feat(automatic-exchange-rate): track unsuccessful runs

feat: add late section to monthly and all views (w/ default ordering)
fix(dca): strategy api endpoint returns nothing
2026-01-12 04:10:29 +01:00 · 2026-01-10 14:10:21 -03:00 · 2026-01-10 02:52:46 -03:00 · 2026-01-09 23:51:31 -03:00 · 2026-01-09 23:25:13 -03:00 · 2025-12-30 21:59:29 -03:00
458 changed files with 66509 additions and 19196 deletions
--- a/.env.example
+++ b/.env.example
@@ -10,6 +10,11 @@ SECRET_KEY=<GENERATE A SAFE SECRET KEY AND PLACE IT HERE>
 DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]
 OUTBOUND_PORT=9005

+# Uncomment these variables to automatically create an admin account using these credentials on startup.
+# After your first successfull login you can remove these variables from your file for safety reasons.
+#ADMIN_EMAIL=<ENTER YOUR EMAIL>
+#ADMIN_PASSWORD=<YOUR SAFE PASSWORD>
+
 SQL_DATABASE=wygiwyh
 SQL_USER=wygiwyh
 SQL_PASSWORD=<INSERT A SAFE PASSWORD HERE>
@@ -26,3 +31,10 @@ ENABLE_SOFT_DELETE=false
 KEEP_DELETED_TRANSACTIONS_FOR=365

 TASK_WORKERS=1 # This only work if you're using the single container option. Increase to have more open queues via procrastinate, you probably don't need to increase this.
+
+# OIDC Configuration. Uncomment the lines below if you want to add OIDC login to your instance
+#OIDC_CLIENT_NAME=""
+#OIDC_CLIENT_ID=""
+#OIDC_CLIENT_SECRET=""
+#OIDC_SERVER_URL=""
+#OIDC_ALLOW_SIGNUP=true
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: eitchtee
+custom: ["https://www.paypal.com/donate/?hosted_button_id=FFWM4W9NQDMM6"]
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@ on:
        required: true
        type: string
      ref:
-        description: 'Git ref to checkout (branch, tag, or SHA)'
+        description: 'Git ref to checkout'
        required: true
        default: 'main'
        type: string
@@ -20,78 +20,66 @@ on:
 env:
  IMAGE_NAME: wygiwyh

+concurrency:
+  group: release
+  cancel-in-progress: false
+
 jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
+      packages: write # Needed if you switch to GHCR, good practice

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
-          ref: ${{ github.event.inputs.ref }}
-        if: github.event_name == 'workflow_dispatch'
-
-      - name: Checkout code (non-manual)
-        uses: actions/checkout@v4
-        if: github.event_name != 'workflow_dispatch'
+          ref: ${{ inputs.ref || github.ref }}

      - name: Log in to Docker Hub
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

+      # This action handles all the logic for tags (nightly vs release vs custom)
+      - name: Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Logic for Push to Main -> nightly
+            type=raw,value=nightly,enable=${{ github.event_name == 'push' }}
+            # Logic for Release -> semver and latest
+            type=semver,pattern={{version}},enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            # Logic for Manual Dispatch -> custom input
+            type=raw,value=${{ inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' }}
+
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

-      - name: Build and push nightly image
-        if: github.event_name == 'push'
+      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./docker/prod/django/Dockerfile
          push: true
          provenance: false
+          # Pass the calculated tags from the meta step
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
-            VERSION=nightly
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:nightly
+            VERSION=${{ steps.meta.outputs.version }}
          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max

-      - name: Build and push release image
-        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./docker/prod/django/Dockerfile
-          push: true
-          provenance: false
-          build-args: |
-            VERSION=${{ github.event.release.tag_name }}
-          tags: |
-            ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push custom image
-        if: github.event_name == 'workflow_dispatch'
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./docker/prod/django/Dockerfile
-          push: true
-          provenance: false
-          build-args: |
-            VERSION=${{ github.event.inputs.tag }}
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.tag }}
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          # --- CACHE CONFIGURATION ---
+          # We set a specific 'scope' key.
+          # This allows the Release tag to see the cache created by the Main branch.
+          cache-from: type=gha,scope=build-cache
+          cache-to: type=gha,mode=max,scope=build-cache
--- a/.github/workflows/translations.yml
+++ b/.github/workflows/translations.yml
@@ -0,0 +1,72 @@
+name: Django Translation Update
+
+on:
+  push:
+    branches: [ main ]
+  # Add manual trigger
+  workflow_dispatch:
+    inputs:
+      reason:
+        description: 'Reason for running'
+        required: false
+        default: 'Manual update of translation files'
+
+# Ensure only one translation job runs at a time
+concurrency:
+  group: django-translations
+  cancel-in-progress: false
+
+jobs:
+  update-translations:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    # Skip on PRs from forks (which don't have write permissions)
+    # Allow manual runs and pushes to main
+    if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+          ref: ${{ github.head_ref }}
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Install gettext
+        run: sudo apt-get install -y gettext
+
+      - name: Run makemessages
+        run: |
+          cd app
+          python manage.py makemessages -a
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if git diff --exit-code --quiet app/locale/; then
+            echo "No translation changes detected"
+          else
+            echo "changes_detected=true" >> $GITHUB_OUTPUT
+            echo "Translation changes detected"
+          fi
+
+      - name: Commit translation files
+        if: steps.check_changes.outputs.changes_detected == 'true'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          push_options: --force
+          commit_message: |
+            chore(locale): update translation files
+            
+            [skip ci] Automatically generated by Django makemessages workflow
+          file_pattern: "app/locale/**/*.po"
--- a/.gitignore
+++ b/.gitignore
@@ -123,6 +123,7 @@ celerybeat.pid

 # Environments
 .env
+.prod.env
 .venv
 env/
 venv/
@@ -160,3 +161,7 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
+
+node_modules/
+postgres_data/
+.prod.env
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+    "djlint.showInstallError": false,
+    "files.associations": {
+        "*.css": "tailwindcss"
+    },
+    "tailwindCSS.experimental.configFile": "frontend/src/styles/tailwind.css",
+    "djlint.profile": "django",
+}
--- a/README.md
+++ b/README.md
@@ -13,6 +13,8 @@
  <a href="#key-features">Features</a> •
  <a href="#how-to-use">Usage</a> •
  <a href="#how-it-works">How</a> •
+  <a href="#mcp-server">MCP Server</a> •
+  <a href="#help-us-translate-wygiwyh">Translate</a> •
  <a href="#caveats-and-warnings">Caveats and Warnings</a> •
  <a href="#built-with">Built with</a>
 </p>
@@ -28,15 +30,15 @@ Managing money can feel unnecessarily complex, but it doesn’t have to be. WYGI

 By sticking to this straightforward approach, you avoid dipping into your savings while still keeping tabs on where your money goes.

-While this philosophy is simple, finding tools to make it work wasn’t. I initially used a spreadsheet, which served me well for years—until it became unwieldy as I started managing multiple currencies, accounts, and investments. I tried various financial management apps, but none met my key requirements:
+While this philosophy is simple, finding tools to make it work wasn’t. I initially used a spreadsheet, which served me well for years, until it became unwieldy as I started managing multiple currencies, accounts, and investments. I tried various financial management apps, but none met my key requirements:

 1. **Multi-currency support** to track income and expenses in different currencies.
-2. **Not a budgeting app** — as I dislike budgeting constraints.
+2. **Not a budgeting app** as I dislike budgeting constraints.
 3. **Web app usability** (ideally with mobile support, though optional).
 4. **Automation-ready API** to integrate with other tools and services.
 5. **Custom transaction rules** for credit card billing cycles or similar quirks.

-Frustrated by the lack of comprehensive options, I set out to build **WYGIWYH** — an opinionated yet powerful tool that I believe will resonate with like-minded users.
+Frustrated by the lack of comprehensive options, I set out to build **WYGIWYH**, an opinionated yet powerful tool that I believe will resonate with like-minded users.

 # Key Features

@@ -50,6 +52,17 @@ Frustrated by the lack of comprehensive options, I set out to build **WYGIWYH**
 * **Built-in Dollar-Cost Average (DCA) tracker**: Essential for tracking recurring investments, especially for crypto and stocks.
 * **API support for automation**: Seamlessly integrate with existing services to synchronize transactions.

+# Demo
+
+You can try WYGIWYH on [wygiwyh-demo.herculino.com](https://wygiwyh-demo.herculino.com/) with the credentials below:
+
+> [!NOTE]
+> E-mail: `demo@demo.com`
+> 
+> Password: `wygiwyhdemo`
+
+Keep in mind that **any data you add will be wiped in 24 hours or less**. And that **most automation features like the API, Rules, Automatic Exchange Rates and Import/Export are disabled**.
+
 # How To Use

 To run this application, you'll need [Docker](https://docs.docker.com/engine/install/) with [docker-compose](https://docs.docker.com/compose/install/).
@@ -75,7 +88,7 @@ $ nano .env # or any other editor you want to use
 # Run the app
 $ docker compose up -d

