diff --git a/.env.example b/.env.example
deleted file mode 100644
index 69a0c3e..0000000
--- a/.env.example
+++ /dev/null
@@ -1,6 +0,0 @@
-PUBLIC_SUPABASE_URL=https://your-project.supabase.co
-PUBLIC_SUPABASE_ANON_KEY=your-anon-key
-
-# Google Calendar Integration (optional)
-VITE_GOOGLE_CLIENT_ID=your-google-client-id
-VITE_GOOGLE_CLIENT_SECRET=your-google-client-secret
diff --git a/src/lib/api/google-calendar.ts b/src/lib/api/google-calendar.ts
index 34044d4..8415e29 100644
--- a/src/lib/api/google-calendar.ts
+++ b/src/lib/api/google-calendar.ts
@@ -1,264 +1,100 @@
-import type { SupabaseClient } from '@supabase/supabase-js';
-import type { Database } from '$lib/supabase/types';
+// Google Calendar functions for PUBLIC calendars (no OAuth needed)
+// Just needs a Google API key and a public calendar ID
 
-const GOOGLE_CLIENT_ID = import.meta.env.VITE_GOOGLE_CLIENT_ID;
-const GOOGLE_CLIENT_SECRET = import.meta.env.VITE_GOOGLE_CLIENT_SECRET;
-
-interface GoogleTokens {
-	access_token: string;
-	refresh_token: string;
-	expires_in: number;
-}
-
-interface GoogleCalendarEvent {
+export interface GoogleCalendarEvent {
 	id: string;
 	summary: string;
 	description?: string;
 	start: { dateTime?: string; date?: string };
 	end: { dateTime?: string; date?: string };
 	colorId?: string;
+	htmlLink?: string;
 }
 
-export function getGoogleAuthUrl(redirectUri: string, state: string): string {
-	const params = new URLSearchParams({
-		client_id: GOOGLE_CLIENT_ID,
-		redirect_uri: redirectUri,
-		response_type: 'code',
-		scope: 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/calendar.events',
-		access_type: 'offline',
-		prompt: 'consent',
-		state
-	});
-	return `https://accounts.google.com/o/oauth2/v2/auth?${params}`;
-}
-
-export async function exchangeCodeForTokens(code: string, redirectUri: string): Promise<GoogleTokens> {
-	const response = await fetch('https://oauth2.googleapis.com/token', {
-		method: 'POST',
-		headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-		body: new URLSearchParams({
-			code,
-			client_id: GOOGLE_CLIENT_ID,
-			client_secret: GOOGLE_CLIENT_SECRET,
-			redirect_uri: redirectUri,
-			grant_type: 'authorization_code'
-		})
-	});
-
-	if (!response.ok) {
-		throw new Error('Failed to exchange code for tokens');
-	}
-
-	return response.json();
-}
-
-export async function refreshAccessToken(refreshToken: string): Promise<GoogleTokens> {
-	const response = await fetch('https://oauth2.googleapis.com/token', {
-		method: 'POST',
-		headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-		body: new URLSearchParams({
-			refresh_token: refreshToken,
-			client_id: GOOGLE_CLIENT_ID,
-			client_secret: GOOGLE_CLIENT_SECRET,
-			grant_type: 'refresh_token'
-		})
-	});
-
-	if (!response.ok) {
-		throw new Error('Failed to refresh access token');
+/**
+ * Extract calendar ID from various Google Calendar URL formats
+ * Supports:
+ * - Direct calendar ID (email format)
+ * - Shareable URL with cid parameter (base64 encoded)
+ * - Public URL with calendar ID in path
+ */
+export function extractCalendarId(input: string): string | null {
+	if (!input) return null;
+
+	// If it looks like an email/calendar ID already, return it
+	if (input.includes('@') && !input.includes('http')) {
+		return input.trim();
 	}
 
-	return response.json();
-}
-
-export async function getValidAccessToken(
-	supabase: SupabaseClient<Database>,
-	userId: string
-): Promise<string | null> {
-	const { data: connection } = await supabase
-		.from('google_calendar_connections')
-		.select('*')
-		.eq('user_id', userId)
-		.single();
-
-	if (!connection) return null;
-
-	const expiresAt = new Date(connection.token_expires_at);
-	const now = new Date();
+	try {
+		const url = new URL(input);
+
+		// Check for cid parameter (base64 encoded calendar ID)
+		const cid = url.searchParams.get('cid');
+		if (cid) {
+			// Decode base64 to get calendar ID
+			try {
+				return atob(cid);
+			} catch {
+				return cid; // Maybe it's not encoded
+			}
+		}
 
-	// Refresh if expires within 5 minutes
-	if (expiresAt.getTime() - now.getTime() < 5 * 60 * 1000) {
-		try {
-			const tokens = await refreshAccessToken(connection.refresh_token);
-			const newExpiresAt = new Date(Date.now() + tokens.expires_in * 1000);
+		// Check for src parameter
+		const src = url.searchParams.get('src');
+		if (src) return src;
 
-			await supabase
-				.from('google_calendar_connections')
-				.update({
-					access_token: tokens.access_token,
-					token_expires_at: newExpiresAt.toISOString(),
-					updated_at: new Date().toISOString()
-				})
-				.eq('user_id', userId);
+		// Check path for calendar ID in ical URL format
+		const icalMatch = input.match(/calendar\/ical\/([^/]+)/);
+		if (icalMatch) return decodeURIComponent(icalMatch[1]);
 
-			return tokens.access_token;
-		} catch {
-			return null;
+	} catch {
+		// Not a valid URL, maybe it's just a calendar ID
+		if (input.includes('@')) {
+			return input.trim();
 		}
 	}
 
-	return connection.access_token;
+	return null;
+}
+
+/**
+ * Generate a subscribe URL for a public Google Calendar
+ */
+export function getCalendarSubscribeUrl(calendarId: string): string {
+	const encoded = btoa(calendarId);
+	return `https://calendar.google.com/calendar/u/0?cid=${encoded}`;
 }
 
-export async function fetchGoogleCalendarEvents(
-	accessToken: string,
-	calendarId: string = 'primary',
+/**
+ * Fetch events from a PUBLIC Google Calendar
+ * Requires: Calendar must be set to "Make available to public" in Google Calendar settings
+ */
+export async function fetchPublicCalendarEvents(
+	calendarId: string,
+	apiKey: string,
 	timeMin: Date,
 	timeMax: Date
 ): Promise<GoogleCalendarEvent[]> {
 	const params = new URLSearchParams({
+		key: apiKey,
 		timeMin: timeMin.toISOString(),
 		timeMax: timeMax.toISOString(),
 		singleEvents: 'true',
-		orderBy: 'startTime'
+		orderBy: 'startTime',
+		maxResults: '250'
 	});
 
 	const response = await fetch(
-		`https://www.googleapis.com/calendar/v3/calendars/${encodeURIComponent(calendarId)}/events?${params}`,
-		{
-			headers: { Authorization: `Bearer ${accessToken}` }
-		}
+		`https://www.googleapis.com/calendar/v3/calendars/${encodeURIComponent(calendarId)}/events?${params}`
 	);
 
 	if (!response.ok) {
-		throw new Error('Failed to fetch Google Calendar events');
+		const error = await response.text();
+		console.error('Google Calendar API error:', error);
+		throw new Error('Failed to fetch calendar events. Make sure the calendar is set to public.');
 	}
 
 	const data = await response.json();
 	return data.items ?? [];
 }
-
-export async function createGoogleCalendarEvent(
-	accessToken: string,
-	calendarId: string = 'primary',
-	event: {
-		title: string;
-		description?: string;
-		startTime: string;
-		endTime: string;
-		allDay?: boolean;
-	}
-): Promise<GoogleCalendarEvent> {
-	const body: Record<string, unknown> = {
-		summary: event.title,
-		description: event.description
-	};
-
-	if (event.allDay) {
-		const startDate = event.startTime.split('T')[0];
-		const endDate = event.endTime.split('T')[0];
-		body.start = { date: startDate };
-		body.end = { date: endDate };
-	} else {
-		body.start = { dateTime: event.startTime, timeZone: Intl.DateTimeFormat().resolvedOptions().timeZone };
-		body.end = { dateTime: event.endTime, timeZone: Intl.DateTimeFormat().resolvedOptions().timeZone };
-	}
-
-	const response = await fetch(
-		`https://www.googleapis.com/calendar/v3/calendars/${encodeURIComponent(calendarId)}/events`,
-		{
-			method: 'POST',
-			headers: {
-				Authorization: `Bearer ${accessToken}`,
-				'Content-Type': 'application/json'
-			},
-			body: JSON.stringify(body)
-		}
-	);
-
-	if (!response.ok) {
-		throw new Error('Failed to create Google Calendar event');
-	}
-
-	return response.json();
-}
-
-export async function updateGoogleCalendarEvent(
-	accessToken: string,
-	calendarId: string = 'primary',
-	eventId: string,
-	event: {
-		title: string;
-		description?: string;
-		startTime: string;
-		endTime: string;
-		allDay?: boolean;
-	}
-): Promise<GoogleCalendarEvent> {
-	const body: Record<string, unknown> = {
-		summary: event.title,
-		description: event.description
-	};
-
-	if (event.allDay) {
-		const startDate = event.startTime.split('T')[0];
-		const endDate = event.endTime.split('T')[0];
-		body.start = { date: startDate };
-		body.end = { date: endDate };
-	} else {
-		body.start = { dateTime: event.startTime, timeZone: Intl.DateTimeFormat().resolvedOptions().timeZone };
-		body.end = { dateTime: event.endTime, timeZone: Intl.DateTimeFormat().resolvedOptions().timeZone };
-	}
-
-	const response = await fetch(
-		`https://www.googleapis.com/calendar/v3/calendars/${encodeURIComponent(calendarId)}/events/${eventId}`,
-		{
-			method: 'PUT',
-			headers: {
-				Authorization: `Bearer ${accessToken}`,
-				'Content-Type': 'application/json'
-			},
-			body: JSON.stringify(body)
-		}
-	);
-
-	if (!response.ok) {
-		throw new Error('Failed to update Google Calendar event');
-	}
-
-	return response.json();
-}
-
-export async function deleteGoogleCalendarEvent(
-	accessToken: string,
-	calendarId: string = 'primary',
-	eventId: string
-): Promise<void> {
-	const response = await fetch(
-		`https://www.googleapis.com/calendar/v3/calendars/${encodeURIComponent(calendarId)}/events/${eventId}`,
-		{
-			method: 'DELETE',
-			headers: { Authorization: `Bearer ${accessToken}` }
-		}
-	);
-
-	if (!response.ok && response.status !== 404) {
-		throw new Error('Failed to delete Google Calendar event');
-	}
-}
-
-export async function listGoogleCalendars(accessToken: string): Promise<{ id: string; summary: string }[]> {
-	const response = await fetch('https://www.googleapis.com/calendar/v3/users/me/calendarList', {
-		headers: { Authorization: `Bearer ${accessToken}` }
-	});
-
-	if (!response.ok) {
-		throw new Error('Failed to list calendars');
-	}
-
-	const data = await response.json();
-	return (data.items ?? []).map((cal: { id: string; summary: string }) => ({
-		id: cal.id,
-		summary: cal.summary
-	}));
-}
diff --git a/src/routes/[orgSlug]/+layout.server.ts b/src/routes/[orgSlug]/+layout.server.ts
index 5b4a0c5..e2d4e3a 100644
--- a/src/routes/[orgSlug]/+layout.server.ts
+++ b/src/routes/[orgSlug]/+layout.server.ts
@@ -31,6 +31,7 @@ export const load: LayoutServerLoad = async ({ params, locals }) => {
 
