.clone();
-          caches.open(CACHE_VERSION).then(c => c.put(req, clone)).catch(() => {});
-        }
-        return resp;
-      }).catch(() =>
-        caches.match(req).then(c => c || caches.match('/index.html'))
-      )
-    );
-    return;
-  }
-
-  // Cache-first for everything else (static)
+  // Everything else: network-first. The browser's HTTP cache (driven by
+  // the server's Cache-Control headers) already throttles re-fetches —
+  // the SW just makes sure offline still works for the entry HTML.
   event.respondWith(
-    caches.match(req).then(cached => {
-      if (cached) return cached;
-      return fetch(req).then(resp => {
-        // Only cache successful, basic-origin responses
-        if (resp && resp.status === 200 && resp.type === 'basic') {
-          const clone = resp.clone();
-          caches.open(CACHE_VERSION).then(c => c.put(req, clone)).catch(() => {});
-        }
-        return resp;
-      }).catch(() => {
-        // Offline fallback for navigation requests
-        if (req.mode === 'navigate') return caches.match('/index.html');
-        return new Response('', { status: 503 });
-      });
+    fetch(req).then(resp => {
+      // Keep a fresh copy of navigation requests / index.html for offline
+      const isNavigation = req.mode === 'navigate'
+        || url.pathname === '/'
+        || url.pathname === '/index.html';
+      if (isNavigation && resp && resp.status === 200) {
+        const clone = resp.clone();
+        caches.open(CACHE_VERSION).then(c => c.put(req, clone)).catch(() => {});
+      }
+      return resp;
+    }).catch(() => {
+      // Offline fallback: only the HTML shell is served from cache, so the
+      // app at least renders and can show its own offline UI.
+      if (req.mode === 'navigate'
+          || url.pathname === '/'
+          || url.pathname === '/index.html') {
+        return caches.match(req).then(c => c || caches.match('/index.html'));
+      }
+      return new Response('', { status: 503 });
     })
   );
 });
diff --git a/requirements-dev.txt b/requirements-dev.txt
new file mode 100644
index 0000000..2f21eed
--- /dev/null
+++ b/requirements-dev.txt
@@ -0,0 +1,3 @@
+-r requirements.txt
+pytest>=8.0
+httpx>=0.27