-# Create the first admin account
+# Create the first admin account. This isn't required if you set the enviroment variables: ADMIN_EMAIL and ADMIN_PASSWORD.
 $ docker compose exec -it web python manage.py createsuperuser
 ```

@@ -114,9 +127,10 @@ To create the first user, open the container's console using Unraid's UI, by cli

 | variable                      | type        | default                           | explanation                                                                                                                                                                                                                              |
 |-------------------------------|-------------|-----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| INTERNAL_PORT                 | int         | 8000                              | The port on which the app listens on. Defaults to 8000 if not set.                                                                                                                                                                       |
 | DJANGO_ALLOWED_HOSTS          | string      | localhost 127.0.0.1               | A list of space separated domains and IPs representing the host/domain names that WYGIWYH site can serve. [Click here](https://docs.djangoproject.com/en/5.1/ref/settings/#allowed-hosts) for more details                               |
 | HTTPS_ENABLED                 | true\|false | false                             | Whether to use secure cookies. If this is set to true, the cookie will be marked as “secure”, which means browsers may ensure that the cookie is only sent under an HTTPS connection                                                     |
-|              URL              | string      | http://localhost http://127.0.0.1 | A list of space separated domains and IPs (with the protocol) representing the trusted origins for unsafe requests (e.g. POST). [Click here](https://docs.djangoproject.com/en/5.1/ref/settings/#csrf-trusted-origins ) for more details |
+| URL                           | string      | http://localhost http://127.0.0.1 | A list of space separated domains and IPs (with the protocol) representing the trusted origins for unsafe requests (e.g. POST). [Click here](https://docs.djangoproject.com/en/5.1/ref/settings/#csrf-trusted-origins ) for more details |
 | SECRET_KEY                    | string      | ""                                | This is used to provide cryptographic signing, and should be set to a unique, unpredictable value.                                                                                                                                       |
 | DEBUG                         | true\|false | false                             | Turns DEBUG mode on or off, this is useful to gather more data about possible errors you're having. Don't use in production.                                                                                                             |
 | SQL_DATABASE                  | string      | None *required                    | The name of your postgres database                                                                                                                                                                                                       |
@@ -128,11 +142,55 @@ To create the first user, open the container's console using Unraid's UI, by cli
 | ENABLE_SOFT_DELETE            | true\|false | false                             | Whether to enable transactions soft delete, if enabled, deleted transactions will remain in the database. Useful for imports and avoiding duplicate entries.                                                                             |
 | KEEP_DELETED_TRANSACTIONS_FOR | int         | 365                               | Time in days to keep soft deleted transactions for. If 0, will keep all transactions indefinitely. Only works if ENABLE_SOFT_DELETE is true.                                                                                             |
 | TASK_WORKERS                  | int         | 1                                 | How many workers to have for async tasks. One should be enough for most use cases                                                                                                                                                        |
+| DEMO                          | true\|false | false                             | If demo mode is enabled.                                                                                                                                                                                                                 |
+| ADMIN_EMAIL                   | string      | None                              | Automatically creates an admin account with this email. Must have `ADMIN_PASSWORD` also set.                                                                                                                                             |
+| ADMIN_PASSWORD                | string      | None                              | Automatically creates an admin account with this password. Must have `ADMIN_EMAIL` also set.                                                                                                                                             |
+| CHECK_FOR_UPDATES             | true\|false | true                              | Check and notify users about new versions. The check is done by doing a single query to Github's API every 12 hours.                                                                                                                     |
+| DJANGO_VITE_DEV_MODE          | true\|false | false                             | Enables Vite dev server mode for frontend development. When true, assets are served from Vite's dev server instead of the build manifest. For development only!                                                                          |
+| DJANGO_VITE_DEV_SERVER_PORT   | int         | 5173                              | The port where Vite's dev server is running. Only used when DJANGO_VITE_DEV_MODE is true. For development only!                                                                                                                          |
+| DJANGO_VITE_DEV_SERVER_HOST   | string      | localhost                         | The host where Vite's dev server is running. Only used when DJANGO_VITE_DEV_MODE is true. For development only!                                                                                                                          |
+
+## OIDC Configuration
+
+WYGIWYH supports login via OpenID Connect (OIDC) through `django-allauth`. This allows users to authenticate using an external OIDC provider.
+
+> [!NOTE]
+> Currently only OpenID Connect is supported as a provider, open an issue if you need something else.
+
+To configure OIDC, you need to set the following environment variables:
+
+| Variable             | Description                                                                                                                                                                                                                                            |
+|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `OIDC_CLIENT_NAME`   | The name of the provider. will be displayed in the login page. Defaults to `OpenID Connect`                                                                                                                                                            |
+| `OIDC_CLIENT_ID`     | The Client ID provided by your OIDC provider.                                                                                                                                                                                                          |
+| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider.                                                                                                                                                                                                      |
+| `OIDC_SERVER_URL`    | The base URL of your OIDC provider's discovery document or authorization server (e.g., `https://your-provider.com/auth/realms/your-realm`). `django-allauth` will use this to discover the necessary endpoints (authorization, token, userinfo, etc.). |
+| `OIDC_ALLOW_SIGNUP`  | Allow the automatic creation of inexistent accounts on a successfull authentication. Defaults to `true`.                                                                                                                                               |
+
+**Callback URL (Redirect URI):**
+
+When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, the default callback URL is:
+
+`https://your.wygiwyh.domain/auth/oidc/<OIDC_CLIENT_NAME>/login/callback/`
+
+Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible. And `<OIDC_CLIENT_NAME>` with the slugfied value set in OIDC_CLIENT_NAME or the default `openid-connect` if you haven't set this variable.

 # How it works

 Check out our [Wiki](https://github.com/eitchtee/WYGIWYH/wiki) for more information.

+# Help us translate WYGIWYH!
+<a href="https://translations.herculino.com/engage/wygiwyh/">
+<img src="https://translations.herculino.com/widget/wygiwyh/open-graph.png" alt="Translation status" />
+</a>
+
+> [!NOTE]
+> Login with your github account
+
+# MCP Server
+
+[IZIme07](https://github.com/IZIme07) has kindly created an MCP Server for WYGIWYH that you can self-host. [Check it out at MCP-WYGIWYH](https://github.com/ReNewator/MCP-WYGIWYH)!
+
 # Caveats and Warnings

 - I'm not an accountant, some terms and even calculations might be wrong. Make sure to open an issue if you see anything that could be improved.
--- a/app/WYGIWYH/settings.py
+++ b/app/WYGIWYH/settings.py
@@ -11,9 +11,11 @@ https://docs.djangoproject.com/en/5.1/ref/settings/
 """

 import os
+import re
 import sys
 from pathlib import Path

+from django.utils.text import slugify

 SITE_TITLE = "WYGIWYH"
 TITLE_SEPARATOR = "::"
@@ -42,9 +44,10 @@ INSTALLED_APPS = [
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
+    "django.contrib.sites",
    "whitenoise.runserver_nostatic",
    "django.contrib.staticfiles",
-    "webpack_boilerplate",
+    "django_vite",
    "django.contrib.humanize",
    "django.contrib.postgres",
    "django_browser_reload",
@@ -55,14 +58,15 @@ INSTALLED_APPS = [
    "hijack",
    "hijack.contrib.admin",
    "django_filters",
+    "import_export",
    "apps.users.apps.UsersConfig",
    "procrastinate.contrib.django",
    "apps.transactions.apps.TransactionsConfig",
    "apps.currencies.apps.CurrenciesConfig",
    "apps.accounts.apps.AccountsConfig",
-    "apps.common.apps.CommonConfig",
    "apps.net_worth.apps.NetWorthConfig",
    "apps.import_app.apps.ImportConfig",
+    "apps.export_app.apps.ExportConfig",
    "apps.api.apps.ApiConfig",
    "cachalot",
    "rest_framework",
@@ -72,8 +76,15 @@ INSTALLED_APPS = [
    "apps.calendar_view.apps.CalendarViewConfig",
    "apps.dca.apps.DcaConfig",
    "pwa",
+    "allauth",
+    "allauth.account",
+    "allauth.socialaccount",
+    "allauth.socialaccount.providers.openid_connect",
+    "apps.common.apps.CommonConfig",
 ]

+SITE_ID = 1
+
 MIDDLEWARE = [
    "django_browser_reload.middleware.BrowserReloadMiddleware",
    "apps.common.middleware.thread_local.ThreadLocalMiddleware",
@@ -89,6 +100,7 @@ MIDDLEWARE = [
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "hijack.middleware.HijackUserMiddleware",
+    "allauth.account.middleware.AccountMiddleware",
 ]

 ROOT_URLCONF = "WYGIWYH.urls"
@@ -117,12 +129,23 @@ STORAGES = {

 WHITENOISE_MANIFEST_STRICT = False

+
+def immutable_file_test(path, url):
+    # Match vite (rollup)-generated hashes, à la, `some_file-CSliV9zW.js`
+    return re.match(r"^.+[.-][0-9a-zA-Z_-]{8,12}\..+$", url)
+
+
+WHITENOISE_IMMUTABLE_FILE_TEST = immutable_file_test
+
 WSGI_APPLICATION = "WYGIWYH.wsgi.application"


 # Database
 # https://docs.djangoproject.com/en/5.1/ref/settings/#databases

+THREADS = int(os.getenv("GUNICORN_THREADS", 1))
+MAX_POOL_SIZE = THREADS + 1
+
 DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.postgresql",
@@ -131,6 +154,17 @@ DATABASES = {
        "PASSWORD": os.getenv("SQL_PASSWORD", "password"),
        "HOST": os.getenv("SQL_HOST", "localhost"),
        "PORT": os.getenv("SQL_PORT", "5432"),
+        "CONN_MAX_AGE": 0,
+        "CONN_HEALTH_CHECKS": True,
+        "OPTIONS": {
+            "pool": {
+                "min_size": 1,
+                "max_size": MAX_POOL_SIZE,
+                "timeout": 10,
+                "max_lifetime": 600,
+                "max_idle": 300,
+            },
+        },
    }
 }

@@ -161,9 +195,105 @@ AUTH_USER_MODEL = "users.User"

 LANGUAGE_CODE = "en"
 LANGUAGES = (
+    ("af", "Afrikaans"),
+    ("ar", "العربية"),
+    ("ar-dz", "العربية (الجزائر)"),  # Algerian Arabic often uses the base name + region
+    ("ast", "Asturianu"),
+    ("az", "Azərbaycan"),
+    ("bg", "Български"),
+    ("be", "Беларуская"),
+    ("bn", "বাংলা"),
+    ("br", "Brezhoneg"),
+    ("bs", "Bosanski"),
+    ("ca", "Català"),
+    ("ckb", "کوردیی ناوەندی"),  # Central Kurdish (Sorani)
+    ("cs", "Čeština"),
+    ("cy", "Cymraeg"),
+    ("da", "Dansk"),
+    ("de", "Deutsch"),
+    ("dsb", "Dolnoserbšćina"),
+    ("el", "Ελληνικά"),
    ("en", "English"),
+    ("en-au", "English (Australia)"),
+    ("en-gb", "English (UK)"),
+    ("eo", "Esperanto"),
+    ("es", "Español"),
+    ("es-ar", "Español (Argentina)"),
+    ("es-co", "Español (Colombia)"),
+    ("es-mx", "Español (México)"),
+    ("es-ni", "Español (Nicaragua)"),
+    ("es-ve", "Español (Venezuela)"),
+    ("et", "Eesti"),
+    ("eu", "Euskara"),
+    ("fa", "فارسی"),
+    ("fi", "Suomi"),
+    ("fr", "Français"),
+    ("fy", "Frysk"),
+    ("ga", "Gaeilge"),
+    ("gd", "Gàidhlig"),
+    ("gl", "Galego"),
+    ("he", "עברית"),
+    ("hi", "हिन्दी"),
+    ("hr", "Hrvatski"),
+    ("hsb", "Hornjoserbšćina"),
+    ("hu", "Magyar"),
+    ("hy", "Հայերեն"),
+    ("ia", "Interlingua"),
+    ("id", "Bahasa Indonesia"),
+    ("ig", "Igbo"),
+    ("io", "Ido"),
+    ("is", "Íslenska"),
+    ("it", "Italiano"),
+    ("ja", "日本語"),
+    ("ka", "ქართული"),
+    ("kab", "Taqbaylit"),
+    ("kk", "Қазақша"),
+    ("km", "ខ្មែរ"),
+    ("kn", "ಕನ್ನಡ"),
+    ("ko", "한국어"),
+    ("ky", "Кыргызча"),
+    ("lb", "Lëtzebuergesch"),
+    ("lt", "Lietuvių"),
+    ("lv", "Latviešu"),
+    ("mk", "Македонски"),
+    ("ml", "മലയാളം"),
+    ("mn", "Монгол"),
+    ("mr", "मराठी"),
+    ("ms", "Bahasa Melayu"),
+    ("my", "မြန်မာဘာသာ"),
+    ("nb", "Norsk (Bokmål)"),
+    ("ne", "नेपाली"),
    ("nl", "Nederlands"),
+    ("nn", "Norsk (Nynorsk)"),
+    ("os", "Ирон"),  # Ossetic
+    ("pa", "ਪੰਜਾਬੀ"),
+    ("pl", "Polski"),
+    ("pt", "Português"),
    ("pt-br", "Português (Brasil)"),
+    ("ro", "Română"),
+    ("ru", "Русский"),
+    ("sk", "Slovenčina"),
+    ("sl", "Slovenščina"),
+    ("sq", "Shqip"),
+    ("sr", "Српски"),
+    ("sr-latn", "Srpski (Latinica)"),
+    ("sv", "Svenska"),
+    ("sw", "Kiswahili"),
+    ("ta", "தமிழ்"),
+    ("te", "తెలుగు"),
+    ("tg", "Тоҷикӣ"),
+    ("th", "ไทย"),
+    ("tk", "Türkmençe"),
+    ("tr", "Türkçe"),
+    ("tt", "Татарча"),
+    ("udm", "Удмурт"),
+    ("ug", "ئۇيغۇرچە"),
+    ("uk", "Українська"),
+    ("ur", "اردو"),
+    ("uz", "Oʻzbekcha"),
+    ("vi", "Tiếng Việt"),
+    ("zh-hans", "简体中文"),
+    ("zh-hant", "繁體中文"),
 )

 TIME_ZONE = os.getenv("TZ", "UTC")
@@ -182,7 +312,7 @@ STATIC_URL = "static/"
 STATIC_ROOT = BASE_DIR / "static_files"

 STATICFILES_DIRS = [
-    ROOT_DIR / "frontend/build",
+    ROOT_DIR / "frontend" / "build",
    BASE_DIR / "static",
 ]

@@ -198,9 +328,11 @@ CACHES = {
    }
 }

-WEBPACK_LOADER = {
-    "MANIFEST_FILE": ROOT_DIR / "frontend/build/manifest.json",
-}
+DJANGO_VITE_ASSETS_PATH = STATIC_ROOT
+DJANGO_VITE_MANIFEST_PATH = DJANGO_VITE_ASSETS_PATH / "manifest.json"
+DJANGO_VITE_DEV_MODE = os.getenv("DJANGO_VITE_DEV_MODE", "false").lower() == "true"
+DJANGO_VITE_DEV_SERVER_PORT = int(os.getenv("DJANGO_VITE_DEV_SERVER_PORT", "5173"))
+DJANGO_VITE_DEV_SERVER_HOST = os.getenv("DJANGO_VITE_DEV_SERVER_HOST", "localhost")

 # Default primary key field type
 # https://docs.djangoproject.com/en/5.1/ref/settings/#default-auto-field
@@ -209,10 +341,49 @@ DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"

 LOGIN_REDIRECT_URL = "/"
 LOGIN_URL = "/login/"
+LOGOUT_REDIRECT_URL = "/login/"
+
+# Allauth settings
+AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",  # Keep default
+    "allauth.account.auth_backends.AuthenticationBackend",
+]
+
+SOCIALACCOUNT_PROVIDERS = {"openid_connect": {"APPS": []}}
+
+if (
+    os.getenv("OIDC_CLIENT_ID")
+    and os.getenv("OIDC_CLIENT_SECRET")
+    and os.getenv("OIDC_SERVER_URL")
+):
+    SOCIALACCOUNT_PROVIDERS["openid_connect"]["APPS"].append(
+        {
+            "provider_id": slugify(os.getenv("OIDC_CLIENT_NAME", "OpenID Connect")),
+            "name": os.getenv("OIDC_CLIENT_NAME", "OpenID Connect"),
+            "client_id": os.getenv("OIDC_CLIENT_ID"),
+            "secret": os.getenv("OIDC_CLIENT_SECRET"),
+            "settings": {
+                "server_url": os.getenv("OIDC_SERVER_URL"),
+            },
+        }
+    )
+
+ACCOUNT_LOGIN_METHODS = {"email"}
+ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"]
+ACCOUNT_USER_MODEL_USERNAME_FIELD = None
+ACCOUNT_EMAIL_VERIFICATION = "none"
+SOCIALACCOUNT_LOGIN_ON_GET = True
+SOCIALACCOUNT_ONLY = True
+SOCIALACCOUNT_AUTO_SIGNUP = os.getenv("OIDC_ALLOW_SIGNUP", "true").lower() == "true"
+ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter"
+SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"

 # CRISPY FORMS
-CRISPY_ALLOWED_TEMPLATE_PACKS = ["bootstrap5", "crispy_forms/pure_text"]
-CRISPY_TEMPLATE_PACK = "bootstrap5"
+CRISPY_ALLOWED_TEMPLATE_PACKS = [
+    "crispy_forms/pure_text",
+    "crispy-daisyui",
+]
+CRISPY_TEMPLATE_PACK = "crispy-daisyui"