 	return {
 		org,
-		role: membership.role
+		role: membership.role,
+		userRole: membership.role
 	};
 };
diff --git a/src/routes/[orgSlug]/+layout.svelte b/src/routes/[orgSlug]/+layout.svelte
index 223eddb..38368a1 100644
--- a/src/routes/[orgSlug]/+layout.svelte
+++ b/src/routes/[orgSlug]/+layout.svelte
@@ -6,13 +6,18 @@
 		data: {
 			org: { id: string; name: string; slug: string };
 			role: string;
+			userRole: string;
 		};
 		children: Snippet;
 	}
 
 	let { data, children }: Props = $props();
 
-	const navItems = [
+	const isAdmin = $derived(
+		data.userRole === "owner" || data.userRole === "admin",
+	);
+
+	const navItems = $derived([
 		{ href: `/${data.org.slug}`, label: "Overview", icon: "home" },
 		{
 			href: `/${data.org.slug}/documents`,
@@ -25,12 +30,17 @@
 			label: "Calendar",
 			icon: "calendar",
 		},
-		{
-			href: `/${data.org.slug}/settings`,
-			label: "Settings",
-			icon: "settings",
-		},
-	];
+		// Only show settings for admins
+		...(isAdmin
+			? [
+					{
+						href: `/${data.org.slug}/settings`,
+						label: "Settings",
+						icon: "settings",
+					},
+				]
+			: []),
+	]);
 
 	function isActive(href: string): boolean {
 		return $page.url.pathname === href;
diff --git a/src/routes/[orgSlug]/calendar/+page.server.ts b/src/routes/[orgSlug]/calendar/+page.server.ts
index 765ac5e..8b805b4 100644
--- a/src/routes/[orgSlug]/calendar/+page.server.ts
+++ b/src/routes/[orgSlug]/calendar/+page.server.ts
@@ -1,7 +1,7 @@
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ parent, locals }) => {
-	const { org } = await parent();
+	const { org, userRole } = await parent();
 	const { supabase } = locals;
 
 	// Fetch events for current month ± 1 month
@@ -18,6 +18,7 @@ export const load: PageServerLoad = async ({ parent, locals }) => {
 		.order('start_time');
 
 	return {
-		events: events ?? []
+		events: events ?? [],
+		userRole
 	};
 };
diff --git a/src/routes/[orgSlug]/calendar/+page.svelte b/src/routes/[orgSlug]/calendar/+page.svelte
index 02462c4..f9e5421 100644
--- a/src/routes/[orgSlug]/calendar/+page.svelte
+++ b/src/routes/[orgSlug]/calendar/+page.svelte
@@ -1,8 +1,12 @@
 <script lang="ts">
-	import { getContext } from "svelte";
+	import { getContext, onMount } from "svelte";
 	import { Button, Modal, Input, Textarea } from "$lib/components/ui";
 	import { Calendar } from "$lib/components/calendar";
 	import { createEvent } from "$lib/api/calendar";
+	import {
+		getCalendarSubscribeUrl,
+		type GoogleCalendarEvent,
+	} from "$lib/api/google-calendar";
 	import type { CalendarEvent } from "$lib/supabase/types";
 	import type { SupabaseClient } from "@supabase/supabase-js";
 	import type { Database } from "$lib/supabase/types";
@@ -12,6 +16,7 @@
 			org: { id: string; name: string; slug: string };
 			events: CalendarEvent[];
 			user: { id: string } | null;
+			userRole?: string;
 		};
 	}
 
@@ -20,6 +25,17 @@
 	const supabase = getContext<SupabaseClient<Database>>("supabase");
 
 	let events = $state(data.events);
+	let googleEvents = $state<CalendarEvent[]>([]);
+	let isOrgCalendarConnected = $state(false);
+	let isLoadingGoogle = $state(false);
+	let orgCalendarId = $state<string | null>(null);
+	let orgCalendarName = $state<string | null>(null);
+
+	const isAdmin = $derived(
+		data.userRole === "owner" || data.userRole === "admin",
+	);
+
+	const allEvents = $derived([...events, ...googleEvents]);
 	let showCreateModal = $state(false);
 	let showEventModal = $state(false);
 	let selectedEvent = $state<CalendarEvent | null>(null);
@@ -103,11 +119,100 @@
 		const end = new Date(event.end_time);
 		return `${start.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" })} - ${end.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" })}`;
 	}
+
+	onMount(async () => {
+		await loadGoogleCalendarEvents();
+	});
+
+	async function loadGoogleCalendarEvents() {
+		isLoadingGoogle = true;
+		try {
+			const res = await fetch(
+				`/api/google-calendar/events?org_id=${data.org.id}`,
+			);
+			const result = await res.json();
+
+			// Check if calendar is connected (even if no events)
+			if (res.ok && result.calendar_id) {
+				isOrgCalendarConnected = true;
+				orgCalendarId = result.calendar_id;
+				orgCalendarName = result.calendar_name;
+
+				if (result.events && result.events.length > 0) {
+					googleEvents = result.events.map(
+						(ge: GoogleCalendarEvent) => ({
+							id: `google-${ge.id}`,
+							org_id: data.org.id,
+							title: ge.summary || "(No title)",
+							description: ge.description ?? null,
+							start_time:
+								ge.start.dateTime ||
+								`${ge.start.date}T00:00:00`,
+							end_time:
+								ge.end.dateTime || `${ge.end.date}T23:59:59`,
+							all_day: !ge.start.dateTime,
+							color: "#4285f4",
+							recurrence: null,
+							created_by: data.user?.id ?? "",
+							created_at: new Date().toISOString(),
+						}),
+					) as CalendarEvent[];
+				}
+			} else if (result.error) {
+				console.error("Calendar API error:", result.error);
+			}
+		} catch (e) {
+			console.error("Failed to load Google events:", e);
+		}
+		isLoadingGoogle = false;
+	}
+
+	function subscribeToCalendar() {
+		if (!orgCalendarId) return;
+		const url = getCalendarSubscribeUrl(orgCalendarId);
+		window.open(url, "_blank");
+	}
 </script>
 
 <div class="p-6 h-full overflow-auto">
 	<header class="flex items-center justify-between mb-6">
-		<h1 class="text-2xl font-bold text-light">Calendar</h1>
+		<div class="flex items-center gap-4">
+			<h1 class="text-2xl font-bold text-light">Calendar</h1>
+			{#if isOrgCalendarConnected}
+				<div class="flex items-center gap-2">
+					<span
+						class="flex items-center gap-2 px-3 py-1.5 text-sm bg-blue-500/10 text-blue-400 rounded-lg"
+					>
+						<svg class="w-4 h-4" viewBox="0 0 24 24">
+							<path
+								fill="currentColor"
+								d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+							/>
+						</svg>
+						{orgCalendarName ?? "Google Calendar"}
+						{#if isLoadingGoogle}
+							<span class="animate-spin">⟳</span>
+						{/if}
+					</span>
+					<button
+						class="flex items-center gap-2 px-3 py-1.5 text-sm bg-green-500/10 text-green-400 rounded-lg hover:bg-green-500/20 transition-colors"
+						onclick={subscribeToCalendar}
+						title="Add to your Google Calendar"
+					>
+						<svg
+							class="w-4 h-4"
+							viewBox="0 0 24 24"
+							fill="none"
+							stroke="currentColor"
+							stroke-width="2"
+						>
+							<path d="M12 5v14M5 12h14" />
+						</svg>
+						Subscribe
+					</button>
+				</div>
+			{/if}
+		</div>
 		<Button onclick={() => (showCreateModal = true)}>
 			<svg
 				class="w-4 h-4 mr-2"
@@ -124,7 +229,7 @@
 	</header>
 