 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 SESSION_COOKIE_AGE = int(os.getenv("SESSION_EXPIRY_TIME", 2678400))  # 31 days
@@ -236,7 +407,7 @@ DEBUG_TOOLBAR_PANELS = [
    "debug_toolbar.panels.signals.SignalsPanel",
    "debug_toolbar.panels.redirects.RedirectsPanel",
    "debug_toolbar.panels.profiling.ProfilingPanel",
-    "cachalot.panels.CachalotPanel",
+    # "cachalot.panels.CachalotPanel",
 ]
 INTERNAL_IPS = [
    "127.0.0.1",
@@ -258,7 +429,10 @@ if DEBUG:
 REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
-    "DEFAULT_PERMISSION_CLASSES": ["rest_framework.permissions.DjangoModelPermissions"],
+    "DEFAULT_PERMISSION_CLASSES": [
+        "apps.api.permissions.NotInDemoMode",
+        "rest_framework.permissions.DjangoModelPermissions",
+    ],
    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
    "PAGE_SIZE": 10,
    "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
@@ -341,6 +515,8 @@ else:

 CACHALOT_UNCACHABLE_TABLES = ("django_migrations", "procrastinate_jobs")

+# Procrastinate
+PROCRASTINATE_ON_APP_READY = "apps.common.procrastinate.on_app_ready"

 # PWA
 PWA_APP_NAME = SITE_TITLE
@@ -389,5 +565,7 @@ PWA_APP_SCREENSHOTS = [
 PWA_SERVICE_WORKER_PATH = BASE_DIR / "templates" / "pwa" / "serviceworker.js"

 ENABLE_SOFT_DELETE = os.getenv("ENABLE_SOFT_DELETE", "false").lower() == "true"
+CHECK_FOR_UPDATES = os.getenv("CHECK_FOR_UPDATES", "true").lower() == "true"
 KEEP_DELETED_TRANSACTIONS_FOR = int(os.getenv("KEEP_DELETED_ENTRIES_FOR", "365"))
 APP_VERSION = os.getenv("APP_VERSION", "unknown")
+DEMO = os.getenv("DEMO", "false").lower() == "true"
--- a/app/WYGIWYH/urls.py
+++ b/app/WYGIWYH/urls.py
@@ -21,6 +21,8 @@ from drf_spectacular.views import (
    SpectacularAPIView,
    SpectacularSwaggerView,
 )
+from allauth.socialaccount.providers.openid_connect.views import login, callback
+

 urlpatterns = [
    path("admin/", admin.site.urls),
@@ -36,6 +38,13 @@ urlpatterns = [
        SpectacularSwaggerView.as_view(url_name="schema"),
        name="swagger-ui",
    ),
+    path("auth/", include("allauth.urls")),  # allauth urls
+    # path("auth/oidc/<str:provider_id>/login/", login, name="openid_connect_login"),
+    # path(
+    #     "auth/oidc/<str:provider_id>/login/callback/",
+    #     callback,
+    #     name="openid_connect_callback",
+    # ),
    path("", include("apps.transactions.urls")),
    path("", include("apps.common.urls")),
    path("", include("apps.users.urls")),
@@ -49,5 +58,6 @@ urlpatterns = [
    path("", include("apps.dca.urls")),
    path("", include("apps.mini_tools.urls")),
    path("", include("apps.import_app.urls")),
+    path("", include("apps.export_app.urls")),
    path("", include("apps.insights.urls")),
 ]
--- a/app/apps/accounts/admin.py
+++ b/app/apps/accounts/admin.py
@@ -1,6 +1,14 @@
 from django.contrib import admin

-from apps.accounts.models import Account
+from apps.accounts.models import Account, AccountGroup
+from apps.common.admin import SharedObjectModelAdmin


-admin.site.register(Account)
+@admin.register(Account)
+class AccountModelAdmin(SharedObjectModelAdmin):
+    pass
+
+
+@admin.register(AccountGroup)
+class AccountGroupModelAdmin(SharedObjectModelAdmin):
+    pass
--- a/app/apps/accounts/forms.py
+++ b/app/apps/accounts/forms.py
@@ -1,21 +1,21 @@
-from crispy_bootstrap5.bootstrap5 import Switch
+from apps.accounts.models import Account, AccountGroup
+from apps.common.fields.forms.dynamic_select import (
+    DynamicModelChoiceField,
+    DynamicModelMultipleChoiceField,
+)
+from apps.common.widgets.crispy.daisyui import Switch
+from apps.common.widgets.crispy.submit import NoClassSubmit
+from apps.common.widgets.decimal import ArbitraryDecimalDisplayNumberInput
+from apps.common.widgets.tom_select import TomSelect
+from apps.currencies.models import Currency
+from apps.transactions.models import TransactionCategory, TransactionTag
 from crispy_forms.bootstrap import FormActions
 from crispy_forms.helper import FormHelper
-from crispy_forms.layout import Layout, Field, Column, Row
+from crispy_forms.layout import Column, Field, Layout, Row
 from django import forms
+from django.db.models import Q
 from django.utils.translation import gettext_lazy as _

-from apps.accounts.models import Account
-from apps.accounts.models import AccountGroup
-from apps.common.fields.forms.dynamic_select import (
-    DynamicModelMultipleChoiceField,
-    DynamicModelChoiceField,
-)
-from apps.common.widgets.crispy.submit import NoClassSubmit
-from apps.common.widgets.tom_select import TomSelect
-from apps.transactions.models import TransactionCategory, TransactionTag
-from apps.common.widgets.decimal import ArbitraryDecimalDisplayNumberInput
-

 class AccountGroupForm(forms.ModelForm):
    class Meta:
@@ -36,17 +36,13 @@ class AccountGroupForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )

@@ -77,6 +73,20 @@ class AccountForm(forms.ModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)

+        self.fields["group"].queryset = AccountGroup.objects.all()
+
+        if self.instance.id:
+            qs = Currency.objects.filter(
+                Q(is_archived=False) | Q(accounts=self.instance.id)
+            ).distinct()
+            self.fields["currency"].queryset = qs
+            self.fields["exchange_currency"].queryset = qs
+
+        else:
+            qs = Currency.objects.filter(Q(is_archived=False))
+            self.fields["currency"].queryset = qs
+            self.fields["exchange_currency"].queryset = qs
+
        self.helper = FormHelper()
        self.helper.form_tag = False
        self.helper.form_method = "post"
@@ -92,17 +102,13 @@ class AccountForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )

@@ -140,9 +146,8 @@ class AccountBalanceForm(forms.Form):
        self.helper.layout = Layout(
            "new_balance",
            Row(
-                Column("category", css_class="form-group col-md-6 mb-0"),
-                Column("tags", css_class="form-group col-md-6 mb-0"),
-                css_class="form-row",
+                Column("category"),
+                Column("tags"),
            ),
            Field("account_id"),
        )
@@ -151,5 +156,11 @@ class AccountBalanceForm(forms.Form):
            decimal_places=self.currency_decimal_places
        )

+        self.fields["category"].queryset = TransactionCategory.objects.filter(
+            active=True
+        )
+
+        self.fields["tags"].queryset = TransactionTag.objects.filter(active=True)
+

 AccountBalanceFormSet = forms.formset_factory(AccountBalanceForm, extra=0)
--- a/app/apps/accounts/migrations/0009_account_owner_account_shared_with_accountgroup_owner.py
+++ b/app/apps/accounts/migrations/0009_account_owner_account_shared_with_accountgroup_owner.py
@@ -0,0 +1,31 @@
+# Generated by Django 5.1.6 on 2025-03-04 15:07
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0008_alter_account_name'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='account',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='owned_accounts', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+        migrations.AddField(
+            model_name='account',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='shared_accounts', to=settings.AUTH_USER_MODEL, verbose_name='Shared With'),
+        ),
+        migrations.AddField(
+            model_name='accountgroup',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='owned_account_groups', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+    ]
--- a/app/apps/accounts/migrations/0010_alter_account_managers_alter_accountgroup_managers_and_more.py
+++ b/app/apps/accounts/migrations/0010_alter_account_managers_alter_accountgroup_managers_and_more.py
@@ -0,0 +1,46 @@
+# Generated by Django 5.1.6 on 2025-03-05 02:42
+
+import django.db.models.manager
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0009_account_owner_account_shared_with_accountgroup_owner'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterModelManagers(
+            name='account',
+            managers=[
+                ('all_objects', django.db.models.manager.Manager()),
+            ],
+        ),
+        migrations.AlterModelManagers(
+            name='accountgroup',
+            managers=[
+                ('all_objects', django.db.models.manager.Manager()),
+            ],
+        ),
+        migrations.AlterField(
+            model_name='account',
+            name='name',
+            field=models.CharField(max_length=255, verbose_name='Name'),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='name',
+            field=models.CharField(max_length=255, verbose_name='Name'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='account',
+            unique_together={('owner', 'name')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='accountgroup',
+            unique_together={('owner', 'name')},
+        ),
+    ]
--- a/app/apps/accounts/migrations/0011_alter_account_owner_alter_accountgroup_owner.py
+++ b/app/apps/accounts/migrations/0011_alter_account_owner_alter_accountgroup_owner.py
@@ -0,0 +1,26 @@
+# Generated by Django 5.1.6 on 2025-03-05 04:19
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0010_alter_account_managers_alter_accountgroup_managers_and_more'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='account',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='owned_accounts', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='owned_account_groups', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+    ]
--- a/app/apps/accounts/migrations/0012_alter_account_managers_alter_accountgroup_managers_and_more.py
+++ b/app/apps/accounts/migrations/0012_alter_account_managers_alter_accountgroup_managers_and_more.py
@@ -0,0 +1,56 @@
+# Generated by Django 5.1.6 on 2025-03-05 23:46
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0011_alter_account_owner_alter_accountgroup_owner'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterModelManagers(
+            name='account',
+            managers=[
+            ],
+        ),
+        migrations.AlterModelManagers(
+            name='accountgroup',
+            managers=[
+            ],
+        ),
+        migrations.AddField(
+            model_name='account',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('shared', 'Shared'), ('public', 'Public')], default='private', max_length=10),
+        ),
+        migrations.AddField(
+            model_name='accountgroup',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_shared', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='accountgroup',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('shared', 'Shared'), ('public', 'Public')], default='private', max_length=10),
+        ),
+        migrations.AlterField(
+            model_name='account',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_owned', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='account',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_shared', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_owned', to=settings.AUTH_USER_MODEL),
+        ),
+    ]
--- a/app/apps/accounts/migrations/0013_alter_account_visibility_and_more.py
+++ b/app/apps/accounts/migrations/0013_alter_account_visibility_and_more.py
@@ -0,0 +1,23 @@
+# Generated by Django 5.1.6 on 2025-03-06 01:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0012_alter_account_managers_alter_accountgroup_managers_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='account',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('public', 'Public')], default='private', max_length=10),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('public', 'Public')], default='private', max_length=10),
+        ),
+    ]
--- a/app/apps/accounts/migrations/0014_alter_account_options_alter_accountgroup_options.py
+++ b/app/apps/accounts/migrations/0014_alter_account_options_alter_accountgroup_options.py
@@ -0,0 +1,21 @@
+# Generated by Django 5.1.7 on 2025-03-09 21:54
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0013_alter_account_visibility_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='account',
+            options={'ordering': ['name', 'id'], 'verbose_name': 'Account', 'verbose_name_plural': 'Accounts'},
+        ),
+        migrations.AlterModelOptions(
+            name='accountgroup',
+            options={'ordering': ['name', 'id'], 'verbose_name': 'Account Group', 'verbose_name_plural': 'Account Groups'},
+        ),
+    ]
--- a/app/apps/accounts/migrations/0015_alter_account_owner_alter_account_shared_with_and_more.py
+++ b/app/apps/accounts/migrations/0015_alter_account_owner_alter_account_shared_with_and_more.py
@@ -0,0 +1,46 @@
+# Generated by Django 5.2.4 on 2025-07-28 02:15
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0014_alter_account_options_alter_accountgroup_options'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='account',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_owned', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+        migrations.AlterField(
+            model_name='account',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_shared', to=settings.AUTH_USER_MODEL, verbose_name='Shared with users'),
+        ),
+        migrations.AlterField(
+            model_name='account',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('public', 'Public')], default='private', max_length=10, verbose_name='Visibility'),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_owned', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_shared', to=settings.AUTH_USER_MODEL, verbose_name='Shared with users'),
+        ),
+        migrations.AlterField(
+            model_name='accountgroup',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('public', 'Public')], default='private', max_length=10, verbose_name='Visibility'),
+        ),
+    ]
--- a/app/apps/accounts/migrations/0016_account_untracked_by.py
+++ b/app/apps/accounts/migrations/0016_account_untracked_by.py
@@ -0,0 +1,20 @@
+# Generated by Django 5.2.4 on 2025-08-09 05:52
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0015_alter_account_owner_alter_account_shared_with_and_more'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='account',
+            name='untracked_by',
+            field=models.ManyToManyField(blank=True, related_name='untracked_accounts', to=settings.AUTH_USER_MODEL),
+        ),
+    ]
--- a/app/apps/accounts/models.py
+++ b/app/apps/accounts/models.py
@@ -1,24 +1,32 @@
+from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils.translation import gettext_lazy as _

+from apps.common.middleware.thread_local import get_current_user
+from apps.common.models import SharedObject, SharedObjectManager
 from apps.transactions.models import Transaction


-class AccountGroup(models.Model):
-    name = models.CharField(max_length=255, verbose_name=_("Name"), unique=True)
+class AccountGroup(SharedObject):
+    name = models.CharField(max_length=255, verbose_name=_("Name"))
+
+    objects = SharedObjectManager()
+    all_objects = models.Manager()  # Unfiltered manager

    class Meta:
        verbose_name = _("Account Group")
        verbose_name_plural = _("Account Groups")
        db_table = "account_groups"
+        unique_together = (("owner", "name"),)
+        ordering = ["name", "id"]

    def __str__(self):
        return self.name


-class Account(models.Model):
-    name = models.CharField(max_length=255, verbose_name=_("Name"), unique=True)
+class Account(SharedObject):
+    name = models.CharField(max_length=255, verbose_name=_("Name"))
    group = models.ForeignKey(
        AccountGroup,
        on_delete=models.SET_NULL,
@@ -54,14 +62,28 @@ class Account(models.Model):
        verbose_name=_("Archived"),
        help_text=_("Archived accounts don't show up nor count towards your net worth"),
    )
+    untracked_by = models.ManyToManyField(
+        settings.AUTH_USER_MODEL,
+        blank=True,
+        related_name="untracked_accounts",
+    )
+
+    objects = SharedObjectManager()
+    all_objects = models.Manager()  # Unfiltered manager

    class Meta:
        verbose_name = _("Account")
        verbose_name_plural = _("Accounts")
+        unique_together = (("owner", "name"),)
+        ordering = ["name", "id"]

    def __str__(self):
        return self.name

+    def is_untracked_by(self):
+        user = get_current_user()
+        return self.untracked_by.filter(pk=user.pk).exists()
+
    def clean(self):
        super().clean()
        if self.exchange_currency == self.currency:
--- a/app/apps/accounts/services.py
+++ b/app/apps/accounts/services.py
@@ -0,0 +1,33 @@
+from decimal import Decimal
+
+from django.db import models
+
+from apps.accounts.models import Account
+from apps.transactions.models import Transaction
+
+
+def get_account_balance(account: Account, paid_only: bool = True) -> Decimal:
+    """
+    Calculate account balance (income - expense).
+
+    Args:
+        account: Account instance to calculate balance for.
+        paid_only: If True, only count paid transactions (current balance).
+                   If False, count all transactions (projected balance).
+
+    Returns:
+        Decimal: The calculated balance (income - expense).
+    """
+    filters = {"account": account}
+    if paid_only:
+        filters["is_paid"] = True
+
+    income = Transaction.objects.filter(
+        type=Transaction.Type.INCOME, **filters
+    ).aggregate(total=models.Sum("amount"))["total"] or Decimal("0")
+
+    expense = Transaction.objects.filter(
+        type=Transaction.Type.EXPENSE, **filters
+    ).aggregate(total=models.Sum("amount"))["total"] or Decimal("0")
+
+    return income - expense
--- a/app/apps/accounts/tests.py
+++ b/app/apps/accounts/tests.py
@@ -1,3 +1,5 @@
+from datetime import date
+
 from django.test import TestCase

 from apps.accounts.models import Account, AccountGroup
@@ -39,3 +41,135 @@ class AccountTests(TestCase):
            exchange_currency=self.exchange_currency,
        )
        self.assertEqual(account.exchange_currency, self.exchange_currency)
+
+
+class GetAccountBalanceServiceTests(TestCase):
+    """Tests for the get_account_balance service function"""
+
+    def setUp(self):
+        """Set up test data"""
+        from apps.transactions.models import Transaction
+        self.Transaction = Transaction
+        
+        self.currency = Currency.objects.create(
+            code="BRL", name="Brazilian Real", decimal_places=2, prefix="R$ "
+        )
+        self.account_group = AccountGroup.objects.create(name="Service Test Group")
+        self.account = Account.objects.create(
+            name="Service Test Account", group=self.account_group, currency=self.currency
+        )
+
+    def test_balance_with_no_transactions(self):
+        """Test balance is 0 when no transactions exist"""
+        from apps.accounts.services import get_account_balance
+        from decimal import Decimal
+        
+        balance = get_account_balance(self.account, paid_only=True)
+        self.assertEqual(balance, Decimal("0"))
+
+    def test_current_balance_only_counts_paid(self):
+        """Test current balance only counts paid transactions"""
+        from apps.accounts.services import get_account_balance
+        from decimal import Decimal
+        
+        # Paid income
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.INCOME,
+            amount=Decimal("100.00"),
+            is_paid=True,
+            date=date(2025, 1, 1),
+            description="Paid income",
+        )
+        # Unpaid income (should not count)
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.INCOME,
+            amount=Decimal("50.00"),
+            is_paid=False,
+            date=date(2025, 1, 1),
+            description="Unpaid income",
+        )
+        # Paid expense
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.EXPENSE,
+            amount=Decimal("30.00"),
+            is_paid=True,
+            date=date(2025, 1, 1),
+            description="Paid expense",
+        )
+
+        balance = get_account_balance(self.account, paid_only=True)
+        self.assertEqual(balance, Decimal("70.00"))  # 100 - 30
+
+    def test_projected_balance_counts_all(self):
+        """Test projected balance counts all transactions"""
+        from apps.accounts.services import get_account_balance
+        from decimal import Decimal
+        
+        # Paid income
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.INCOME,
+            amount=Decimal("100.00"),
+            is_paid=True,
+            date=date(2025, 1, 1),
+            description="Paid income",
+        )
+        # Unpaid income
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.INCOME,
+            amount=Decimal("50.00"),
+            is_paid=False,
+            date=date(2025, 1, 1),
+            description="Unpaid income",
+        )
+        # Paid expense
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.EXPENSE,
+            amount=Decimal("30.00"),
+            is_paid=True,
+            date=date(2025, 1, 1),
+            description="Paid expense",
+        )
+        # Unpaid expense
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.EXPENSE,
+            amount=Decimal("20.00"),
+            is_paid=False,
+            date=date(2025, 1, 1),
+            description="Unpaid expense",
+        )
+
+        balance = get_account_balance(self.account, paid_only=False)
+        self.assertEqual(balance, Decimal("100.00"))  # (100 + 50) - (30 + 20)
+
+    def test_balance_defaults_to_paid_only(self):
+        """Test that paid_only defaults to True"""
+        from apps.accounts.services import get_account_balance
+        from decimal import Decimal
+        
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.INCOME,
+            amount=Decimal("100.00"),
+            is_paid=True,
+            date=date(2025, 1, 1),
+            description="Paid",
+        )
+        self.Transaction.objects.create(
+            account=self.account,
+            type=self.Transaction.Type.INCOME,
+            amount=Decimal("50.00"),
+            is_paid=False,
+            date=date(2025, 1, 1),
+            description="Unpaid",
+        )
+
+        balance = get_account_balance(self.account)  # defaults to paid_only=True
+        self.assertEqual(balance, Decimal("100.00"))
+
--- a/app/apps/accounts/urls.py
+++ b/app/apps/accounts/urls.py
@@ -16,11 +16,26 @@ urlpatterns = [
        views.account_edit,
        name="account_edit",
    ),
+    path(
+        "account/<int:pk>/share/",
+        views.account_share,
+        name="account_share_settings",
+    ),
    path(
        "account/<int:pk>/delete/",
        views.account_delete,
        name="account_delete",
    ),
+    path(
+        "account/<int:pk>/take-ownership/",
+        views.account_take_ownership,
+        name="account_take_ownership",
+    ),
+    path(
+        "account/<int:pk>/toggle-untracked/",
+        views.account_toggle_untracked,
+        name="account_toggle_untracked",
+    ),
    path("account-groups/", views.account_groups_index, name="account_groups_index"),
    path("account-groups/list/", views.account_groups_list, name="account_groups_list"),
    path("account-groups/add/", views.account_group_add, name="account_group_add"),
@@ -34,4 +49,14 @@ urlpatterns = [
        views.account_group_delete,
        name="account_group_delete",
    ),
+    path(
+        "account-groups/<int:pk>/take-ownership/",
+        views.account_group_take_ownership,
+        name="account_group_take_ownership",
+    ),
+    path(
+        "account-groups/<int:pk>/share/",
+        views.account_group_share,
+        name="account_group_share_settings",
+    ),
 ]
--- a/app/apps/accounts/views/account_groups.py
+++ b/app/apps/accounts/views/account_groups.py
@@ -8,6 +8,8 @@ from django.views.decorators.http import require_http_methods
 from apps.accounts.forms import AccountGroupForm
 from apps.accounts.models import AccountGroup
 from apps.common.decorators.htmx import only_htmx
+from apps.common.models import SharedObject
+from apps.common.forms import SharedObjectForm


@login_required
@@ -23,7 +25,7 @@ def account_groups_index(request):
@login_required
@require_http_methods(["GET"])
 def account_groups_list(request):
-    account_groups = AccountGroup.objects.all().order_by("id")
+    account_groups = AccountGroup.objects.all().order_by("name")
    return render(
        request,
        "account_groups/fragments/list.html",
@@ -63,6 +65,16 @@ def account_group_add(request, **kwargs):
 def account_group_edit(request, pk):
    account_group = get_object_or_404(AccountGroup, id=pk)

+    if account_group.owner and account_group.owner != request.user:
+        messages.error(request, _("Only the owner can edit this"))
+
+        return HttpResponse(
+            status=204,
+            headers={
+                "HX-Trigger": "updated, hide_offcanvas",
+            },
+        )
+
    if request.method == "POST":
        form = AccountGroupForm(request.POST, instance=account_group)
        if form.is_valid():
@@ -91,9 +103,15 @@ def account_group_edit(request, pk):
 def account_group_delete(request, pk):
    account_group = get_object_or_404(AccountGroup, id=pk)

-    account_group.delete()
-
-    messages.success(request, _("Account Group deleted successfully"))
+    if (
+        account_group.owner != request.user
+        and request.user in account_group.shared_with.all()
+    ):
+        account_group.shared_with.remove(request.user)
+        messages.success(request, _("Item no longer shared with you"))
+    else:
+        account_group.delete()
+        messages.success(request, _("Account Group deleted successfully"))

    return HttpResponse(
        status=204,
@@ -101,3 +119,62 @@ def account_group_delete(request, pk):
            "HX-Trigger": "updated, hide_offcanvas",
        },
    )
+
+
+@only_htmx
+@login_required
+@require_http_methods(["GET"])
+def account_group_take_ownership(request, pk):
+    account_group = get_object_or_404(AccountGroup, id=pk)
+
+    if not account_group.owner:
+        account_group.owner = request.user
+        account_group.visibility = SharedObject.Visibility.private
+        account_group.save()
+
+        messages.success(request, _("Ownership taken successfully"))
+
+    return HttpResponse(
+        status=204,
+        headers={
+            "HX-Trigger": "updated, hide_offcanvas",
+        },
+    )
+
+
+@only_htmx
+@login_required
+@require_http_methods(["GET", "POST"])
+def account_group_share(request, pk):
+    obj = get_object_or_404(AccountGroup, id=pk)
+
+    if obj.owner and obj.owner != request.user:
+        messages.error(request, _("Only the owner can edit this"))
+
+        return HttpResponse(
+            status=204,
+            headers={
+                "HX-Trigger": "updated, hide_offcanvas",
+            },
+        )
+
+    if request.method == "POST":
+        form = SharedObjectForm(request.POST, instance=obj, user=request.user)
+        if form.is_valid():
+            form.save()
+            messages.success(request, _("Configuration saved successfully"))
+
+            return HttpResponse(
+                status=204,
+                headers={
+                    "HX-Trigger": "updated, hide_offcanvas",
+                },
+            )
+    else:
+        form = SharedObjectForm(instance=obj, user=request.user)
+
+    return render(
+        request,
+        "accounts/fragments/share.html",
+        {"form": form, "object": obj},
+    )
--- a/app/apps/accounts/views/accounts.py
+++ b/app/apps/accounts/views/accounts.py
@@ -8,6 +8,8 @@ from django.views.decorators.http import require_http_methods
 from apps.accounts.forms import AccountForm
 from apps.accounts.models import Account
 from apps.common.decorators.htmx import only_htmx
+from apps.common.models import SharedObject
+from apps.common.forms import SharedObjectForm


@login_required
@@ -23,7 +25,7 @@ def accounts_index(request):
@login_required
@require_http_methods(["GET"])
 def accounts_list(request):
-    accounts = Account.objects.all().order_by("id")
+    accounts = Account.objects.all().order_by("name")
    return render(
        request,
        "accounts/fragments/list.html",
@@ -62,6 +64,15 @@ def account_add(request, **kwargs):
@require_http_methods(["GET", "POST"])
 def account_edit(request, pk):
    account = get_object_or_404(Account, id=pk)
+    if account.owner and account.owner != request.user:
+        messages.error(request, _("Only the owner can edit this"))
+
+        return HttpResponse(
+            status=204,
+            headers={
+                "HX-Trigger": "updated, hide_offcanvas",
+            },
+        )

    if request.method == "POST":
        form = AccountForm(request.POST, instance=account)
@@ -85,15 +96,97 @@ def account_edit(request, pk):
    )


+@only_htmx
+@login_required
+@require_http_methods(["GET", "POST"])
+def account_share(request, pk):
+    obj = get_object_or_404(Account, id=pk)
+
+    if obj.owner and obj.owner != request.user:
+        messages.error(request, _("Only the owner can edit this"))
+
+        return HttpResponse(
+            status=204,
+            headers={
+                "HX-Trigger": "updated, hide_offcanvas",
+            },
+        )
+
+    if request.method == "POST":
+        form = SharedObjectForm(request.POST, instance=obj, user=request.user)
+        if form.is_valid():
+            form.save()
+            messages.success(request, _("Configuration saved successfully"))
+
+            return HttpResponse(
+                status=204,
+                headers={
+                    "HX-Trigger": "updated, hide_offcanvas",
+                },
+            )
+    else:
+        form = SharedObjectForm(instance=obj, user=request.user)
+
+    return render(
+        request,
+        "accounts/fragments/share.html",
+        {"form": form, "object": obj},
+    )
+
+
@only_htmx
@login_required
@require_http_methods(["DELETE"])
 def account_delete(request, pk):
    account = get_object_or_404(Account, id=pk)

-    account.delete()
-
-    messages.success(request, _("Account deleted successfully"))
+    if account.owner != request.user and request.user in account.shared_with.all():
+        account.shared_with.remove(request.user)
+        messages.success(request, _("Item no longer shared with you"))
+    else:
+        account.delete()
+        messages.success(request, _("Account deleted successfully"))
+
+    return HttpResponse(
+        status=204,
+        headers={
+            "HX-Trigger": "updated, hide_offcanvas",
+        },
+    )
+
+
+@only_htmx
+@login_required
+@require_http_methods(["GET"])
+def account_toggle_untracked(request, pk):
+    account = get_object_or_404(Account, id=pk)
+    if account.is_untracked_by():
+        account.untracked_by.remove(request.user)
+        messages.success(request, _("Account is now tracked"))
+    else:
+        account.untracked_by.add(request.user)
+        messages.success(request, _("Account is now untracked"))
+
+    return HttpResponse(
+        status=204,
+        headers={
+            "HX-Trigger": "updated",
+        },
+    )
+
+
+@only_htmx
+@login_required
+@require_http_methods(["GET"])
+def account_take_ownership(request, pk):
+    account = get_object_or_404(Account, id=pk)
+
+    if not account.owner:
+        account.owner = request.user
+        account.visibility = SharedObject.Visibility.private
+        account.save()
+
+        messages.success(request, _("Ownership taken successfully"))

    return HttpResponse(
        status=204,
--- a/app/apps/accounts/views/balance.py
+++ b/app/apps/accounts/views/balance.py
@@ -11,23 +11,13 @@ from django.utils.translation import gettext_lazy as _

 from apps.accounts.forms import AccountBalanceFormSet
 from apps.accounts.models import Account, Transaction
+from apps.accounts.services import get_account_balance
 from apps.common.decorators.htmx import only_htmx


@only_htmx
@login_required
 def account_reconciliation(request):
-    def get_account_balance(account):
-        income = Transaction.objects.filter(
-            account=account, type=Transaction.Type.INCOME, is_paid=True
-        ).aggregate(total=models.Sum("amount"))["total"] or Decimal("0")
-
-        expense = Transaction.objects.filter(
-            account=account, type=Transaction.Type.EXPENSE, is_paid=True
-        ).aggregate(total=models.Sum("amount"))["total"] or Decimal("0")
-
-        return income - expense
-
    initial_data = [
        {
            "account_id": account.id,
@@ -38,9 +28,9 @@ def account_reconciliation(request):
            "prefix": account.currency.prefix,
            "current_balance": get_account_balance(account),
        }
-        for account in Account.objects.filter(is_archived=False).select_related(
-            "currency", "group"
-        )
+        for account in Account.objects.filter(is_archived=False)
+        .select_related("currency", "group")
+        .order_by("group", "name")
    ]

    if request.method == "POST":
--- a/frontend/assets/images/.gitkeep
+++ b/frontend/assets/images/.gitkeep
--- a/app/apps/api/custom/pagination.py
+++ b/app/apps/api/custom/pagination.py
@@ -0,0 +1,6 @@
+from rest_framework.pagination import PageNumberPagination
+
+
+class CustomPageNumberPagination(PageNumberPagination):
+    page_size = 100
+    page_size_query_param = "page_size"
--- a/app/apps/api/fields/transactions.py
+++ b/app/apps/api/fields/transactions.py
@@ -1,8 +1,6 @@
-from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import extend_schema_field
 from rest_framework import serializers
 from django.utils.translation import gettext_lazy as _
-
 from apps.transactions.models import (
    TransactionCategory,
    TransactionTag,
@@ -29,7 +27,11 @@ class TransactionCategoryField(serializers.Field):
                    _("Category with this ID does not exist.")
                )
        elif isinstance(data, str):
-            category, created = TransactionCategory.objects.get_or_create(name=data)
+            try:
+                category = TransactionCategory.objects.get(name=data)
+            except TransactionCategory.DoesNotExist:
+                category = TransactionCategory(name=data)
+                category.save()
            return category
        raise serializers.ValidationError(
            _("Invalid category data. Provide an ID or name.")
@@ -39,7 +41,10 @@ class TransactionCategoryField(serializers.Field):
    def get_schema():
        return {
            "type": "array",
-            "items": {"type": "string", "description": "TransactionTag ID or name"},
+            "items": {
+                "type": "string",
+                "description": "TransactionCategory ID or name",
+            },
        }


@@ -65,7 +70,11 @@ class TransactionTagField(serializers.Field):
                        _("Tag with this ID does not exist.")
                    )
            elif isinstance(item, str):
-                tag, created = TransactionTag.objects.get_or_create(name=item)
+                try:
+                    tag = TransactionTag.objects.get(name=item)
+                except TransactionTag.DoesNotExist:
+                    tag = TransactionTag(name=item)
+                    tag.save()
            else:
                raise serializers.ValidationError(
                    _("Invalid tag data. Provide an ID or name.")
@@ -74,6 +83,13 @@ class TransactionTagField(serializers.Field):
        return tags


+@extend_schema_field(
+    {
+        "type": "array",
+        "items": {"oneOf": [{"type": "string"}, {"type": "integer"}]},
+        "description": "TransactionEntity ID or name. If the name doesn't exist, a new one will be created",
+    }
+)
 class TransactionEntityField(serializers.Field):
    def to_representation(self, value):
        return [{"id": entity.id, "name": entity.name} for entity in value.all()]
@@ -84,12 +100,16 @@ class TransactionEntityField(serializers.Field):