 	<Calendar
-		{events}
+		events={allEvents}
 		onDateClick={handleDateClick}
 		onEventClick={handleEventClick}
 	/>
@@ -208,32 +313,130 @@
 	title={selectedEvent?.title ?? "Event"}
 >
 	{#if selectedEvent}
-		<div class="space-y-3">
-			<div class="flex items-center gap-2">
+		<div class="space-y-4">
+			<!-- Date and Time -->
+			<div class="flex items-start gap-3">
 				<div
-					class="w-3 h-3 rounded-full"
-					style="background-color: {selectedEvent.color ?? '#6366f1'}"
-				></div>
-				<span class="text-light/70"
-					>{formatEventTime(selectedEvent)}</span
+					class="w-8 h-8 rounded-lg bg-light/10 flex items-center justify-center flex-shrink-0"
 				>
+					<svg
+						class="w-4 h-4 text-light/70"
+						viewBox="0 0 24 24"
+						fill="none"
+						stroke="currentColor"
+						stroke-width="2"
+					>
+						<rect
+							x="3"
+							y="4"
+							width="18"
+							height="18"
+							rx="2"
+							ry="2"
+						/>
+						<line x1="16" y1="2" x2="16" y2="6" />
+						<line x1="8" y1="2" x2="8" y2="6" />
+						<line x1="3" y1="10" x2="21" y2="10" />
+					</svg>
+				</div>
+				<div>
+					<p class="text-light font-medium">
+						{new Date(selectedEvent.start_time).toLocaleDateString(
+							undefined,
+							{
+								weekday: "long",
+								year: "numeric",
+								month: "long",
+								day: "numeric",
+							},
+						)}
+					</p>
+					<p class="text-light/60 text-sm">
+						{formatEventTime(selectedEvent)}
+					</p>
+				</div>
 			</div>
 
+			<!-- Description -->
 			{#if selectedEvent.description}
-				<p class="text-light/80">{selectedEvent.description}</p>
+				<div class="flex items-start gap-3">
+					<div
+						class="w-8 h-8 rounded-lg bg-light/10 flex items-center justify-center flex-shrink-0"
+					>
+						<svg
+							class="w-4 h-4 text-light/70"
+							viewBox="0 0 24 24"
+							fill="none"
+							stroke="currentColor"
+							stroke-width="2"
+						>
+							<line x1="17" y1="10" x2="3" y2="10" />
+							<line x1="21" y1="6" x2="3" y2="6" />
+							<line x1="21" y1="14" x2="3" y2="14" />
+							<line x1="17" y1="18" x2="3" y2="18" />
+						</svg>
+					</div>
+					<p class="text-light/80 text-sm whitespace-pre-wrap">
+						{selectedEvent.description}
+					</p>
+				</div>
 			{/if}
 