            if isinstance(item, int):
                try:
                    entity = TransactionEntity.objects.get(pk=item)
-                except TransactionTag.DoesNotExist:
+                except TransactionEntity.DoesNotExist:
                    raise serializers.ValidationError(
                        _("Entity with this ID does not exist.")
                    )
            elif isinstance(item, str):
-                entity, created = TransactionEntity.objects.get_or_create(name=item)
+                try:
+                    entity = TransactionEntity.objects.get(name=item)
+                except TransactionEntity.DoesNotExist:
+                    entity = TransactionEntity(name=item)
+                    entity.save()
            else:
                raise serializers.ValidationError(
                    _("Invalid entity data. Provide an ID or name.")
--- a/app/apps/api/permissions.py
+++ b/app/apps/api/permissions.py
@@ -0,0 +1,10 @@
+from rest_framework.permissions import BasePermission
+from django.conf import settings
+
+
+class NotInDemoMode(BasePermission):
+    def has_permission(self, request, view):
+        if settings.DEMO and not request.user.is_superuser:
+            return False
+        else:
+            return True
--- a/app/apps/api/serializers/init.py
+++ b/app/apps/api/serializers/init.py
@@ -2,3 +2,5 @@ from .transactions import *
 from .accounts import *
 from .currencies import *
 from .dca import *
+from .imports import *
+
--- a/app/apps/api/serializers/accounts.py
+++ b/app/apps/api/serializers/accounts.py
@@ -1,3 +1,4 @@
+from django.db.models import Q
 from rest_framework import serializers
 from rest_framework.permissions import IsAuthenticated

@@ -22,6 +23,7 @@ class AccountSerializer(serializers.ModelSerializer):
        write_only=True,
        allow_null=True,
    )
+
    currency = CurrencySerializer(read_only=True)
    currency_id = serializers.PrimaryKeyRelatedField(
        queryset=Currency.objects.all(), source="currency", write_only=True
@@ -50,6 +52,13 @@ class AccountSerializer(serializers.ModelSerializer):
            "is_asset",
        ]

+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        request = self.context.get("request")
+        if request and request.user.is_authenticated:
+            # Reload the queryset to get an updated version with the requesting user
+            self.fields["group_id"].queryset = AccountGroup.objects.all()
+
    def create(self, validated_data):
        return Account.objects.create(**validated_data)

@@ -58,3 +67,12 @@ class AccountSerializer(serializers.ModelSerializer):
            setattr(instance, attr, value)
        instance.save()
        return instance
+
+
+class AccountBalanceSerializer(serializers.Serializer):
+    """Serializer for account balance response."""
+
+    current_balance = serializers.DecimalField(max_digits=20, decimal_places=10)
+    projected_balance = serializers.DecimalField(max_digits=20, decimal_places=10)
+    currency = CurrencySerializer()
+
--- a/app/apps/api/serializers/imports.py
+++ b/app/apps/api/serializers/imports.py
@@ -0,0 +1,41 @@
+from rest_framework import serializers
+
+from apps.import_app.models import ImportProfile, ImportRun
+
+
+class ImportProfileSerializer(serializers.ModelSerializer):
+    """Serializer for listing import profiles."""
+
+    class Meta:
+        model = ImportProfile
+        fields = ["id", "name", "version", "yaml_config"]
+
+
+class ImportRunSerializer(serializers.ModelSerializer):
+    """Serializer for listing import runs."""
+
+    class Meta:
+        model = ImportRun
+        fields = [
+            "id",
+            "status",
+            "profile",
+            "file_name",
+            "logs",
+            "processed_rows",
+            "total_rows",
+            "successful_rows",
+            "skipped_rows",
+            "failed_rows",
+            "started_at",
+            "finished_at",
+        ]
+
+
+class ImportFileSerializer(serializers.Serializer):
+    """Serializer for uploading a file to import using an existing profile."""
+
+    profile_id = serializers.PrimaryKeyRelatedField(
+        queryset=ImportProfile.objects.all(), source="profile"
+    )
+    file = serializers.FileField()
--- a/app/apps/api/serializers/transactions.py
+++ b/app/apps/api/serializers/transactions.py
@@ -1,3 +1,5 @@
+from decimal import Decimal
+
 from django.utils.translation import gettext_lazy as _
 from drf_spectacular import openapi
 from drf_spectacular.types import OpenApiTypes
@@ -21,6 +23,7 @@ from apps.transactions.models import (
    TransactionEntity,
    RecurringTransaction,
 )
+from apps.common.middleware.thread_local import get_current_user


 class TransactionCategorySerializer(serializers.ModelSerializer):
@@ -29,6 +32,10 @@ class TransactionCategorySerializer(serializers.ModelSerializer):
    class Meta:
        model = TransactionCategory
        fields = "__all__"
+        read_only_fields = [
+            "id",
+            "owner",
+        ]


 class TransactionTagSerializer(serializers.ModelSerializer):
@@ -37,6 +44,10 @@ class TransactionTagSerializer(serializers.ModelSerializer):
    class Meta:
        model = TransactionTag
        fields = "__all__"
+        read_only_fields = [
+            "id",
+            "owner",
+        ]


 class TransactionEntitySerializer(serializers.ModelSerializer):
@@ -45,12 +56,16 @@ class TransactionEntitySerializer(serializers.ModelSerializer):
    class Meta:
        model = TransactionEntity
        fields = "__all__"
+        read_only_fields = [
+            "id",
+            "owner",
+        ]


 class InstallmentPlanSerializer(serializers.ModelSerializer):
-    category = TransactionCategoryField(required=False)
-    tags = TransactionTagField(required=False)
-    entities = TransactionEntityField(required=False)
+    category: str | int = TransactionCategoryField(required=False)
+    tags: str | int = TransactionTagField(required=False)
+    entities: str | int = TransactionEntityField(required=False)

    permission_classes = [IsAuthenticated]

@@ -88,9 +103,9 @@ class InstallmentPlanSerializer(serializers.ModelSerializer):


 class RecurringTransactionSerializer(serializers.ModelSerializer):
-    category = TransactionCategoryField(required=False)
-    tags = TransactionTagField(required=False)
-    entities = TransactionEntityField(required=False)
+    category: str | int = TransactionCategoryField(required=False)
+    tags: str | int = TransactionTagField(required=False)
+    entities: str | int = TransactionEntityField(required=False)

    class Meta:
        model = RecurringTransaction
@@ -123,13 +138,14 @@ class RecurringTransactionSerializer(serializers.ModelSerializer):
    def update(self, instance, validated_data):
        instance = super().update(instance, validated_data)
        instance.update_unpaid_transactions()
+        instance.generate_upcoming_transactions()
        return instance


 class TransactionSerializer(serializers.ModelSerializer):
-    category = TransactionCategoryField(required=False)
-    tags = TransactionTagField(required=False)
-    entities = TransactionEntityField(required=False)
+    category: str | int = TransactionCategoryField(required=False)
+    tags: str | int = TransactionTagField(required=False)
+    entities: str | int = TransactionEntityField(required=False)

    exchanged_amount = serializers.SerializerMethodField()

@@ -155,8 +171,16 @@ class TransactionSerializer(serializers.ModelSerializer):
            "installment_plan",
            "recurring_transaction",
            "installment_id",
+            "owner",
+            "deleted_at",
+            "deleted",
        ]

+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        self.fields["account_id"].queryset = Account.objects.all()
+
    def validate(self, data):
        if not self.partial:
            if "date" in data and "reference_date" not in data:
@@ -192,5 +216,5 @@ class TransactionSerializer(serializers.ModelSerializer):
        return instance

    @staticmethod
-    def get_exchanged_amount(obj):
+    def get_exchanged_amount(obj) -> Decimal:
        return obj.exchanged_amount()
--- a/app/apps/api/tests/init.py
+++ b/app/apps/api/tests/init.py
@@ -0,0 +1,4 @@
+# Import all test classes for Django test discovery
+from .test_imports import *
+from .test_accounts import *
+
--- a/app/apps/api/tests/test_accounts.py
+++ b/app/apps/api/tests/test_accounts.py
@@ -0,0 +1,99 @@
+from datetime import date
+from decimal import Decimal
+
+from django.contrib.auth import get_user_model
+from django.test import TestCase, override_settings
+from rest_framework import status
+from rest_framework.test import APIClient
+
+from apps.accounts.models import Account, AccountGroup
+from apps.currencies.models import Currency
+from apps.transactions.models import Transaction
+
+
+@override_settings(
+    STORAGES={
+        "default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
+        "staticfiles": {
+            "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
+        },
+    },
+    WHITENOISE_AUTOREFRESH=True,
+)
+class AccountBalanceAPITests(TestCase):
+    """Tests for the Account Balance API endpoint"""
+
+    def setUp(self):
+        """Set up test data"""
+        User = get_user_model()
+        self.user = User.objects.create_user(
+            email="testuser@test.com", password="testpass123"
+        )
+        self.client = APIClient()
+        self.client.force_authenticate(user=self.user)
+
+        self.currency = Currency.objects.create(
+            code="USD", name="US Dollar", decimal_places=2, prefix="$ "
+        )
+        self.account_group = AccountGroup.objects.create(name="Test Group")
+        self.account = Account.objects.create(
+            name="Test Account", group=self.account_group, currency=self.currency
+        )
+
+        # Create some transactions
+        Transaction.objects.create(
+            account=self.account,
+            type=Transaction.Type.INCOME,
+            amount=Decimal("500.00"),
+            is_paid=True,
+            date=date(2025, 1, 1),
+            description="Paid income",
+        )
+        Transaction.objects.create(
+            account=self.account,
+            type=Transaction.Type.INCOME,
+            amount=Decimal("200.00"),
+            is_paid=False,
+            date=date(2025, 1, 15),
+            description="Unpaid income",
+        )
+        Transaction.objects.create(
+            account=self.account,
+            type=Transaction.Type.EXPENSE,
+            amount=Decimal("100.00"),
+            is_paid=True,
+            date=date(2025, 1, 10),
+            description="Paid expense",
+        )
+
+    def test_get_balance_success(self):
+        """Test successful balance retrieval"""
+        response = self.client.get(f"/api/accounts/{self.account.id}/balance/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("current_balance", response.data)
+        self.assertIn("projected_balance", response.data)
+        self.assertIn("currency", response.data)
+
+        # Current: 500 - 100 = 400
+        self.assertEqual(Decimal(response.data["current_balance"]), Decimal("400.00"))
+        # Projected: (500 + 200) - 100 = 600
+        self.assertEqual(Decimal(response.data["projected_balance"]), Decimal("600.00"))
+
+        # Check currency data
+        self.assertEqual(response.data["currency"]["code"], "USD")
+
+    def test_get_balance_nonexistent_account(self):
+        """Test balance for non-existent account returns 404"""
+        response = self.client.get("/api/accounts/99999/balance/")
+
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_get_balance_unauthenticated(self):
+        """Test unauthenticated request returns 403"""
+        unauthenticated_client = APIClient()
+        response = unauthenticated_client.get(
+            f"/api/accounts/{self.account.id}/balance/"
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
--- a/app/apps/api/tests/test_imports.py
+++ b/app/apps/api/tests/test_imports.py
@@ -0,0 +1,404 @@
+from io import BytesIO
+from unittest.mock import patch
+
+from django.contrib.auth import get_user_model
+from django.core.files.uploadedfile import SimpleUploadedFile
+from django.test import TestCase, override_settings
+from rest_framework import status
+from rest_framework.test import APIClient
+
+from apps.import_app.models import ImportProfile, ImportRun
+
+
+@override_settings(
+    STORAGES={
+        "default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
+        "staticfiles": {
+            "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
+        },
+    },
+    WHITENOISE_AUTOREFRESH=True,
+)
+class ImportAPITests(TestCase):
+    """Tests for the Import API endpoint"""
+
+    def setUp(self):
+        """Set up test data"""
+        User = get_user_model()
+        self.user = User.objects.create_user(
+            email="testuser@test.com", password="testpass123"
+        )
+        self.client = APIClient()
+        self.client.force_authenticate(user=self.user)
+
+        # Create a basic import profile with minimal valid YAML config
+        self.profile = ImportProfile.objects.create(
+            name="Test Profile",
+            version=ImportProfile.Versions.VERSION_1,
+            yaml_config="""
+file_type: csv
+date_format: "%Y-%m-%d"
+column_mapping:
+  date:
+    source: date
+  description:
+    source: description
+  amount:
+    source: amount
+  transaction_type:
+    detection_method: always_expense
+  is_paid:
+    detection_method: always_paid
+  account:
+    source: account
+    match_field: name
+""",
+        )
+
+    @patch("apps.import_app.tasks.process_import.defer")
+    @patch("django.core.files.storage.FileSystemStorage.save")
+    @patch("django.core.files.storage.FileSystemStorage.path")
+    def test_create_import_success(self, mock_path, mock_save, mock_defer):
+        """Test successful file upload creates ImportRun and queues task"""
+        mock_save.return_value = "test_file.csv"
+        mock_path.return_value = "/usr/src/app/temp/test_file.csv"
+
+        csv_content = b"date,description,amount,account\n2025-01-01,Test,100,Main"
+        file = SimpleUploadedFile(
+            "test_file.csv", csv_content, content_type="text/csv"
+        )
+
+        response = self.client.post(
+            "/api/import/import/",
+            {"profile_id": self.profile.id, "file": file},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)
+        self.assertIn("import_run_id", response.data)
+        self.assertEqual(response.data["status"], "queued")
+
+        # Verify ImportRun was created
+        import_run = ImportRun.objects.get(id=response.data["import_run_id"])
+        self.assertEqual(import_run.profile, self.profile)
+        self.assertEqual(import_run.file_name, "test_file.csv")
+
+        # Verify task was deferred
+        mock_defer.assert_called_once_with(
+            import_run_id=import_run.id,
+            file_path="/usr/src/app/temp/test_file.csv",
+            user_id=self.user.id,
+        )
+
+    def test_create_import_missing_profile(self):
+        """Test request without profile_id returns 400"""
+        csv_content = b"date,description,amount\n2025-01-01,Test,100"
+        file = SimpleUploadedFile(
+            "test_file.csv", csv_content, content_type="text/csv"
+        )
+
+        response = self.client.post(
+            "/api/import/import/",
+            {"file": file},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn("profile_id", response.data)
+
+    def test_create_import_missing_file(self):
+        """Test request without file returns 400"""
+        response = self.client.post(
+            "/api/import/import/",
+            {"profile_id": self.profile.id},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn("file", response.data)
+
+    def test_create_import_invalid_profile(self):
+        """Test request with non-existent profile returns 400"""
+        csv_content = b"date,description,amount\n2025-01-01,Test,100"
+        file = SimpleUploadedFile(
+            "test_file.csv", csv_content, content_type="text/csv"
+        )
+
+        response = self.client.post(
+            "/api/import/import/",
+            {"profile_id": 99999, "file": file},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn("profile_id", response.data)
+
+    @patch("apps.import_app.tasks.process_import.defer")
+    @patch("django.core.files.storage.FileSystemStorage.save")
+    @patch("django.core.files.storage.FileSystemStorage.path")
+    def test_create_import_xlsx(self, mock_path, mock_save, mock_defer):
+        """Test successful XLSX file upload"""
+        mock_save.return_value = "test_file.xlsx"
+        mock_path.return_value = "/usr/src/app/temp/test_file.xlsx"
+
+        # Create a simple XLSX-like content (just for the upload test)
+        xlsx_content = BytesIO(b"PK\x03\x04")  # XLSX files start with PK header
+        file = SimpleUploadedFile(
+            "test_file.xlsx",
+            xlsx_content.getvalue(),
+            content_type="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        )
+
+        response = self.client.post(
+            "/api/import/import/",
+            {"profile_id": self.profile.id, "file": file},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)
+        self.assertIn("import_run_id", response.data)
+
+    def test_unauthenticated_request(self):
+        """Test unauthenticated request returns 403"""
+        unauthenticated_client = APIClient()
+
+        csv_content = b"date,description,amount\n2025-01-01,Test,100"
+        file = SimpleUploadedFile(
+            "test_file.csv", csv_content, content_type="text/csv"
+        )
+
+        response = unauthenticated_client.post(
+            "/api/import/import/",
+            {"profile_id": self.profile.id, "file": file},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+