-			<p class="text-xs text-light/40">
-				{new Date(selectedEvent.start_time).toLocaleDateString(
-					undefined,
-					{
-						weekday: "long",
-						year: "numeric",
-						month: "long",
-						day: "numeric",
-					},
-				)}
-			</p>
+			<!-- Color indicator -->
+			<div class="flex items-center gap-3">
+				<div
+					class="w-8 h-8 rounded-lg bg-light/10 flex items-center justify-center flex-shrink-0"
+				>
+					<div
+						class="w-4 h-4 rounded-full"
+						style="background-color: {selectedEvent.color ??
+							'#6366f1'}"
+					></div>
+				</div>
+				<span class="text-light/60 text-sm">
+					{selectedEvent.id.startsWith("google-")
+						? "Google Calendar Event"
+						: "Local Event"}
+				</span>
+			</div>
+
+			<!-- Google Calendar link -->
+			{#if selectedEvent.id.startsWith("google-") && orgCalendarId}
+				<div class="pt-3 border-t border-light/10">
+					<a
+						href="https://calendar.google.com/calendar/u/0/r/eventedit/{selectedEvent.id.replace(
+							'google-',
+							'',
+						)}?cid={encodeURIComponent(orgCalendarId)}"
+						target="_blank"
+						rel="noopener noreferrer"
+						class="inline-flex items-center gap-2 px-4 py-2 text-sm bg-blue-500/20 text-blue-400 rounded-lg hover:bg-blue-500/30 transition-colors"
+					>
+						<svg class="w-4 h-4" viewBox="0 0 24 24">
+							<path
+								fill="currentColor"
+								d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+							/>
+							<path
+								fill="currentColor"
+								d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
+							/>
+							<path
+								fill="currentColor"
+								d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
+							/>
+							<path
+								fill="currentColor"
+								d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
+							/>
+						</svg>
+						Open in Google Calendar
+					</a>
+					<p class="text-xs text-light/40 mt-2">
+						Edit this event directly in Google Calendar
+					</p>
+				</div>
+			{/if}
 		</div>
 	{/if}
 </Modal>
diff --git a/src/routes/[orgSlug]/settings/+page.server.ts b/src/routes/[orgSlug]/settings/+page.server.ts
new file mode 100644
index 0000000..96ffb68
--- /dev/null
+++ b/src/routes/[orgSlug]/settings/+page.server.ts
@@ -0,0 +1,61 @@
+import { redirect } from '@sveltejs/kit';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async ({ parent, locals }) => {
+	const { org, userRole } = await parent();
+
+	// Only admins and owners can access settings
+	if (userRole !== 'owner' && userRole !== 'admin') {
+		redirect(303, `/${(org as any).slug}`);
+	}
+
+	const orgId = (org as any).id;
+
+	// Get org members with profiles
+	const { data: members } = await locals.supabase
+		.from('org_members')
+		.select(`
+			id,
+			user_id,
+			role,
+			role_id,
+			created_at,
+			profiles:user_id (
+				id,
+				email,
+				full_name,
+				avatar_url
+			)
+		`)
+		.eq('org_id', orgId);
+
+	// Get org roles
+	const { data: roles } = await locals.supabase
+		.from('org_roles')
+		.select('*')
+		.eq('org_id', orgId)
+		.order('position');
+
+	// Get pending invites
+	const { data: invites } = await locals.supabase
+		.from('org_invites')
+		.select('*')
+		.eq('org_id', orgId)
+		.is('accepted_at', null)
+		.gt('expires_at', new Date().toISOString());
+
+	// Get org Google Calendar connection
+	const { data: orgCalendar } = await locals.supabase
+		.from('org_google_calendars')
+		.select('*')
+		.eq('org_id', orgId)
+		.single();
+
+	return {
+		members: members ?? [],
+		roles: roles ?? [],
+		invites: invites ?? [],
+		orgCalendar,
+		userRole
+	};
+};
diff --git a/src/routes/[orgSlug]/settings/+page.svelte b/src/routes/[orgSlug]/settings/+page.svelte
new file mode 100644
index 0000000..542c853
--- /dev/null
+++ b/src/routes/[orgSlug]/settings/+page.svelte
@@ -0,0 +1,1160 @@
+<script lang="ts">
+	import { getContext, onMount } from "svelte";
+	import { page } from "$app/stores";
+	import { invalidateAll } from "$app/navigation";
+	import { Button, Modal, Card, Input } from "$lib/components/ui";
+	import {
+		extractCalendarId,
+		getCalendarSubscribeUrl,
+	} from "$lib/api/google-calendar";
+	import type { SupabaseClient } from "@supabase/supabase-js";
+	import type { Database } from "$lib/supabase/types";
+
+	interface OrgCalendar {
+		id: string;
+		org_id: string;
+		calendar_id: string;
+		calendar_name: string | null;
+	}
+
+	interface Member {
+		id: string;
+		user_id: string;
+		role: string;
+		role_id: string | null;
+		created_at: string;
+		profiles: {
+			id: string;
+			email: string;
+			full_name: string | null;
+			avatar_url: string | null;
+		};
+	}
+
+	interface OrgRole {
+		id: string;
+		org_id: string;
+		name: string;
+		color: string;
+		permissions: string[];
+		is_default: boolean;
+		is_system: boolean;
+		position: number;
+	}
+
+	interface Invite {
+		id: string;
+		email: string;
+		role: string;
+		role_id: string | null;
+		token: string;
+		expires_at: string;
+		created_at: string;
+	}
+
+	interface Props {
+		data: {
+			org: { id: string; name: string; slug: string };
+			user: { id: string; email?: string } | null;
+			userRole: string;
+			members: Member[];
+			roles: OrgRole[];
+			invites: Invite[];
+			orgCalendar: OrgCalendar | null;
+		};
+	}
+
+	let { data }: Props = $props();
+
+	const supabase = getContext<SupabaseClient<Database>>("supabase");
+
+	// Active tab
+	let activeTab = $state<"general" | "members" | "roles" | "integrations">(
+		"general",
+	);
+
+	// General settings state
+	let orgName = $state(data.org.name);
+	let orgSlug = $state(data.org.slug);
+	let isSavingGeneral = $state(false);
+
+	// Members state
+	let members = $state<Member[]>(data.members as Member[]);
+	let showInviteModal = $state(false);
+	let inviteEmail = $state("");
+	let inviteRole = $state("editor");
+	let invites = $state<Invite[]>(data.invites as Invite[]);
+	let isSendingInvite = $state(false);
+	let showMemberModal = $state(false);
+	let selectedMember = $state<Member | null>(null);
+	let selectedMemberRole = $state("");
+
+	// Roles state
+	let roles = $state<OrgRole[]>(data.roles as OrgRole[]);
+	let showRoleModal = $state(false);
+	let editingRole = $state<OrgRole | null>(null);
+	let newRoleName = $state("");
+	let newRoleColor = $state("#6366f1");
+	let newRolePermissions = $state<string[]>([]);
+	let isSavingRole = $state(false);
+
+	// Google Calendar state
+	let orgCalendar = $state<OrgCalendar | null>(
+		data.orgCalendar as OrgCalendar | null,
+	);
+	let showConnectModal = $state(false);
+	let isLoading = $state(false);
+
+	const isOwner = $derived(data.userRole === "owner");
+
+	const permissionGroups = [
+		{
+			name: "Documents",
+			permissions: [
+				"documents.view",
+				"documents.create",
+				"documents.edit",
+				"documents.delete",
+			],
+		},
+		{
+			name: "Kanban",
+			permissions: [
+				"kanban.view",
+				"kanban.create",
+				"kanban.edit",
+				"kanban.delete",
+			],
+		},
+		{
+			name: "Calendar",
+			permissions: [
+				"calendar.view",
+				"calendar.create",
+				"calendar.edit",
+				"calendar.delete",
+			],
+		},
+		{
+			name: "Members",
+			permissions: [
+				"members.view",
+				"members.invite",
+				"members.manage",
+				"members.remove",
+			],
+		},
+		{
+			name: "Roles",
+			permissions: [
+				"roles.view",
+				"roles.create",
+				"roles.edit",
+				"roles.delete",
+			],
+		},
+		{ name: "Settings", permissions: ["settings.view", "settings.edit"] },
+	];
+
+	const roleColors = [
+		{ value: "#ef4444", label: "Red" },
+		{ value: "#f59e0b", label: "Amber" },
+		{ value: "#10b981", label: "Emerald" },
+		{ value: "#3b82f6", label: "Blue" },
+		{ value: "#6366f1", label: "Indigo" },
+		{ value: "#8b5cf6", label: "Violet" },
+		{ value: "#ec4899", label: "Pink" },
+		{ value: "#6b7280", label: "Gray" },
+	];
+
+	onMount(async () => {
+		// Open integrations tab if redirected from calendar setup
+		if ($page.url.searchParams.get("setup_org") === "true") {
+			showConnectModal = true;
+			activeTab = "integrations";
+		}
+	});
+
+	// General settings functions
+	async function saveGeneralSettings() {
+		isSavingGeneral = true;
+		const { error } = await supabase
+			.from("organizations")
+			.update({ name: orgName, slug: orgSlug })
+			.eq("id", data.org.id);
+
+		if (!error && orgSlug !== data.org.slug) {
+			window.location.href = `/${orgSlug}/settings`;
+		}
+		isSavingGeneral = false;
+	}
+
+	// Member functions
+	async function sendInvite() {
+		if (!inviteEmail.trim()) return;
+		isSendingInvite = true;
+
+		const { data: invite, error } = await supabase
+			.from("org_invites")
+			.insert({
+				org_id: data.org.id,
+				email: inviteEmail.toLowerCase().trim(),
+				role: inviteRole,
+				invited_by: data.user!.id,
+			})
+			.select()
+			.single();
+
+		if (!error && invite) {
+			invites = [...invites, invite as Invite];
+			inviteEmail = "";
+			showInviteModal = false;
+		}
+		isSendingInvite = false;
+	}
+
+	async function cancelInvite(inviteId: string) {
+		await supabase.from("org_invites").delete().eq("id", inviteId);
+		invites = invites.filter((i) => i.id !== inviteId);
+	}
+
+	function openMemberModal(member: Member) {
+		selectedMember = member;
+		selectedMemberRole = member.role;
+		showMemberModal = true;
+	}
+
+	async function updateMemberRole() {
+		if (!selectedMember) return;
+		await supabase
+			.from("org_members")
+			.update({ role: selectedMemberRole })
+			.eq("id", selectedMember.id);
+
+		members = members.map((m) =>
+			m.id === selectedMember!.id
+				? { ...m, role: selectedMemberRole }
+				: m,
+		);
+		showMemberModal = false;
+	}
+
+	async function removeMember() {
+		if (!selectedMember) return;
+		if (
+			!confirm(
+				`Remove ${selectedMember.profiles.full_name || selectedMember.profiles.email} from the organization?`,
+			)
+		)
+			return;
+
+		await supabase.from("org_members").delete().eq("id", selectedMember.id);
+		members = members.filter((m) => m.id !== selectedMember!.id);
+		showMemberModal = false;
+	}
+
+	// Role functions
+	function openRoleModal(role?: OrgRole) {
+		if (role) {
+			editingRole = role;
+			newRoleName = role.name;
+			newRoleColor = role.color;
+			newRolePermissions = [...role.permissions];
+		} else {
+			editingRole = null;
+			newRoleName = "";
+			newRoleColor = "#6366f1";
+			newRolePermissions = [
+				"documents.view",
+				"kanban.view",
+				"calendar.view",
+				"members.view",
+			];
+		}
+		showRoleModal = true;
+	}
+
+	async function saveRole() {
+		if (!newRoleName.trim()) return;
+		isSavingRole = true;
+
+		if (editingRole) {
+			const { error } = await supabase
+				.from("org_roles")
+				.update({
+					name: newRoleName,
+					color: newRoleColor,
+					permissions: newRolePermissions,
+				})
+				.eq("id", editingRole.id);
+
+			if (!error) {
+				roles = roles.map((r) =>
+					r.id === editingRole!.id
+						? {
+								...r,
+								name: newRoleName,
+								color: newRoleColor,
+								permissions: newRolePermissions,
+							}
+						: r,
+				);
+			}
+		} else {
+			const { data: role, error } = await supabase
+				.from("org_roles")
+				.insert({
+					org_id: data.org.id,
+					name: newRoleName,
+					color: newRoleColor,
+					permissions: newRolePermissions,
+					position: roles.length,
+				})
+				.select()
+				.single();
+
+			if (!error && role) {
+				roles = [...roles, role as OrgRole];
+			}
+		}
+
+		showRoleModal = false;
+		isSavingRole = false;
+	}
+
+	async function deleteRole(role: OrgRole) {
+		if (role.is_system) return;
+		if (
+			!confirm(
+				`Delete role "${role.name}"? Members with this role will need to be reassigned.`,
+			)
+		)
+			return;
+
+		await supabase.from("org_roles").delete().eq("id", role.id);
+		roles = roles.filter((r) => r.id !== role.id);
+	}
+
+	function togglePermission(perm: string) {
+		if (newRolePermissions.includes(perm)) {
+			newRolePermissions = newRolePermissions.filter((p) => p !== perm);
+		} else {
+			newRolePermissions = [...newRolePermissions, perm];
+		}
+	}
+
+	// Google Calendar functions (simplified - public calendars only)
+	let calendarUrlInput = $state("");
+	let calendarError = $state<string | null>(null);
+
+	async function handleSaveOrgCalendar() {
+		if (!data.user || !calendarUrlInput.trim()) return;
+		isLoading = true;
+		calendarError = null;
+
+		// Extract calendar ID from URL or use as-is
+		const calendarId = extractCalendarId(calendarUrlInput.trim());
+
+		if (!calendarId) {
+			calendarError =
+				"Invalid calendar URL or ID. Please paste a Google Calendar share URL or calendar ID.";
+			isLoading = false;
+			return;
+		}
+
+		// Extract a readable name from the calendar ID
+		let calendarName = "Google Calendar";
+		if (calendarId.includes("@group.calendar.google.com")) {
+			// For group calendars, the name is usually the first part (hash) - not useful
+			// So we'll just call it "Shared Calendar"
+			calendarName = "Shared Calendar";
+		} else if (calendarId.includes("@gmail.com")) {
+			calendarName = calendarId.split("@")[0] + "'s Calendar";
+		}
+
+		// Save to database
+		const { data: newCal, error } = await supabase
+			.from("org_google_calendars")
+			.upsert(
+				{
+					org_id: data.org.id,
+					calendar_id: calendarId,
+					calendar_name: calendarName,
+					connected_by: data.user.id,
+				},
+				{ onConflict: "org_id" },
+			)
+			.select()
+			.single();
+
+		if (error) {
+			calendarError = "Failed to save calendar.";
+		} else if (newCal) {
+			orgCalendar = newCal as OrgCalendar;
+			calendarUrlInput = "";
+		}
+
+		showConnectModal = false;
+		isLoading = false;
+	}
+
+	async function disconnectOrgCalendar() {
+		if (!confirm("Disconnect Google Calendar?")) return;
+		await supabase
+			.from("org_google_calendars")
+			.delete()
+			.eq("org_id", data.org.id);
+		orgCalendar = null;
+	}
+
+	async function deleteOrganization() {
+		if (!isOwner) return;
+		const confirmText = prompt(
+			`Type "${data.org.name}" to confirm deletion:`,
+		);
+		if (confirmText !== data.org.name) return;
+
+		await supabase.from("organizations").delete().eq("id", data.org.id);
+		window.location.href = "/";
+	}
+</script>
+
+<div class="p-6 h-full overflow-auto">
+	<header class="mb-6">
+		<h1 class="text-2xl font-bold text-light">Settings</h1>
+		<p class="text-light/50 mt-1">Manage {data.org.name}</p>
+	</header>
+
+	<!-- Tabs -->
+	<div class="flex gap-1 mb-6 border-b border-light/10">
+		<button
+			class="px-4 py-2 text-sm font-medium transition-colors {activeTab ===
+			'general'
+				? 'text-primary border-b-2 border-primary'
+				: 'text-light/50 hover:text-light'}"
+			onclick={() => (activeTab = "general")}>General</button
+		>
+		<button
+			class="px-4 py-2 text-sm font-medium transition-colors {activeTab ===
+			'members'
+				? 'text-primary border-b-2 border-primary'
+				: 'text-light/50 hover:text-light'}"
+			onclick={() => (activeTab = "members")}>Members</button
+		>
+		<button
+			class="px-4 py-2 text-sm font-medium transition-colors {activeTab ===
+			'roles'
+				? 'text-primary border-b-2 border-primary'
+				: 'text-light/50 hover:text-light'}"
+			onclick={() => (activeTab = "roles")}>Roles</button
+		>
+		<button
+			class="px-4 py-2 text-sm font-medium transition-colors {activeTab ===
+			'integrations'
+				? 'text-primary border-b-2 border-primary'
+				: 'text-light/50 hover:text-light'}"
+			onclick={() => (activeTab = "integrations")}>Integrations</button
+		>
+	</div>
+
+	<!-- General Tab -->
+	{#if activeTab === "general"}
+		<div class="space-y-6 max-w-2xl">
+			<Card>
+				<div class="p-6">
+					<h2 class="text-lg font-semibold text-light mb-4">
+						Organization Details
+					</h2>
+
+					<div class="space-y-4">
+						<div>
+							<label
+								for="org-name"
+								class="block text-sm font-medium text-light mb-1"
+								>Name</label
+							>
+							<input
+								id="org-name"
+								type="text"
+								bind:value={orgName}
+								class="w-full px-3 py-2 bg-dark border border-light/20 rounded-lg text-light focus:outline-none focus:border-primary"
+							/>
+						</div>
+						<div>
+							<label
+								for="org-slug"
+								class="block text-sm font-medium text-light mb-1"
+								>URL Slug</label
+							>
+							<div class="flex items-center gap-2">
+								<span class="text-light/40 text-sm"
+									>yoursite.com/</span
+								>
+								<input
+									id="org-slug"
+									type="text"
+									bind:value={orgSlug}
+									class="flex-1 px-3 py-2 bg-dark border border-light/20 rounded-lg text-light font-mono text-sm focus:outline-none focus:border-primary"
+								/>
+							</div>
+							<p class="text-xs text-light/40 mt-1">
+								Changing the slug will update all URLs for this
+								organization.
+							</p>
+						</div>
+						<div class="pt-2">
+							<Button
+								onclick={saveGeneralSettings}
+								loading={isSavingGeneral}>Save Changes</Button
+							>
+						</div>
+					</div>
+				</div>
+			</Card>
+
+			{#if isOwner}
+				<Card>
+					<div class="p-6 border-l-4 border-error">
+						<h2 class="text-lg font-semibold text-error">
+							Danger Zone
+						</h2>
+						<p class="text-sm text-light/50 mt-1">
+							Permanently delete this organization and all its
+							data.
+						</p>
+						<div class="mt-4">
+							<Button
+								variant="danger"
+								onclick={deleteOrganization}
+								>Delete Organization</Button
+							>
+						</div>
+					</div>
+				</Card>
+			{/if}
+		</div>
+	{/if}
+
+	<!-- Members Tab -->
+	{#if activeTab === "members"}
+		<div class="space-y-6">
+			<div class="flex items-center justify-between">
+				<h2 class="text-lg font-semibold text-light">
+					Team Members ({members.length})
+				</h2>
+				<Button onclick={() => (showInviteModal = true)}>
+					<svg
+						class="w-4 h-4 mr-2"
+						viewBox="0 0 24 24"
+						fill="none"
+						stroke="currentColor"
+						stroke-width="2"
+					>
+						<path
+							d="M16 21v-2a4 4 0 0 0-4-4H6a4 4 0 0 0-4 4v2"
+						/><circle cx="9" cy="7" r="4" /><line
+							x1="19"
+							y1="8"
+							x2="19"
+							y2="14"
+						/><line x1="22" y1="11" x2="16" y2="11" />
+					</svg>
+					Invite Member
+				</Button>
+			</div>
+
+			<!-- Pending Invites -->
+			{#if invites.length > 0}
+				<Card>
+					<div class="p-4">
+						<h3 class="text-sm font-medium text-light/70 mb-3">
+							Pending Invites
+						</h3>
+						<div class="space-y-2">
+							{#each invites as invite}
+								<div
+									class="flex items-center justify-between py-2 px-3 bg-light/5 rounded-lg"
+								>
+									<div>
+										<p class="text-light">{invite.email}</p>
+										<p class="text-xs text-light/40">
+											Invited as {invite.role} • Expires {new Date(
+												invite.expires_at,
+											).toLocaleDateString()}
+										</p>
+									</div>
+									<div class="flex items-center gap-2">
+										<button
+											class="text-xs text-light/50 hover:text-light"
+											onclick={() =>
+												navigator.clipboard.writeText(
+													`${window.location.origin}/invite/${invite.token}`,
+												)}>Copy Link</button
+										>
+										<button
+											class="text-xs text-error hover:text-error/80"
+											onclick={() =>
+												cancelInvite(invite.id)}
+											>Cancel</button
+										>
+									</div>
+								</div>
+							{/each}
+						</div>
+					</div>
+				</Card>
+			{/if}
+
+			<!-- Members List -->
+			<Card>
+				<div class="divide-y divide-light/10">
+					{#each members as member}
+						<div
+							class="flex items-center justify-between p-4 hover:bg-light/5 transition-colors"
+						>
+							<div class="flex items-center gap-3">
+								<div
+									class="w-10 h-10 rounded-full bg-primary/20 flex items-center justify-center text-primary font-medium"
+								>
+									{(member.profiles.full_name ||
+										member.profiles.email ||
+										"?")[0].toUpperCase()}
+								</div>
+								<div>
+									<p class="text-light font-medium">
+										{member.profiles.full_name || "No name"}
+									</p>
+									<p class="text-sm text-light/50">
+										{member.profiles.email}
+									</p>
+								</div>
+							</div>
+							<div class="flex items-center gap-3">
+								<span
+									class="px-2 py-1 text-xs rounded-full capitalize"
+									style="background-color: {roles.find(
+										(r) =>
+											r.name.toLowerCase() ===
+											member.role,
+									)?.color ??
+										'#6366f1'}20; color: {roles.find(
+										(r) =>
+											r.name.toLowerCase() ===
+											member.role,
+									)?.color ?? '#6366f1'}">{member.role}</span
+								>
+								{#if member.user_id !== data.user?.id && member.role !== "owner"}