+@override_settings(
+    STORAGES={
+        "default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
+        "staticfiles": {
+            "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
+        },
+    },
+    WHITENOISE_AUTOREFRESH=True,
+)
+class ImportProfileAPITests(TestCase):
+    """Tests for the Import Profile API endpoints"""
+
+    def setUp(self):
+        """Set up test data"""
+        User = get_user_model()
+        self.user = User.objects.create_user(
+            email="testuser@test.com", password="testpass123"
+        )
+        self.client = APIClient()
+        self.client.force_authenticate(user=self.user)
+
+        self.profile1 = ImportProfile.objects.create(
+            name="Profile 1",
+            version=ImportProfile.Versions.VERSION_1,
+            yaml_config="""
+file_type: csv
+date_format: "%Y-%m-%d"
+column_mapping:
+  date:
+    source: date
+  description:
+    source: description
+  amount:
+    source: amount
+  transaction_type:
+    detection_method: always_expense
+  is_paid:
+    detection_method: always_paid
+  account:
+    source: account
+    match_field: name
+""",
+        )
+        self.profile2 = ImportProfile.objects.create(
+            name="Profile 2",
+            version=ImportProfile.Versions.VERSION_1,
+            yaml_config="""
+file_type: csv
+date_format: "%Y-%m-%d"
+column_mapping:
+  date:
+    source: date
+  description:
+    source: description
+  amount:
+    source: amount
+  transaction_type:
+    detection_method: always_income
+  is_paid:
+    detection_method: always_unpaid
+  account:
+    source: account
+    match_field: name
+""",
+        )
+
+    def test_list_profiles(self):
+        """Test listing all profiles"""
+        response = self.client.get("/api/import/profiles/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["count"], 2)
+        self.assertEqual(len(response.data["results"]), 2)
+
+    def test_retrieve_profile(self):
+        """Test retrieving a specific profile"""
+        response = self.client.get(f"/api/import/profiles/{self.profile1.id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["id"], self.profile1.id)
+        self.assertEqual(response.data["name"], "Profile 1")
+        self.assertIn("yaml_config", response.data)
+
+    def test_retrieve_nonexistent_profile(self):
+        """Test retrieving a non-existent profile returns 404"""
+        response = self.client.get("/api/import/profiles/99999/")
+
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_profiles_unauthenticated(self):
+        """Test unauthenticated request returns 403"""
+        unauthenticated_client = APIClient()
+        response = unauthenticated_client.get("/api/import/profiles/")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+
+@override_settings(
+    STORAGES={
+        "default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
+        "staticfiles": {
+            "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
+        },
+    },
+    WHITENOISE_AUTOREFRESH=True,
+)
+class ImportRunAPITests(TestCase):
+    """Tests for the Import Run API endpoints"""
+
+    def setUp(self):
+        """Set up test data"""
+        User = get_user_model()
+        self.user = User.objects.create_user(
+            email="testuser@test.com", password="testpass123"
+        )
+        self.client = APIClient()
+        self.client.force_authenticate(user=self.user)
+
+        self.profile1 = ImportProfile.objects.create(
+            name="Profile 1",
+            version=ImportProfile.Versions.VERSION_1,
+            yaml_config="""
+file_type: csv
+date_format: "%Y-%m-%d"
+column_mapping:
+  date:
+    source: date
+  description:
+    source: description
+  amount:
+    source: amount
+  transaction_type:
+    detection_method: always_expense
+  is_paid:
+    detection_method: always_paid
+  account:
+    source: account
+    match_field: name
+""",
+        )
+        self.profile2 = ImportProfile.objects.create(
+            name="Profile 2",
+            version=ImportProfile.Versions.VERSION_1,
+            yaml_config="""
+file_type: csv
+date_format: "%Y-%m-%d"
+column_mapping:
+  date:
+    source: date
+  description:
+    source: description
+  amount:
+    source: amount
+  transaction_type:
+    detection_method: always_income
+  is_paid:
+    detection_method: always_unpaid
+  account:
+    source: account
+    match_field: name
+""",
+        )
+
+        # Create import runs
+        self.run1 = ImportRun.objects.create(
+            profile=self.profile1,
+            file_name="file1.csv",
+            status=ImportRun.Status.FINISHED,
+        )
+        self.run2 = ImportRun.objects.create(
+            profile=self.profile1,
+            file_name="file2.csv",
+            status=ImportRun.Status.QUEUED,
+        )
+        self.run3 = ImportRun.objects.create(
+            profile=self.profile2,
+            file_name="file3.csv",
+            status=ImportRun.Status.FINISHED,
+        )
+
+    def test_list_all_runs(self):
+        """Test listing all runs"""
+        response = self.client.get("/api/import/runs/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["count"], 3)
+        self.assertEqual(len(response.data["results"]), 3)
+
+    def test_list_runs_by_profile(self):
+        """Test filtering runs by profile_id"""
+        response = self.client.get(f"/api/import/runs/?profile_id={self.profile1.id}")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["count"], 2)
+        for run in response.data["results"]:
+            self.assertEqual(run["profile"], self.profile1.id)
+
+    def test_list_runs_by_other_profile(self):
+        """Test filtering runs by another profile_id"""
+        response = self.client.get(f"/api/import/runs/?profile_id={self.profile2.id}")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["count"], 1)
+        self.assertEqual(response.data["results"][0]["profile"], self.profile2.id)
+
+    def test_retrieve_run(self):
+        """Test retrieving a specific run"""
+        response = self.client.get(f"/api/import/runs/{self.run1.id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["id"], self.run1.id)
+        self.assertEqual(response.data["file_name"], "file1.csv")
+        self.assertEqual(response.data["status"], "FINISHED")
+
+    def test_retrieve_nonexistent_run(self):
+        """Test retrieving a non-existent run returns 404"""
+        response = self.client.get("/api/import/runs/99999/")
+
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_runs_unauthenticated(self):
+        """Test unauthenticated request returns 403"""
+        unauthenticated_client = APIClient()
+        response = unauthenticated_client.get("/api/import/runs/")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
--- a/app/apps/api/urls.py
+++ b/app/apps/api/urls.py
@@ -16,7 +16,11 @@ router.register(r"currencies", views.CurrencyViewSet)
 router.register(r"exchange-rates", views.ExchangeRateViewSet)
 router.register(r"dca/strategies", views.DCAStrategyViewSet)
 router.register(r"dca/entries", views.DCAEntryViewSet)
+router.register(r"import/profiles", views.ImportProfileViewSet, basename="import-profiles")
+router.register(r"import/runs", views.ImportRunViewSet, basename="import-runs")
+router.register(r"import/import", views.ImportViewSet, basename="import-import")

 urlpatterns = [
    path("", include(router.urls)),
 ]
+
--- a/app/apps/api/views/init.py
+++ b/app/apps/api/views/init.py
@@ -2,3 +2,5 @@ from .transactions import *
 from .accounts import *
 from .currencies import *
 from .dca import *
+from .imports import *
+
--- a/app/apps/api/views/accounts.py
+++ b/app/apps/api/views/accounts.py
@@ -1,17 +1,60 @@
+from drf_spectacular.utils import extend_schema, extend_schema_view
 from rest_framework import viewsets
+from rest_framework.decorators import action
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+
 from apps.accounts.models import AccountGroup, Account
-from apps.api.serializers import AccountGroupSerializer, AccountSerializer
+from apps.accounts.services import get_account_balance
+from apps.api.custom.pagination import CustomPageNumberPagination
+from apps.api.serializers import AccountGroupSerializer, AccountSerializer, AccountBalanceSerializer


 class AccountGroupViewSet(viewsets.ModelViewSet):
+    """ViewSet for managing account groups."""
+
    queryset = AccountGroup.objects.all()
    serializer_class = AccountGroupSerializer
-
-
-class AccountViewSet(viewsets.ModelViewSet):
-    queryset = Account.objects.all()
-    serializer_class = AccountSerializer
+    pagination_class = CustomPageNumberPagination

    def get_queryset(self):
-        queryset = super().get_queryset()
-        return queryset.select_related("group", "currency", "exchange_currency")
+        return AccountGroup.objects.all().order_by("id")
+
+
+@extend_schema_view(
+    balance=extend_schema(
+        summary="Get account balance",
+        description="Returns the current and projected balance for the account, along with currency data.",
+        responses={200: AccountBalanceSerializer},
+    ),
+)
+class AccountViewSet(viewsets.ModelViewSet):
+    """ViewSet for managing accounts."""
+
+    queryset = Account.objects.all()
+    serializer_class = AccountSerializer
+    pagination_class = CustomPageNumberPagination
+
+    def get_queryset(self):
+        return (
+            Account.objects.all()
+            .order_by("id")
+            .select_related("group", "currency", "exchange_currency")
+        )
+
+    @action(detail=True, methods=["get"], permission_classes=[IsAuthenticated])
+    def balance(self, request, pk=None):
+        """Get current and projected balance for an account."""
+        account = self.get_object()
+        
+        current_balance = get_account_balance(account, paid_only=True)
+        projected_balance = get_account_balance(account, paid_only=False)
+        
+        serializer = AccountBalanceSerializer({
+            "current_balance": current_balance,
+            "projected_balance": projected_balance,
+            "currency": account.currency,
+        })
+        
+        return Response(serializer.data)
+
--- a/app/apps/api/views/dca.py
+++ b/app/apps/api/views/dca.py
@@ -9,6 +9,9 @@ class DCAStrategyViewSet(viewsets.ModelViewSet):
    queryset = DCAStrategy.objects.all()
    serializer_class = DCAStrategySerializer

+    def get_queryset(self):
+        return DCAStrategy.objects.all().order_by("id")
+
    @action(detail=True, methods=["get"])
    def investment_frequency(self, request, pk=None):
        strategy = self.get_object()
--- a/app/apps/api/views/imports.py
+++ b/app/apps/api/views/imports.py
@@ -0,0 +1,123 @@
+from django.core.files.storage import FileSystemStorage
+from drf_spectacular.types import OpenApiTypes
+from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_view, inline_serializer
+from rest_framework import serializers as drf_serializers
+from rest_framework import status, viewsets
+from rest_framework.parsers import MultiPartParser
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+
+from apps.api.serializers import ImportFileSerializer, ImportProfileSerializer, ImportRunSerializer
+from apps.import_app.models import ImportProfile, ImportRun
+from apps.import_app.tasks import process_import
+
+
+@extend_schema_view(
+    list=extend_schema(
+        summary="List import profiles",
+        description="Returns a paginated list of all available import profiles.",
+    ),
+    retrieve=extend_schema(
+        summary="Get import profile",
+        description="Returns the details of a specific import profile by ID.",
+    ),
+)
+class ImportProfileViewSet(viewsets.ReadOnlyModelViewSet):
+    """ViewSet for listing and retrieving import profiles."""
+
+    queryset = ImportProfile.objects.all()
+    serializer_class = ImportProfileSerializer
+    permission_classes = [IsAuthenticated]
+
+
+@extend_schema_view(
+    list=extend_schema(
+        summary="List import runs",
+        description="Returns a paginated list of import runs. Optionally filter by profile_id.",
+        parameters=[
+            OpenApiParameter(
+                name="profile_id",
+                type=int,
+                location=OpenApiParameter.QUERY,
+                description="Filter runs by profile ID",
+                required=False,
+            ),
+        ],
+    ),
+    retrieve=extend_schema(
+        summary="Get import run",
+        description="Returns the details of a specific import run by ID, including status and logs.",
+    ),
+)
+class ImportRunViewSet(viewsets.ReadOnlyModelViewSet):
+    """ViewSet for listing and retrieving import runs."""
+
+    queryset = ImportRun.objects.all().order_by("-id")
+    serializer_class = ImportRunSerializer
+    permission_classes = [IsAuthenticated]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        profile_id = self.request.query_params.get("profile_id")
+        if profile_id:
+            queryset = queryset.filter(profile_id=profile_id)
+        return queryset
+
+
+@extend_schema_view(
+    create=extend_schema(
+        summary="Import file",
+        description="Upload a CSV or XLSX file to import using an existing import profile. The import is queued and processed asynchronously.",
+        request={
+            "multipart/form-data": {
+                "type": "object",
+                "properties": {
+                    "profile_id": {"type": "integer", "description": "ID of the ImportProfile to use"},
+                    "file": {"type": "string", "format": "binary", "description": "CSV or XLSX file to import"},
+                },
+                "required": ["profile_id", "file"],
+            },
+        },
+        responses={
+            202: inline_serializer(
+                name="ImportResponse",
+                fields={
+                    "import_run_id": drf_serializers.IntegerField(),
+                    "status": drf_serializers.CharField(),
+                },
+            ),
+        },
+    ),
+)
+class ImportViewSet(viewsets.ViewSet):
+    """ViewSet for importing data via file upload."""
+
+    permission_classes = [IsAuthenticated]
+    parser_classes = [MultiPartParser]
+
+    def create(self, request):
+        serializer = ImportFileSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        profile = serializer.validated_data["profile"]
+        uploaded_file = serializer.validated_data["file"]
+
+        # Save file to temp location
+        fs = FileSystemStorage(location="/usr/src/app/temp")
+        filename = fs.save(uploaded_file.name, uploaded_file)
+        file_path = fs.path(filename)
+
+        # Create ImportRun record
+        import_run = ImportRun.objects.create(profile=profile, file_name=filename)
+
+        # Queue import task
+        process_import.defer(
+            import_run_id=import_run.id,
+            file_path=file_path,
+            user_id=request.user.id,
+        )
+
+        return Response(
+            {"import_run_id": import_run.id, "status": "queued"},
+            status=status.HTTP_202_ACCEPTED,
+        )
--- a/app/apps/api/views/transactions.py
+++ b/app/apps/api/views/transactions.py
@@ -1,5 +1,8 @@
+from copy import deepcopy
+
 from rest_framework import viewsets

+from apps.api.custom.pagination import CustomPageNumberPagination
 from apps.api.serializers import (
    TransactionSerializer,
    TransactionCategorySerializer,
@@ -22,40 +25,65 @@ from apps.rules.signals import transaction_updated, transaction_created
 class TransactionViewSet(viewsets.ModelViewSet):
    queryset = Transaction.objects.all()
    serializer_class = TransactionSerializer
+    pagination_class = CustomPageNumberPagination

    def perform_create(self, serializer):
        instance = serializer.save()
        transaction_created.send(sender=instance)

    def perform_update(self, serializer):
+        old_data = deepcopy(self.get_object())
        instance = serializer.save()
-        transaction_updated.send(sender=instance)
+        transaction_updated.send(sender=instance, old_data=old_data)

    def partial_update(self, request, *args, **kwargs):
        kwargs["partial"] = True
        return self.update(request, *args, **kwargs)

+    def get_queryset(self):
+        return Transaction.objects.all().order_by("-id")
+

 class TransactionCategoryViewSet(viewsets.ModelViewSet):
    queryset = TransactionCategory.objects.all()
    serializer_class = TransactionCategorySerializer
+    pagination_class = CustomPageNumberPagination
+
+    def get_queryset(self):
+        return TransactionCategory.objects.all().order_by("id")


 class TransactionTagViewSet(viewsets.ModelViewSet):
    queryset = TransactionTag.objects.all()
    serializer_class = TransactionTagSerializer
+    pagination_class = CustomPageNumberPagination
+
+    def get_queryset(self):
+        return TransactionTag.objects.all().order_by("id")


 class TransactionEntityViewSet(viewsets.ModelViewSet):
    queryset = TransactionEntity.objects.all()
    serializer_class = TransactionEntitySerializer
+    pagination_class = CustomPageNumberPagination
+
+    def get_queryset(self):
+        return TransactionEntity.objects.all().order_by("id")


 class InstallmentPlanViewSet(viewsets.ModelViewSet):
    queryset = InstallmentPlan.objects.all()
    serializer_class = InstallmentPlanSerializer
+    pagination_class = CustomPageNumberPagination
+
+    def get_queryset(self):
+        return InstallmentPlan.objects.all().order_by("-id")


 class RecurringTransactionViewSet(viewsets.ModelViewSet):
    queryset = RecurringTransaction.objects.all()
    serializer_class = RecurringTransactionSerializer
+    pagination_class = CustomPageNumberPagination
+
+    def get_queryset(self):
+        return RecurringTransaction.objects.all().order_by("-id")
--- a/app/apps/common/admin.py
+++ b/app/apps/common/admin.py
@@ -0,0 +1,26 @@
+from django.contrib import admin
+from django.utils.translation import gettext_lazy as _