+									<button
+										class="text-sm text-light/50 hover:text-light"
+										onclick={() => openMemberModal(member)}
+										>Edit</button
+									>
+								{/if}
+							</div>
+						</div>
+					{/each}
+				</div>
+			</Card>
+		</div>
+	{/if}
+
+	<!-- Roles Tab -->
+	{#if activeTab === "roles"}
+		<div class="space-y-6">
+			<div class="flex items-center justify-between">
+				<div>
+					<h2 class="text-lg font-semibold text-light">Roles</h2>
+					<p class="text-sm text-light/50">
+						Create custom roles with specific permissions.
+					</p>
+				</div>
+				<Button onclick={() => openRoleModal()}>
+					<svg
+						class="w-4 h-4 mr-2"
+						viewBox="0 0 24 24"
+						fill="none"
+						stroke="currentColor"
+						stroke-width="2"
+					>
+						<path d="M12 5v14M5 12h14" />
+					</svg>
+					Create Role
+				</Button>
+			</div>
+
+			<div class="grid gap-4">
+				{#each roles as role}
+					<Card>
+						<div class="p-4">
+							<div class="flex items-center justify-between mb-3">
+								<div class="flex items-center gap-3">
+									<div
+										class="w-3 h-3 rounded-full"
+										style="background-color: {role.color}"
+									></div>
+									<span class="font-medium text-light"
+										>{role.name}</span
+									>
+									{#if role.is_system}
+										<span
+											class="text-xs text-light/40 bg-light/10 px-2 py-0.5 rounded"
+											>System</span
+										>
+									{/if}
+									{#if role.is_default}
+										<span
+											class="text-xs text-primary bg-primary/10 px-2 py-0.5 rounded"
+											>Default</span
+										>
+									{/if}
+								</div>
+								<div class="flex items-center gap-2">
+									{#if !role.is_system || role.name !== "Owner"}
+										<button
+											class="text-sm text-light/50 hover:text-light"
+											onclick={() => openRoleModal(role)}
+											>Edit</button
+										>
+									{/if}
+									{#if !role.is_system}
+										<button
+											class="text-sm text-error/70 hover:text-error"
+											onclick={() => deleteRole(role)}
+											>Delete</button
+										>
+									{/if}
+								</div>
+							</div>
+							<div class="flex flex-wrap gap-1">
+								{#if role.permissions.includes("*")}
+									<span
+										class="text-xs bg-light/10 text-light/70 px-2 py-1 rounded"
+										>All Permissions</span
+									>
+								{:else}
+									{#each role.permissions.slice(0, 6) as perm}
+										<span
+											class="text-xs bg-light/10 text-light/50 px-2 py-1 rounded"
+											>{perm}</span
+										>
+									{/each}
+									{#if role.permissions.length > 6}
+										<span class="text-xs text-light/40"
+											>+{role.permissions.length - 6} more</span
+										>
+									{/if}
+								{/if}
+							</div>
+						</div>
+					</Card>
+				{/each}
+			</div>
+		</div>
+	{/if}
+
+	<!-- Integrations Tab -->
+	{#if activeTab === "integrations"}
+		<div class="space-y-6 max-w-2xl">
+			<Card>
+				<div class="p-6">
+					<div class="flex items-start gap-4">
+						<div
+							class="w-12 h-12 bg-white rounded-lg flex items-center justify-center"
+						>
+							<svg class="w-8 h-8" viewBox="0 0 24 24">
+								<path
+									fill="#4285F4"
+									d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+								/>
+								<path
+									fill="#34A853"
+									d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
+								/>
+								<path
+									fill="#FBBC05"
+									d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
+								/>
+								<path
+									fill="#EA4335"
+									d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
+								/>
+							</svg>
+						</div>
+						<div class="flex-1">
+							<h3 class="text-lg font-semibold text-light">
+								Google Calendar
+							</h3>
+							<p class="text-sm text-light/50 mt-1">
+								Share a Google Calendar with all organization
+								members.
+							</p>
+
+							{#if orgCalendar}
+								<div
+									class="mt-4 p-3 bg-green-500/10 border border-green-500/20 rounded-lg"
+								>
+									<div
+										class="flex flex-col sm:flex-row sm:items-center justify-between gap-3 p-3 bg-green-500/10 rounded-lg"
+									>
+										<div class="min-w-0 flex-1">
+											<p
+												class="text-sm font-medium text-green-400"
+											>
+												Connected
+											</p>
+											<p class="text-light font-medium">
+												{orgCalendar.calendar_name ||
+													"Google Calendar"}
+											</p>
+											<p
+												class="text-xs text-light/50 truncate"
+												title={orgCalendar.calendar_id}
+											>
+												{orgCalendar.calendar_id
+													.length > 40
+													? orgCalendar.calendar_id.slice(
+															0,
+															40,
+														) + "..."
+													: orgCalendar.calendar_id}
+											</p>
+										</div>
+										<Button
+											variant="danger"
+											size="sm"
+											onclick={disconnectOrgCalendar}
+											>Disconnect</Button
+										>
+									</div>
+								</div>
+							{:else}
+								<div class="mt-4">
+									<Button
+										onclick={() =>
+											(showConnectModal = true)}
+										>Connect Google Calendar</Button
+									>
+								</div>
+							{/if}
+						</div>
+					</div>
+				</div>
+			</Card>
+
+			<Card>
+				<div class="p-6 opacity-50">
+					<div class="flex items-start gap-4">
+						<div
+							class="w-12 h-12 bg-[#7289da] rounded-lg flex items-center justify-center"
+						>
+							<svg
+								class="w-7 h-7 text-white"
+								viewBox="0 0 24 24"
+								fill="currentColor"
+							>
+								<path
+									d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515a.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0a12.64 12.64 0 0 0-.617-1.25a.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057a19.9 19.9 0 0 0 5.993 3.03a.078.078 0 0 0 .084-.028a14.09 14.09 0 0 0 1.226-1.994a.076.076 0 0 0-.041-.106a13.107 13.107 0 0 1-1.872-.892a.077.077 0 0 1-.008-.128a10.2 10.2 0 0 0 .372-.292a.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127a12.299 12.299 0 0 1-1.873.892a.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028a19.839 19.839 0 0 0 6.002-3.03a.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419c0-1.333.956-2.419 2.157-2.419c1.21 0 2.176 1.096 2.157 2.42c0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419c0-1.333.955-2.419 2.157-2.419c1.21 0 2.176 1.096 2.157 2.42c0 1.333-.946 2.418-2.157 2.418z"
+								/>
+							</svg>
+						</div>
+						<div class="flex-1">
+							<h3 class="text-lg font-semibold text-light">
+								Discord
+							</h3>
+							<p class="text-sm text-light/50 mt-1">
+								Get notifications in your Discord server.
+							</p>
+							<p class="text-xs text-light/40 mt-2">
+								Coming soon
+							</p>
+						</div>
+					</div>
+				</div>
+			</Card>
+
+			<Card>
+				<div class="p-6 opacity-50">
+					<div class="flex items-start gap-4">
+						<div
+							class="w-12 h-12 bg-[#4A154B] rounded-lg flex items-center justify-center"
+						>
+							<svg
+								class="w-7 h-7 text-white"
+								viewBox="0 0 24 24"
+								fill="currentColor"
+							>
+								<path
+									d="M5.042 15.165a2.528 2.528 0 0 1-2.52 2.523A2.528 2.528 0 0 1 0 15.165a2.527 2.527 0 0 1 2.522-2.52h2.52v2.52zM6.313 15.165a2.527 2.527 0 0 1 2.521-2.52a2.527 2.527 0 0 1 2.521 2.52v6.313A2.528 2.528 0 0 1 8.834 24a2.528 2.528 0 0 1-2.521-2.522v-6.313zM8.834 5.042a2.528 2.528 0 0 1-2.521-2.52A2.528 2.528 0 0 1 8.834 0a2.528 2.528 0 0 1 2.521 2.522v2.52H8.834zM8.834 6.313a2.528 2.528 0 0 1 2.521 2.521a2.528 2.528 0 0 1-2.521 2.521H2.522A2.528 2.528 0 0 1 0 8.834a2.528 2.528 0 0 1 2.522-2.521h6.312zM18.956 8.834a2.528 2.528 0 0 1 2.522-2.521A2.528 2.528 0 0 1 24 8.834a2.528 2.528 0 0 1-2.522 2.521h-2.522V8.834zM17.688 8.834a2.528 2.528 0 0 1-2.523 2.521a2.527 2.527 0 0 1-2.52-2.521V2.522A2.527 2.527 0 0 1 15.165 0a2.528 2.528 0 0 1 2.523 2.522v6.312zM15.165 18.956a2.528 2.528 0 0 1 2.523 2.522A2.528 2.528 0 0 1 15.165 24a2.527 2.527 0 0 1-2.52-2.522v-2.522h2.52zM15.165 17.688a2.527 2.527 0 0 1-2.52-2.523a2.526 2.526 0 0 1 2.52-2.52h6.313A2.527 2.527 0 0 1 24 15.165a2.528 2.528 0 0 1-2.522 2.523h-6.313z"
+								/>
+							</svg>
+						</div>
+						<div class="flex-1">
+							<h3 class="text-lg font-semibold text-light">
+								Slack
+							</h3>
+							<p class="text-sm text-light/50 mt-1">
+								Get notifications in your Slack workspace.
+							</p>
+							<p class="text-xs text-light/40 mt-2">
+								Coming soon
+							</p>
+						</div>
+					</div>
+				</div>
+			</Card>
+		</div>
+	{/if}
+</div>
+
+<!-- Invite Member Modal -->
+<Modal
+	isOpen={showInviteModal}
+	onClose={() => (showInviteModal = false)}
+	title="Invite Member"
+>
+	<div class="space-y-4">
+		<div>
+			<label
+				for="invite-email"
+				class="block text-sm font-medium text-light mb-1"
+				>Email address</label
+			>
+			<input
+				id="invite-email"
+				type="email"
+				bind:value={inviteEmail}
+				placeholder="colleague@example.com"
+				class="w-full px-3 py-2 bg-dark border border-light/20 rounded-lg text-light focus:outline-none focus:border-primary"
+			/>
+		</div>
+		<div>
+			<label
+				for="invite-role"
+				class="block text-sm font-medium text-light mb-1">Role</label
+			>
+			<select
+				id="invite-role"
+				bind:value={inviteRole}
+				class="w-full px-3 py-2 bg-dark border border-light/20 rounded-lg text-light focus:outline-none focus:border-primary"
+			>
+				<option value="viewer">Viewer - Can view content</option>
+				<option value="commenter"
+					>Commenter - Can view and comment</option
+				>
+				<option value="editor"
+					>Editor - Can create and edit content</option
+				>
+				<option value="admin"
+					>Admin - Can manage members and settings</option
+				>
+			</select>
+		</div>
+		<div class="flex justify-end gap-2 pt-2">
+			<Button variant="ghost" onclick={() => (showInviteModal = false)}
+				>Cancel</Button
+			>
+			<Button
+				onclick={sendInvite}
+				loading={isSendingInvite}
+				disabled={!inviteEmail.trim()}>Send Invite</Button
+			>
+		</div>
+	</div>
+</Modal>
+
+<!-- Edit Member Modal -->
+<Modal
+	isOpen={showMemberModal}
+	onClose={() => (showMemberModal = false)}
+	title="Edit Member"
+>
+	{#if selectedMember}