+
+
+@admin.action(description=_("Make public"))
+def make_public(modeladmin, request, queryset):
+    queryset.update(visibility="public")
+
+
+@admin.action(description=_("Make private"))
+def make_private(modeladmin, request, queryset):
+    queryset.update(visibility="private")
+
+
+class SharedObjectModelAdmin(admin.ModelAdmin):
+    actions = [make_public, make_private]
+
+    list_display = ("__str__", "visibility", "owner", "get_shared_with")
+
+    @admin.display(description=_("Shared with users"))
+    def get_shared_with(self, obj):
+        return ", ".join([p.email for p in obj.shared_with.all()])
+
+    def get_queryset(self, request):
+        # Use the all_objects manager to show all transactions, including deleted ones
+        return self.model.all_objects.all()
--- a/app/apps/common/apps.py
+++ b/app/apps/common/apps.py
@@ -1,6 +1,28 @@
 from django.apps import AppConfig
+from django.core.cache import cache


 class CommonConfig(AppConfig):
    default_auto_field = "django.db.models.BigAutoField"
    name = "apps.common"
+
+    def ready(self):
+        from django.contrib import admin
+        from django.contrib.sites.models import Site
+        from allauth.socialaccount.models import (
+            SocialAccount,
+            SocialApp,
+            SocialToken,
+        )
+
+        admin.site.unregister(Site)
+        admin.site.unregister(SocialAccount)
+        admin.site.unregister(SocialApp)
+        admin.site.unregister(SocialToken)
+
+        # Delete the cache for update checks to prevent false-positives when the app is restarted
+        # this will be recreated by the check_for_updates task
+        cache.delete("update_check")
+
+        # Register system checks for required environment variables
+        from apps.common import checks  # noqa: F401
--- a/app/apps/common/checks.py
+++ b/app/apps/common/checks.py
@@ -0,0 +1,103 @@
+"""
+Django System Checks for required environment variables.
+
+This module validates that required environment variables (those without defaults)
+are present before the application starts.
+"""
+
+import os
+
+from django.core.checks import Error, register
+
+
+# List of environment variables that are required (no default values)
+# Based on the README.md documentation
+REQUIRED_ENV_VARS = [
+    ("SECRET_KEY", "This is used to provide cryptographic signing."),
+    ("SQL_DATABASE", "The name of your postgres database."),
+]
+
+# List of environment variables that must be valid integers if set
+INT_ENV_VARS = [
+    ("TASK_WORKERS", "How many workers to have for async tasks."),
+    ("SESSION_EXPIRY_TIME", "The age of session cookies, in seconds."),
+    ("INTERNAL_PORT", "The port on which the app listens on."),
+    ("DJANGO_VITE_DEV_SERVER_PORT", "The port where Vite's dev server is running"),
+]
+
+
+@register()
+def check_required_env_vars(app_configs, **kwargs):
+    """
+    Check that all required environment variables are set.
+
+    Returns a list of Error objects for any missing required variables.
+    """
+    errors = []
+
+    for var_name, description in REQUIRED_ENV_VARS:
+        value = os.getenv(var_name)
+        if not value:
+            errors.append(
+                Error(
+                    f"Required environment variable '{var_name}' is not set.",
+                    hint=f"{description} Please set this variable in your .env file or environment.",
+                    id="wygiwyh.E001",
+                )
+            )
+
+    return errors
+
+
+@register()
+def check_int_env_vars(app_configs, **kwargs):
+    """
+    Check that environment variables that should be integers are valid.
+
+    Returns a list of Error objects for any invalid integer variables.
+    """
+    errors = []
+
+    for var_name, description in INT_ENV_VARS:
+        value = os.getenv(var_name)
+        if value is not None:
+            try:
+                int(value)
+            except ValueError:
+                errors.append(
+                    Error(
+                        f"Environment variable '{var_name}' must be a valid integer, got '{value}'.",
+                        hint=f"{description}",
+                        id="wygiwyh.E002",
+                    )
+                )
+
+    return errors
+
+
+@register()
+def check_soft_delete_config(app_configs, **kwargs):
+    """
+    Check that KEEP_DELETED_TRANSACTIONS_FOR is a valid integer when ENABLE_SOFT_DELETE is enabled.
+
+    Returns a list of Error objects if the configuration is invalid.
+    """
+    errors = []
+
+    enable_soft_delete = os.getenv("ENABLE_SOFT_DELETE", "false").lower() == "true"
+
+    if enable_soft_delete:
+        keep_deleted_for = os.getenv("KEEP_DELETED_TRANSACTIONS_FOR")
+        if keep_deleted_for is not None:
+            try:
+                int(keep_deleted_for)
+            except ValueError:
+                errors.append(
+                    Error(
+                        f"Environment variable 'KEEP_DELETED_TRANSACTIONS_FOR' must be a valid integer when ENABLE_SOFT_DELETE is enabled, got '{keep_deleted_for}'.",
+                        hint="Time in days to keep soft deleted transactions for. Set to 0 to keep all transactions indefinitely.",
+                        id="wygiwyh.E003",
+                    )
+                )
+
+    return errors
--- a/app/apps/common/decorators/demo.py
+++ b/app/apps/common/decorators/demo.py
@@ -0,0 +1,15 @@
+from functools import wraps
+
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
+
+
+def disabled_on_demo(view):
+    @wraps(view)
+    def _view(request, *args, **kwargs):
+        if settings.DEMO and not request.user.is_superuser:
+            raise PermissionDenied
+
+        return view(request, *args, **kwargs)
+
+    return _view
--- a/app/apps/common/decorators/user.py
+++ b/app/apps/common/decorators/user.py
@@ -0,0 +1,78 @@
+from functools import wraps
+
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
+from django.http import HttpResponse
+from django.shortcuts import redirect
+from django.urls import reverse, NoReverseMatch
+
+
+def is_superuser(view):
+    @wraps(view)
+    def _view(request, *args, **kwargs):
+        if not request.user.is_superuser:
+            raise PermissionDenied
+
+        return view(request, *args, **kwargs)
+
+    return _view
+
+
+def htmx_login_required(function=None, login_url=None):
+    """
+    Decorator that checks if the user is logged in.
+
+    Allows overriding the default login URL.
+
+    If the user is not logged in:
+    - If "hx-request" is present in the request header, it returns a 200 response
+      with a "HX-Redirect" header containing the determined login URL (including the "next" parameter).
+    - If "hx-request" is not present, it redirects to the determined login page normally.
+
+    Args:
+        function: The view function to decorate.
+        login_url: Optional. The URL or URL name to redirect to for login.
+                   Defaults to settings.LOGIN_URL.
+    """
+
+    def decorator(view_func):
+        # Simplified @wraps usage - it handles necessary attribute assignments by default
+        @wraps(view_func)
+        def wrapped_view(request, *args, **kwargs):
+            if request.user.is_authenticated:
+                return view_func(request, *args, **kwargs)
+            else:
+                # Determine the login URL
+                resolved_login_url = login_url
+                if not resolved_login_url:
+                    resolved_login_url = settings.LOGIN_URL
+
+                # Try to reverse the URL name if it's not a path
+                try:
+                    # Check if it looks like a URL path already
+                    if "/" not in resolved_login_url and "." not in resolved_login_url:
+                        login_url_path = reverse(resolved_login_url)
+                    else:
+                        login_url_path = resolved_login_url
+                except NoReverseMatch:
+                    # If reverse fails, assume it's already a URL path
+                    login_url_path = resolved_login_url
+
+                # Construct the full redirect path with 'next' parameter
+                # Ensure request.path is URL-encoded if needed, though Django usually handles this
+                redirect_path = f"{login_url_path}?next={request.get_full_path()}"  # Use get_full_path() to include query params
+
+                if request.headers.get("hx-request"):
+                    # For HTMX requests, return a 200 with the HX-Redirect header.
+                    response = HttpResponse()
+                    response["HX-Redirect"] = login_url_path
+                    return response
+                else:
+                    # For regular requests, redirect to the login page.
+                    return redirect(redirect_path)
+
+        return wrapped_view
+
+    if function:
+        return decorator(function)
+    return decorator
--- a/app/apps/common/fields/forms/dynamic_select.py
+++ b/app/apps/common/fields/forms/dynamic_select.py
@@ -4,6 +4,7 @@ from django.db import transaction
 from django.utils.translation import gettext_lazy as _

 from apps.common.widgets.tom_select import TomSelect, TomSelectMultiple
+from apps.common.middleware.thread_local import get_current_user


 class DynamicModelChoiceField(forms.ModelChoiceField):
@@ -55,19 +56,24 @@ class DynamicModelChoiceField(forms.ModelChoiceField):
                if self.create_field:
                    try:
                        with transaction.atomic():
-                            instance, _ = self.model.objects.update_or_create(
-                                **{self.create_field: value}
-                            )
+                            # First try to get the object
+                            lookup = {self.create_field: value}
+                            try:
+                                instance = self.model.objects.get(**lookup)
+                            except self.model.DoesNotExist:
+                                # Create a new instance directly
+                                instance = self.model(**lookup)
+                                instance.save()
+
                            self._created_instance = instance
                            return instance
                    except Exception as e:
-                        raise ValidationError(
-                            self.error_messages["invalid_choice"], code="invalid_choice"
-                        )
+                        raise ValidationError(_("Error creating new instance"))
                else:
                    raise ValidationError(
                        self.error_messages["invalid_choice"], code="invalid_choice"
                    )
+
        return super().clean(value)

    def bound_data(self, data, initial):
@@ -90,8 +96,6 @@ class DynamicModelMultipleChoiceField(forms.ModelMultipleChoiceField):

    def __init__(self, model, **kwargs):
        """
-        Initialize the CreateIfNotExistsModelMultipleChoiceField.
-
        Args:
            create_field (str): The name of the field to use when creating new instances.
            *args: Variable length argument list.
@@ -123,33 +127,27 @@ class DynamicModelMultipleChoiceField(forms.ModelMultipleChoiceField):
        """
        try:
            with transaction.atomic():
-                instance, _ = self.model.objects.update_or_create(
-                    **{self.create_field: value}
-                )
-            return instance
+                # Check if exists first without using update_or_create
+                lookup = {self.create_field: value}
+                try:
+                    # Use base manager to bypass distinct filters
+                    instance = self.model.objects.get(**lookup)
+                    return instance
+                except self.model.DoesNotExist:
+                    # Create a new instance directly
+                    instance = self.model(**lookup)
+                    instance.save()
+                    return instance
        except Exception as e:
            raise ValidationError(_("Error creating new instance"))

    def clean(self, value):
-        """
-        Clean and validate the field value.
-
-        This method checks if each selected choice exists in the database.
-        If a choice doesn't exist, it creates a new instance of the model.
-
-        Args:
-            value (list): List of selected values.
-
-        Returns:
-            list: A list containing all selected and newly created model instances.
-
-        Raises:
-            ValidationError: If there's an error during the cleaning process.
-        """
        if not value:
            return []

        string_values = set(str(v) for v in value)
+
+        # Get existing objects first
        existing_objects = list(
            self.queryset.filter(**{f"{self.create_field}__in": string_values})
        )
@@ -157,13 +155,11 @@ class DynamicModelMultipleChoiceField(forms.ModelMultipleChoiceField):
            str(getattr(obj, self.create_field)) for obj in existing_objects
        )

+        # Create new objects for missing values
        new_values = string_values - existing_values
        new_objects = []

        for new_value in new_values:
-            try:
-                new_objects.append(self._create_new_instance(new_value))
-            except ValidationError as e:
-                raise ValidationError(_("Error creating new instance"))
+            new_objects.append(self._create_new_instance(new_value))

        return existing_objects + new_objects
--- a/app/apps/common/fields/month_year.py
+++ b/app/apps/common/fields/month_year.py
@@ -20,7 +20,15 @@ class MonthYearModelField(models.DateField):
            # Set the day to 1
            return date.replace(day=1).date()
        except ValueError:
-            raise ValidationError(_("Invalid date format. Use YYYY-MM."))
+            try:
+                # Also accept YYYY-MM-DD format (for loaddata)
+                return (
+                    datetime.datetime.strptime(value, "%Y-%m-%d").replace(day=1).date()
+                )
+            except ValueError:
+                raise ValidationError(
+                    _("Invalid date format. Use YYYY-MM or YYYY-MM-DD.")
+                )

    def formfield(self, **kwargs):
        kwargs["widget"] = MonthYearWidget
--- a/app/apps/common/forms.py
+++ b/app/apps/common/forms.py
@@ -0,0 +1,108 @@
+from apps.common.models import SharedObject
+from apps.common.widgets.crispy.submit import NoClassSubmit
+from apps.common.widgets.tom_select import TomSelect, TomSelectMultiple
+from crispy_forms.bootstrap import FormActions
+from crispy_forms.helper import FormHelper
+from crispy_forms.layout import HTML, Div, Field, Layout, Submit
+from django import forms
+from django.contrib.auth import get_user_model
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
+
+User = get_user_model()
+
+
+class SharedObjectForm(forms.Form):
+    """
+    Generic form for editing visibility and sharing settings
+    for models inheriting from SharedObject.
+    """
+
+    owner = forms.ModelChoiceField(
+        queryset=User.objects.all(),
+        required=False,
+        label=_("Owner"),
+        widget=TomSelect(clear_button=False),
+        help_text=_(
+            "The owner of this object, if empty all users can see, edit and take ownership."
+        ),
+    )
+    shared_with_users = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all(),
+        required=False,
+        widget=TomSelectMultiple(clear_button=True),
+        label=_("Shared with users"),
+        help_text=_("Select users to share this object with"),
+    )
+    visibility = forms.ChoiceField(
+        choices=SharedObject.Visibility.choices,
+        required=True,
+        label=_("Visibility"),
+        widget=TomSelect(clear_button=False),
+        help_text=_(
+            "Private: Only shown for the owner and shared users. Only editable by the owner."
+            "<br/>"
+            "Public: Shown for all users. Only editable by the owner."
+        ),
+    )
+
+    class Meta:
+        fields = ["visibility", "shared_with_users"]
+
+    def __init__(self, *args, **kwargs):
+        # Get the current user to filter available sharing options
+        self.user = kwargs.pop("user", None)
+        self.instance = kwargs.pop("instance", None)
+
+        super().__init__(*args, **kwargs)
+
+        # Pre-populate shared users if instance exists
+        if self.instance:
+            self.fields["shared_with_users"].initial = self.instance.shared_with.all()
+            self.fields["visibility"].initial = self.instance.visibility
+            self.fields["owner"].initial = self.instance.owner
+
+        # Set up crispy form helper
+        self.helper = FormHelper()
+        self.helper.form_method = "post"
+        self.helper.form_tag = False
+
+        self.helper.layout = Layout(
+            Field("owner"),
+            Field("visibility"),
+            HTML('<hr class="hr my-3">'),
+            Field("shared_with_users"),
+            FormActions(
+                NoClassSubmit("submit", _("Save"), css_class="btn btn-primary"),
+            ),
+        )
+
+    def clean(self):
+        cleaned_data = super().clean()
+        owner = cleaned_data.get("owner")
+        shared_with_users = cleaned_data.get("shared_with_users", [])
+
+        # Raise validation error if owner is in shared_with_users
+        if owner and owner in shared_with_users:
+            self.add_error(
+                "shared_with_users",
+                ValidationError(
+                    _("You cannot share this item with its owner."),
+                    code="invalid_share",
+                ),
+            )
+
+        return cleaned_data
+
+    def save(self):
+        instance = self.instance
+
+        instance.visibility = self.cleaned_data["visibility"]
+        instance.owner = self.cleaned_data["owner"]