+		<div class="space-y-4">
+			<div class="flex items-center gap-3 p-3 bg-light/5 rounded-lg">
+				<div
+					class="w-10 h-10 rounded-full bg-primary/20 flex items-center justify-center text-primary font-medium"
+				>
+					{(selectedMember.profiles.full_name ||
+						selectedMember.profiles.email ||
+						"?")[0].toUpperCase()}
+				</div>
+				<div>
+					<p class="text-light font-medium">
+						{selectedMember.profiles.full_name || "No name"}
+					</p>
+					<p class="text-sm text-light/50">
+						{selectedMember.profiles.email}
+					</p>
+				</div>
+			</div>
+			<div>
+				<label
+					for="member-role"
+					class="block text-sm font-medium text-light mb-1"
+					>Role</label
+				>
+				<select
+					id="member-role"
+					bind:value={selectedMemberRole}
+					class="w-full px-3 py-2 bg-dark border border-light/20 rounded-lg text-light focus:outline-none focus:border-primary"
+				>
+					<option value="viewer">Viewer</option>
+					<option value="commenter">Commenter</option>
+					<option value="editor">Editor</option>
+					<option value="admin">Admin</option>
+				</select>
+			</div>
+			<div class="flex items-center justify-between pt-2">
+				<Button variant="danger" onclick={removeMember}
+					>Remove from Org</Button
+				>
+				<div class="flex gap-2">
+					<Button
+						variant="ghost"
+						onclick={() => (showMemberModal = false)}>Cancel</Button
+					>
+					<Button onclick={updateMemberRole}>Save</Button>
+				</div>
+			</div>
+		</div>
+	{/if}
+</Modal>
+
+<!-- Edit/Create Role Modal -->
+<Modal
+	isOpen={showRoleModal}
+	onClose={() => (showRoleModal = false)}
+	title={editingRole ? "Edit Role" : "Create Role"}
+>
+	<div class="space-y-4">
+		<div>
+			<label
+				for="role-name"
+				class="block text-sm font-medium text-light mb-1">Name</label
+			>
+			<input
+				id="role-name"
+				type="text"
+				bind:value={newRoleName}
+				placeholder="e.g., Moderator"
+				class="w-full px-3 py-2 bg-dark border border-light/20 rounded-lg text-light focus:outline-none focus:border-primary"
+				disabled={editingRole?.is_system}
+			/>
+		</div>
+		<div>
+			<label class="block text-sm font-medium text-light mb-2"
+				>Color</label
+			>
+			<div class="flex gap-2">
+				{#each roleColors as color}
+					<button
+						type="button"
+						class="w-8 h-8 rounded-full transition-transform {newRoleColor ===
+						color.value
+							? 'ring-2 ring-white scale-110'
+							: ''}"
+						style="background-color: {color.value}"
+						onclick={() => (newRoleColor = color.value)}
+						title={color.label}
+					></button>
+				{/each}
+			</div>
+		</div>
+		<div>
+			<label class="block text-sm font-medium text-light mb-2"
+				>Permissions</label
+			>
+			<div class="space-y-3 max-h-64 overflow-y-auto">
+				{#each permissionGroups as group}
+					<div class="p-3 bg-light/5 rounded-lg">
+						<p class="text-sm font-medium text-light mb-2">
+							{group.name}
+						</p>
+						<div class="grid grid-cols-2 gap-2">
+							{#each group.permissions as perm}
+								<label
+									class="flex items-center gap-2 text-sm text-light/70 cursor-pointer"
+								>
+									<input
+										type="checkbox"
+										checked={newRolePermissions.includes(
+											perm,
+										)}
+										onchange={() => togglePermission(perm)}
+										class="rounded"
+									/>
+									{perm.split(".")[1]}
+								</label>
+							{/each}
+						</div>
+					</div>
+				{/each}
+			</div>
+		</div>
+		<div class="flex justify-end gap-2 pt-2">
+			<Button variant="ghost" onclick={() => (showRoleModal = false)}
+				>Cancel</Button
+			>
+			<Button
+				onclick={saveRole}
+				loading={isSavingRole}
+				disabled={!newRoleName.trim()}
+				>{editingRole ? "Save" : "Create"}</Button
+			>
+		</div>
+	</div>
+</Modal>
+
+<!-- Connect Calendar Modal -->
+<Modal
+	isOpen={showConnectModal}
+	onClose={() => (showConnectModal = false)}
+	title="Connect Public Google Calendar"
+>
+	<div class="space-y-4">
+		<p class="text-sm text-light/70">
+			Paste your Google Calendar's shareable link or calendar ID. The
+			calendar must be set to <strong>public</strong> in Google Calendar settings.
+		</p>
+
+		<div class="p-3 bg-blue-500/10 rounded-lg text-sm">
+			<p class="text-blue-400 font-medium mb-2">
+				How to get your calendar link:
+			</p>
+			<ol
+				class="list-decimal list-inside text-light/70 space-y-1 text-xs"
+			>
+				<li>Open Google Calendar</li>
+				<li>Click the 3 dots next to your calendar → Settings</li>
+				<li>
+					Under "Access permissions", check "Make available to public"
+				</li>
+				<li>
+					Scroll to "Integrate calendar" and copy the Calendar ID or
+					Public URL
+				</li>
+			</ol>
+		</div>
+
+		<Input
+			label="Calendar URL or ID"
+			bind:value={calendarUrlInput}
+			placeholder="Paste calendar URL or ID (e.g., abc123@group.calendar.google.com)"
+		/>
+
+		{#if calendarError}
+			<p class="text-red-400 text-sm">{calendarError}</p>
+		{/if}
+
+		<div class="flex justify-end gap-2 pt-2">
+			<Button variant="ghost" onclick={() => (showConnectModal = false)}
+				>Cancel</Button
+			>
+			<Button
+				onclick={handleSaveOrgCalendar}
+				loading={isLoading}
+				disabled={!calendarUrlInput.trim()}>Connect</Button
+			>
+		</div>
+	</div>
+</Modal>
diff --git a/src/routes/api/google-calendar/callback/+server.ts b/src/routes/api/google-calendar/callback/+server.ts
deleted file mode 100644
index 2ae92eb..0000000
--- a/src/routes/api/google-calendar/callback/+server.ts
+++ /dev/null
@@ -1,43 +0,0 @@
-import { redirect } from '@sveltejs/kit';
-import type { RequestHandler } from './$types';
-import { exchangeCodeForTokens } from '$lib/api/google-calendar';
-
-export const GET: RequestHandler = async ({ url, locals }) => {
-	const code = url.searchParams.get('code');
-	const stateParam = url.searchParams.get('state');
-	const error = url.searchParams.get('error');
-
-	if (error || !code || !stateParam) {
-		redirect(303, '/?error=google_auth_failed');
-	}
-
-	let state: { orgSlug: string; userId: string };
-	try {
-		state = JSON.parse(decodeURIComponent(stateParam));
-	} catch {
-		redirect(303, '/?error=invalid_state');
-	}
-
-	const redirectUri = `${url.origin}/api/google-calendar/callback`;
-
-	try {
-		const tokens = await exchangeCodeForTokens(code, redirectUri);
-		const expiresAt = new Date(Date.now() + tokens.expires_in * 1000);
-
-		// Store tokens in database
-		await locals.supabase
-			.from('google_calendar_connections')
-			.upsert({
-				user_id: state.userId,
-				access_token: tokens.access_token,
-				refresh_token: tokens.refresh_token,
-				token_expires_at: expiresAt.toISOString(),
-				updated_at: new Date().toISOString()
-			}, { onConflict: 'user_id' });
-
-		redirect(303, `/${state.orgSlug}/calendar?connected=true`);
-	} catch (err) {
-		console.error('Google Calendar OAuth error:', err);
-		redirect(303, `/${state.orgSlug}/calendar?error=token_exchange_failed`);
-	}
-};
diff --git a/src/routes/api/google-calendar/connect/+server.ts b/src/routes/api/google-calendar/connect/+server.ts
deleted file mode 100644
index 76294ce..0000000
--- a/src/routes/api/google-calendar/connect/+server.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-import { redirect } from '@sveltejs/kit';
-import type { RequestHandler } from './$types';
-import { getGoogleAuthUrl } from '$lib/api/google-calendar';
-
-export const GET: RequestHandler = async ({ url, locals }) => {
-	const { session } = await locals.safeGetSession();
-	
-	if (!session) {
-		redirect(303, '/login');
-	}
-
-	const orgSlug = url.searchParams.get('org');
-	if (!orgSlug) {
-		redirect(303, '/');
-	}
-
-	const redirectUri = `${url.origin}/api/google-calendar/callback`;
-	const state = JSON.stringify({ orgSlug, userId: session.user.id });
-	const authUrl = getGoogleAuthUrl(redirectUri, encodeURIComponent(state));
-
-	redirect(303, authUrl);
-};
diff --git a/src/routes/api/google-calendar/events/+server.ts b/src/routes/api/google-calendar/events/+server.ts
new file mode 100644
index 0000000..22078f4
--- /dev/null
+++ b/src/routes/api/google-calendar/events/+server.ts
@@ -0,0 +1,60 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { GOOGLE_API_KEY } from '$env/static/private';
+import { fetchPublicCalendarEvents } from '$lib/api/google-calendar';
+
+// Fetch events from a public Google Calendar
+export const GET: RequestHandler = async ({ url, locals }) => {
+	const orgId = url.searchParams.get('org_id');
+
+	if (!orgId) {
+		return json({ error: 'org_id required' }, { status: 400 });
+	}
+
+	if (!GOOGLE_API_KEY) {
+		return json({ error: 'Google API key not configured' }, { status: 500 });
+	}
+
+	try {
+		// Get the org's calendar ID from database
+		const { data: orgCal, error: dbError } = await locals.supabase
+			.from('org_google_calendars')
+			.select('calendar_id, calendar_name')
+			.eq('org_id', orgId)
+			.single();
+
+		if (dbError) {
+			console.error('DB error fetching calendar:', dbError);
+			return json({ error: 'No calendar connected', events: [] }, { status: 404 });
+		}
+
+		if (!orgCal) {
+			return json({ error: 'No calendar connected', events: [] }, { status: 404 });
+		}
+
+		console.log('Fetching events for calendar:', (orgCal as any).calendar_id);
+
+		// Fetch events for the next 3 months
+		const now = new Date();
+		const timeMin = new Date(now.getFullYear(), now.getMonth() - 1, 1);
+		const timeMax = new Date(now.getFullYear(), now.getMonth() + 3, 0);
+
+		const events = await fetchPublicCalendarEvents(
+			(orgCal as any).calendar_id,
+			GOOGLE_API_KEY,
+			timeMin,
+			timeMax
+		);
+
+		console.log('Fetched', events.length, 'events');
+
+		return json({
+			events,
+			calendar_id: (orgCal as any).calendar_id,
+			calendar_name: (orgCal as any).calendar_name
+		});
+	} catch (err) {
+		console.error('Failed to fetch calendar events:', err);
+		return json({ error: 'Failed to fetch events. Make sure the calendar is public.', events: [] }, { status: 500 });
+	}
+};
diff --git a/supabase/migrations/004_org_google_calendar.sql b/supabase/migrations/004_org_google_calendar.sql
new file mode 100644
index 0000000..1b67e96
--- /dev/null
+++ b/supabase/migrations/004_org_google_calendar.sql
@@ -0,0 +1,37 @@
+-- Organization-level Google Calendar (shared across all members)
+
+CREATE TABLE IF NOT EXISTS org_google_calendars (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  org_id UUID REFERENCES organizations(id) ON DELETE CASCADE UNIQUE,
+  calendar_id TEXT NOT NULL, -- Google Calendar ID (e.g., "abc123@group.calendar.google.com")
+  calendar_name TEXT,
+  connected_by UUID REFERENCES auth.users(id),
+  access_token TEXT NOT NULL,
+  refresh_token TEXT NOT NULL,
+  token_expires_at TIMESTAMPTZ NOT NULL,
+  created_at TIMESTAMPTZ DEFAULT now(),
+  updated_at TIMESTAMPTZ DEFAULT now()
+);
+
+-- Index
+CREATE INDEX IF NOT EXISTS idx_org_google_calendars_org ON org_google_calendars(org_id);
+
+-- RLS
+ALTER TABLE org_google_calendars ENABLE ROW LEVEL SECURITY;
+
+-- All org members can view the org calendar connection
+CREATE POLICY "Org members can view org calendar" ON org_google_calendars 
+  FOR SELECT USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_google_calendars.org_id 
+    AND om.user_id = auth.uid()
+  ));
+
+-- Only admins/owners can manage org calendar
+CREATE POLICY "Admins can manage org calendar" ON org_google_calendars 
+  FOR ALL USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_google_calendars.org_id 
+    AND om.user_id = auth.uid() 
+    AND om.role IN ('owner', 'admin')
+  ));
diff --git a/supabase/migrations/005_roles_and_invites.sql b/supabase/migrations/005_roles_and_invites.sql
new file mode 100644
index 0000000..9ae5467
--- /dev/null
+++ b/supabase/migrations/005_roles_and_invites.sql
@@ -0,0 +1,177 @@
+-- Custom Roles and Invite System
+
+-- Permission types (similar to Google Drive)
+-- viewer: Can view content
+-- commenter: Can view and comment
+-- editor: Can view, comment, and edit content
+-- admin: Can manage members and settings
+-- owner: Full control
+
+-- Custom roles table (allows vanity roles with custom permissions)
+CREATE TABLE IF NOT EXISTS org_roles (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  org_id UUID REFERENCES organizations(id) ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  color TEXT DEFAULT '#6366f1', -- For vanity display
+  permissions JSONB NOT NULL DEFAULT '[]'::jsonb,
+  is_default BOOLEAN DEFAULT false, -- If this is a default role for new members
+  is_system BOOLEAN DEFAULT false, -- System roles can't be deleted
+  position INTEGER DEFAULT 0, -- For ordering
+  created_at TIMESTAMPTZ DEFAULT now(),
+  updated_at TIMESTAMPTZ DEFAULT now(),
+  UNIQUE(org_id, name)
+);
+
+-- Available permissions
+COMMENT ON COLUMN org_roles.permissions IS 'Array of permission strings: 
+  documents.view, documents.create, documents.edit, documents.delete,
+  kanban.view, kanban.create, kanban.edit, kanban.delete,
+  calendar.view, calendar.create, calendar.edit, calendar.delete,
+  members.view, members.invite, members.manage, members.remove,
+  roles.view, roles.create, roles.edit, roles.delete,
+  settings.view, settings.edit,
+  org.delete';
+
+-- Update org_members to reference custom roles
+ALTER TABLE org_members ADD COLUMN IF NOT EXISTS role_id UUID REFERENCES org_roles(id);
+
+-- Organization invites
+CREATE TABLE IF NOT EXISTS org_invites (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  org_id UUID REFERENCES organizations(id) ON DELETE CASCADE,
+  email TEXT NOT NULL,
+  role_id UUID REFERENCES org_roles(id),
+  role TEXT DEFAULT 'viewer', -- Fallback if no custom role
+  invited_by UUID REFERENCES auth.users(id),
+  token TEXT UNIQUE NOT NULL DEFAULT encode(gen_random_bytes(32), 'hex'),
+  expires_at TIMESTAMPTZ DEFAULT (now() + interval '7 days'),
+  accepted_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ DEFAULT now(),
+  UNIQUE(org_id, email)
+);
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_org_roles_org ON org_roles(org_id);
+CREATE INDEX IF NOT EXISTS idx_org_invites_org ON org_invites(org_id);
+CREATE INDEX IF NOT EXISTS idx_org_invites_token ON org_invites(token);
+CREATE INDEX IF NOT EXISTS idx_org_invites_email ON org_invites(email);
+
+-- RLS for org_roles
+ALTER TABLE org_roles ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "Org members can view roles" ON org_roles FOR SELECT
+  USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_roles.org_id AND om.user_id = auth.uid()
+  ));
+
+CREATE POLICY "Admins can manage roles" ON org_roles FOR ALL
+  USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_roles.org_id 
+    AND om.user_id = auth.uid() 
+    AND om.role IN ('owner', 'admin')
+  ));
+
+-- RLS for org_invites
+ALTER TABLE org_invites ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "Org members can view invites" ON org_invites FOR SELECT
+  USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_invites.org_id AND om.user_id = auth.uid()
+  ));
+
+CREATE POLICY "Admins can manage invites" ON org_invites FOR ALL
+  USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_invites.org_id 
+    AND om.user_id = auth.uid() 
+    AND om.role IN ('owner', 'admin')
+  ));
+
+-- Anyone can view invite by token (for accepting)
+CREATE POLICY "Anyone can view invite by token" ON org_invites FOR SELECT
+  USING (true);
+
+-- Function to create default roles for new org
+CREATE OR REPLACE FUNCTION create_default_org_roles()
+RETURNS TRIGGER AS $$
+BEGIN
+  -- Owner role (full permissions)
+  INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+  (NEW.id, 'Owner', '#ef4444', '["*"]'::jsonb, true, 0);
+  
+  -- Admin role
+  INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+  (NEW.id, 'Admin', '#f59e0b', '[
+    "documents.view", "documents.create", "documents.edit", "documents.delete",
+    "kanban.view", "kanban.create", "kanban.edit", "kanban.delete",
+    "calendar.view", "calendar.create", "calendar.edit", "calendar.delete",
+    "members.view", "members.invite", "members.manage",
+    "roles.view", "settings.view", "settings.edit"
+  ]'::jsonb, true, 1);
+  
+  -- Editor role
+  INSERT INTO org_roles (org_id, name, color, permissions, is_system, is_default, position) VALUES
+  (NEW.id, 'Editor', '#10b981', '[
+    "documents.view", "documents.create", "documents.edit",
+    "kanban.view", "kanban.create", "kanban.edit",
+    "calendar.view", "calendar.create", "calendar.edit",
+    "members.view"
+  ]'::jsonb, true, true, 2);
+  
+  -- Commenter role
+  INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+  (NEW.id, 'Commenter', '#6366f1', '[
+    "documents.view",
+    "kanban.view",
+    "calendar.view",
+    "members.view"
+  ]'::jsonb, true, 3);
+  
+  -- Viewer role
+  INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+  (NEW.id, 'Viewer', '#8b5cf6', '[
+    "documents.view",
+    "kanban.view",
+    "calendar.view",
+    "members.view"
+  ]'::jsonb, true, 4);
+  
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to create default roles
+DROP TRIGGER IF EXISTS on_org_created_create_roles ON organizations;
+CREATE TRIGGER on_org_created_create_roles
+  AFTER INSERT ON organizations
+  FOR EACH ROW EXECUTE FUNCTION create_default_org_roles();
+
+-- Insert default roles for existing organizations
+DO $$
+DECLARE
+  org RECORD;
+BEGIN
+  FOR org IN SELECT id FROM organizations LOOP
+    -- Only insert if no roles exist
+    IF NOT EXISTS (SELECT 1 FROM org_roles WHERE org_id = org.id) THEN
+      -- Owner role
+      INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+      (org.id, 'Owner', '#ef4444', '["*"]'::jsonb, true, 0);
+      -- Admin role
+      INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+      (org.id, 'Admin', '#f59e0b', '["documents.view", "documents.create", "documents.edit", "documents.delete", "kanban.view", "kanban.create", "kanban.edit", "kanban.delete", "calendar.view", "calendar.create", "calendar.edit", "calendar.delete", "members.view", "members.invite", "members.manage", "roles.view", "settings.view", "settings.edit"]'::jsonb, true, 1);
+      -- Editor role
+      INSERT INTO org_roles (org_id, name, color, permissions, is_system, is_default, position) VALUES
+      (org.id, 'Editor', '#10b981', '["documents.view", "documents.create", "documents.edit", "kanban.view", "kanban.create", "kanban.edit", "calendar.view", "calendar.create", "calendar.edit", "members.view"]'::jsonb, true, true, 2);
+      -- Commenter role
+      INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+      (org.id, 'Commenter', '#6366f1', '["documents.view", "kanban.view", "calendar.view", "members.view"]'::jsonb, true, 3);
+      -- Viewer role
+      INSERT INTO org_roles (org_id, name, color, permissions, is_system, position) VALUES
+      (org.id, 'Viewer', '#8b5cf6', '["documents.view", "kanban.view", "calendar.view", "members.view"]'::jsonb, true, 4);
+    END IF;
+  END LOOP;
+END $$;
diff --git a/supabase/migrations/006_simplify_google_calendar.sql b/supabase/migrations/006_simplify_google_calendar.sql
new file mode 100644
index 0000000..336f526
--- /dev/null
+++ b/supabase/migrations/006_simplify_google_calendar.sql
@@ -0,0 +1,44 @@
+-- Simplify Google Calendar integration to use public calendars only
+-- No OAuth needed - just store calendar ID and fetch with API key
+
+-- Drop the old OAuth-based table
+DROP TABLE IF EXISTS org_google_calendars CASCADE;
+DROP TABLE IF EXISTS google_calendar_connections CASCADE;
+
+-- Create simplified org calendar table
+CREATE TABLE IF NOT EXISTS org_google_calendars (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  org_id UUID REFERENCES organizations(id) ON DELETE CASCADE UNIQUE,
+  calendar_id TEXT NOT NULL, -- The public calendar ID (email format)
+  calendar_name TEXT, -- Display name
+  connected_by UUID REFERENCES auth.users(id),
+  created_at TIMESTAMPTZ DEFAULT now(),
+  updated_at TIMESTAMPTZ DEFAULT now()
+);
+
+-- RLS policies
+ALTER TABLE org_google_calendars ENABLE ROW LEVEL SECURITY;
+
+-- Members can view org calendar
+CREATE POLICY "Members can view org calendar" ON org_google_calendars
+  FOR SELECT USING (
+    EXISTS (
+      SELECT 1 FROM org_members
+      WHERE org_members.org_id = org_google_calendars.org_id
+      AND org_members.user_id = auth.uid()
+    )
+  );
+
+-- Admins/owners can manage org calendar
+CREATE POLICY "Admins can manage org calendar" ON org_google_calendars
+  FOR ALL USING (
+    EXISTS (
+      SELECT 1 FROM org_members
+      WHERE org_members.org_id = org_google_calendars.org_id
+      AND org_members.user_id = auth.uid()
+      AND org_members.role IN ('admin', 'owner')
+    )
+  );
+
+-- Enable realtime
+ALTER PUBLICATION supabase_realtime ADD TABLE org_google_calendars;