+
+        instance.save()
+
+        # Clear and set shared_with users
+        instance.shared_with.set(self.cleaned_data.get("shared_with_users", []))
+
+        return instance
--- a/app/apps/common/functions/decimals.py
+++ b/app/apps/common/functions/decimals.py
@@ -9,5 +9,8 @@ def truncate_decimal(value, decimal_places):
    :param decimal_places: The number of decimal places to keep
    :return: Truncated Decimal value
    """
+    if isinstance(value, (int, float)):
+        value = Decimal(str(value))
+
    multiplier = Decimal(10**decimal_places)
    return (value * multiplier).to_integral_value(rounding=ROUND_DOWN) / multiplier
--- a/app/apps/common/functions/format.py
+++ b/app/apps/common/functions/format.py
@@ -5,7 +5,12 @@ from django.utils.formats import get_format as original_get_format
 def get_format(format_type=None, lang=None, use_l10n=None):
    user = get_current_user()

-    if user and user.is_authenticated and hasattr(user, "settings"):
+    if (
+        user
+        and user.is_authenticated
+        and hasattr(user, "settings")
+        and use_l10n is not False
+    ):
        user_settings = user.settings
        if format_type == "THOUSAND_SEPARATOR":
            number_format = getattr(user_settings, "number_format", None)
@@ -13,11 +18,13 @@ def get_format(format_type=None, lang=None, use_l10n=None):
                return "."
            elif number_format == "CD":
                return ","
+            elif number_format == "SD" or number_format == "SC":
+                return " "
        elif format_type == "DECIMAL_SEPARATOR":
            number_format = getattr(user_settings, "number_format", None)
-            if number_format == "DC":
+            if number_format == "DC" or number_format == "SC":
                return ","
-            elif number_format == "CD":
+            elif number_format == "CD" or number_format == "SD":
                return "."
        elif format_type == "SHORT_DATE_FORMAT":
            date_format = getattr(user_settings, "date_format", None)
--- a/app/apps/common/management/init.py
+++ b/app/apps/common/management/init.py
--- a/app/apps/common/management/commands/init.py
+++ b/app/apps/common/management/commands/init.py
--- a/app/apps/common/management/commands/setup_users.py
+++ b/app/apps/common/management/commands/setup_users.py
@@ -0,0 +1,137 @@
+import os
+from django.core.management.base import BaseCommand, CommandError
+from django.contrib.auth import get_user_model
+from django.conf import settings
+from django.db import IntegrityError
+
+# Get the custom User model if defined, otherwise the default User model
+User = get_user_model()
+
+
+class Command(BaseCommand):
+    help = (
+        "Creates a superuser from environment variables (ADMIN_EMAIL, ADMIN_PASSWORD) "
+        "and optionally creates a demo user (demo@demo.com) if settings.DEMO is True."
+    )
+
+    def handle(self, *args, **options):
+        self.stdout.write("Starting user setup...")
+
+        # --- Create Superuser ---
+        admin_email = os.environ.get("ADMIN_EMAIL")
+        admin_password = os.environ.get("ADMIN_PASSWORD")
+
+        if admin_email and admin_password:
+            self.stdout.write(f"Attempting to create superuser: {admin_email}")
+            # Use email as username for simplicity, requires USERNAME_FIELD='email'
+            # or adapt if your USERNAME_FIELD is different.
+            # If USERNAME_FIELD is 'username', you might need ADMIN_USERNAME env var.
+            username_field = User.USERNAME_FIELD  # Get the actual username field name
+
+            # Check if the user already exists by email or username
+            user_exists_kwargs = {"email": admin_email}
+            if username_field != "email":
+                # Assume username should also be the email if not explicitly provided
+                user_exists_kwargs[username_field] = admin_email
+
+            if User.objects.filter(**user_exists_kwargs).exists():
+                self.stdout.write(
+                    self.style.WARNING(
+                        f"Superuser with email '{admin_email}' (or corresponding username) already exists. Skipping creation."
+                    )
+                )
+            else:
+                try:
+                    create_kwargs = {
+                        username_field: admin_email,  # Use email as username by default
+                        "email": admin_email,
+                        "password": admin_password,
+                    }
+                    User.objects.create_superuser(**create_kwargs)
+                    self.stdout.write(
+                        self.style.SUCCESS(
+                            f"Superuser '{admin_email}' created successfully."
+                        )
+                    )
+                except IntegrityError as e:
+                    self.stdout.write(
+                        self.style.ERROR(
+                            f"Failed to create superuser '{admin_email}'. IntegrityError: {e}"
+                        )
+                    )
+                except Exception as e:
+                    self.stdout.write(
+                        self.style.ERROR(
+                            f"An unexpected error occurred creating superuser '{admin_email}': {e}"
+                        )
+                    )
+        else:
+            self.stdout.write(
+                self.style.NOTICE(
+                    "ADMIN_EMAIL or ADMIN_PASSWORD environment variables not set. Skipping superuser creation."
+                )
+            )
+
+        self.stdout.write("---")  # Separator
+
+        # --- Create Demo User ---
+        # Use getattr to safely check for the DEMO setting, default to False if not present
+        create_demo_user = getattr(settings, "DEMO", False)
+
+        if create_demo_user:
+            demo_email = "demo@demo.com"
+            demo_password = (
+                "wygiwyhdemo"  # Consider making this an env var too for security
+            )
+            demo_username = demo_email  # Using email as username for consistency
+
+            self.stdout.write(
+                f"DEMO setting is True. Attempting to create demo user: {demo_email}"
+            )
+
+            username_field = User.USERNAME_FIELD  # Get the actual username field name
+
+            # Check if the user already exists by email or username
+            user_exists_kwargs = {"email": demo_email}
+            if username_field != "email":
+                user_exists_kwargs[username_field] = demo_username
+
+            if User.objects.filter(**user_exists_kwargs).exists():
+                self.stdout.write(
+                    self.style.WARNING(
+                        f"Demo user with email '{demo_email}' (or corresponding username) already exists. Skipping creation."
+                    )
+                )
+            else:
+                try:
+                    create_kwargs = {
+                        username_field: demo_username,
+                        "email": demo_email,
+                        "password": demo_password,
+                    }
+                    User.objects.create_user(**create_kwargs)
+                    self.stdout.write(
+                        self.style.SUCCESS(
+                            f"Demo user '{demo_email}' created successfully."
+                        )
+                    )
+                except IntegrityError as e:
+                    self.stdout.write(
+                        self.style.ERROR(
+                            f"Failed to create demo user '{demo_email}'. IntegrityError: {e}"
+                        )
+                    )
+                except Exception as e:
+                    self.stdout.write(
+                        self.style.ERROR(
+                            f"An unexpected error occurred creating demo user '{demo_email}': {e}"
+                        )
+                    )
+        else:
+            self.stdout.write(
+                self.style.NOTICE(
+                    "DEMO setting is not True (or not set). Skipping demo user creation."
+                )
+            )
+
+        self.stdout.write(self.style.SUCCESS("User setup command finished."))
--- a/app/apps/common/middleware/thread_local.py
+++ b/app/apps/common/middleware/thread_local.py
@@ -56,6 +56,16 @@ def get_current_user():
    if request:
        return getattr(request, "user", None)

+    return getattr(_thread_locals, "user", None)
+
+
+def write_current_user(user):
+    _thread_locals.user = user
+
+
+def delete_current_user():
+    del _thread_locals.user
+

 class ThreadLocalMiddleware(MiddlewareMixin):
    """Simple middleware that adds the request object in thread local storage."""
--- a/app/apps/common/models.py
+++ b/app/apps/common/models.py
@@ -0,0 +1,103 @@
+from django.db import models
+from django.conf import settings
+from django.db.models import Q
+from django.utils.translation import gettext_lazy as _
+
+from apps.common.middleware.thread_local import get_current_user
+
+
+class SharedObjectManager(models.Manager):
+    def get_queryset(self):
+        """Return only objects the user can access"""
+        user = get_current_user()
+        base_qs = super().get_queryset()
+
+        if user and user.is_authenticated:
+            return base_qs.filter(
+                Q(visibility="public")
+                | Q(owner=user)
+                | Q(shared_with=user)
+                | Q(visibility="private", owner=None)
+            ).distinct()
+
+        return base_qs.filter(visibility="public")
+
+
+class SharedObject(models.Model):
+    # Access control enum
+    class Visibility(models.TextChoices):
+        private = "private", _("Private")
+        is_paid = "public", _("Public")
+
+    # Core sharing fields
+    owner = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        related_name="%(class)s_owned",
+        null=True,
+        blank=True,
+        verbose_name=_("Owner"),
+    )
+    visibility = models.CharField(
+        max_length=10,
+        choices=Visibility.choices,
+        default=Visibility.private,
+        verbose_name=_("Visibility"),
+    )
+    shared_with = models.ManyToManyField(
+        settings.AUTH_USER_MODEL,
+        related_name="%(class)s_shared",
+        blank=True,
+        verbose_name=_("Shared with users"),
+    )
+
+    # Use as abstract base class
+    class Meta:
+        abstract = True
+        indexes = [
+            models.Index(fields=["visibility"]),
+        ]
+
+    def is_accessible_by(self, user):
+        """Check if a user can access this object"""
+        return (
+            self.visibility == "public"
+            or self.owner == user
+            or (self.visibility == "shared" and user in self.shared_with.all())
+        )
+
+    def save(self, *args, **kwargs):
+        if not self.pk and not self.owner:
+            self.owner = get_current_user()
+        super().save(*args, **kwargs)
+
+
+class OwnedObjectManager(models.Manager):
+    def get_queryset(self):
+        """Return only objects the user can access"""
+        user = get_current_user()
+        base_qs = super().get_queryset()
+
+        if user and user.is_authenticated:
+            return base_qs.filter(Q(owner=user) | Q(owner=None)).distinct()
+
+        return base_qs
+
+
+class OwnedObject(models.Model):
+    owner = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        related_name="%(class)s_owned",
+        null=True,
+        blank=True,
+    )
+
+    # Use as abstract base class
+    class Meta:
+        abstract = True
+
+    def save(self, *args, **kwargs):
+        if not self.pk and not self.owner:
+            self.owner = get_current_user()
+        super().save(*args, **kwargs)
--- a/app/apps/common/procrastinate.py
+++ b/app/apps/common/procrastinate.py
@@ -0,0 +1,6 @@
+import procrastinate
+
+
+def on_app_ready(app: procrastinate.App):
+    """This function is ran upon procrastinate initialization."""
+    ...
--- a/app/apps/common/tasks.py
+++ b/app/apps/common/tasks.py
@@ -1,23 +1,34 @@
 import logging
+from packaging.version import parse as parse_version, InvalidVersion

 from asgiref.sync import sync_to_async
+from django.conf import settings
 from django.core import management
+from django.db import DEFAULT_DB_ALIAS
+from django.core.cache import cache

 from procrastinate import builtin_tasks
 from procrastinate.contrib.django import app

+import requests
+

 logger = logging.getLogger(__name__)


@app.periodic(cron="0 4 * * *")
-@app.task(queueing_lock="remove_old_jobs", pass_context=True, name="remove_old_jobs")
+@app.task(
+    lock="remove_old_jobs",
+    queueing_lock="remove_old_jobs",
+    pass_context=True,
+    name="remove_old_jobs",
+)
 async def remove_old_jobs(context, timestamp):
    try:
        return await builtin_tasks.remove_old_jobs(
            context,
            max_hours=744,
-            remove_error=True,
+            remove_failed=True,
            remove_cancelled=True,
            remove_aborted=True,
        )
@@ -30,7 +41,11 @@ async def remove_old_jobs(context, timestamp):


@app.periodic(cron="0 6 1 * *")
-@app.task(queueing_lock="remove_expired_sessions", name="remove_expired_sessions")
+@app.task(
+    lock="remove_expired_sessions",
+    queueing_lock="remove_expired_sessions",
+    name="remove_expired_sessions",
+)
 async def remove_expired_sessions(timestamp=None):
    """Cleanup expired sessions by using Django management command."""
    try:
@@ -40,3 +55,84 @@ async def remove_expired_sessions(timestamp=None):
            "Error while executing 'remove_expired_sessions' task",
            exc_info=True,
        )
+
+
+@app.periodic(cron="0 8 * * *")
+@app.task(lock="reset_demo_data", name="reset_demo_data")
+def reset_demo_data(timestamp=None):
+    """
+    Wipes the database and loads fresh demo data if DEMO mode is active.
+    Runs daily at 8:00 AM.
+    """
+    if not settings.DEMO:
+        return  # Exit if not in demo mode
+
+    logger.info("Demo mode active. Starting daily data reset...")
+
+    try:
+        # 1. Flush the database (wipe all data)
+        logger.info("Flushing the database...")
+
+        management.call_command(
+            "flush", "--noinput", database=DEFAULT_DB_ALIAS, verbosity=1
+        )
+        logger.info("Database flushed successfully.")
+
+        # 2. Load data from the fixture
+        # TO-DO: Roll dates over based on today's date
+        fixture_name = "fixtures/demo_data.json"
+        logger.info(f"Loading data from fixture: {fixture_name}...")
+        management.call_command(
+            "loaddata", fixture_name, database=DEFAULT_DB_ALIAS, verbosity=1
+        )
+        logger.info(f"Data loaded successfully from {fixture_name}.")
+
+        logger.info("Daily demo data reset completed.")
+
+    except Exception as e:
+        logger.exception(f"Error during daily demo data reset: {e}")
+        raise
+
+
+@app.periodic(cron="0 */12 * * *")  # Every 12 hours
+@app.task(lock="check_for_updates", name="check_for_updates")
+def check_for_updates(timestamp=None):
+    if not settings.CHECK_FOR_UPDATES:
+        return "CHECK_FOR_UPDATES is disabled"
+
+    url = "https://api.github.com/repos/eitchtee/WYGIWYH/releases/latest"
+
+    try:
+        response = requests.get(url, timeout=60)
+        response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
+
+        data = response.json()
+        latest_version = data.get("tag_name")
+
+        if latest_version:
+            try:
+                current_v = parse_version(settings.APP_VERSION)
+            except InvalidVersion:
+                current_v = parse_version("0.0.0")
+            try:
+                latest_v = parse_version(latest_version)
+            except InvalidVersion:
+                latest_v = parse_version("0.0.0")
+
+            update_info = {
+                "update_available": False,
+                "current_version": str(current_v),
+                "latest_version": str(latest_v),
+            }
+
+            if latest_v > current_v:
+                update_info["update_available"] = True
+
+            # Cache the entire dictionary
+            cache.set("update_check", update_info, 60 * 60 * 25)
+            logger.info(f"Update check complete. Result: {update_info}")
+        else:
+            logger.warning("Could not find 'tag_name' in GitHub API response.")
+
+    except requests.exceptions.RequestException as e:
+        logger.error(f"Failed to fetch updates from GitHub: {e}")
--- a/app/apps/common/templatetags/cache_access.py
+++ b/app/apps/common/templatetags/cache_access.py
@@ -0,0 +1,17 @@
+# core/templatetags/update_tags.py
+from django import template
+from django.core.cache import cache
+
+register = template.Library()
+
+
+@register.simple_tag
+def get_update_check():
+    """
+    Retrieves the update status dictionary from the cache.
+    Returns a default dictionary if nothing is found.
+    """
+    return cache.get("update_check") or {
+        "update_available": False,
+        "latest_version": "N/A",
+    }
--- a/app/apps/common/templatetags/crispy_extra.py
+++ b/app/apps/common/templatetags/crispy_extra.py
@@ -0,0 +1,13 @@
+from django import forms, template
+
+register = template.Library()
+
+
+@register.filter
+def is_input(field):
+    return isinstance(field.field.widget, forms.TextInput)
+
+
+@register.filter
+def is_textarea(field):
+    return isinstance(field.field.widget, forms.Textarea)
--- a/app/apps/common/templatetags/toast_bg.py
+++ b/app/apps/common/templatetags/toast_bg.py
@@ -11,7 +11,7 @@ def toast_bg(tags):
    elif "warning" in tags:
        return "warning"
    elif "error" in tags:
-        return "danger"
+        return "error"
    elif "info" in tags:
        return "info"

--- a/app/apps/common/views.py
+++ b/app/apps/common/views.py
@@ -15,10 +15,11 @@ from cachalot.api import invalidate

 from apps.common.decorators.htmx import only_htmx
 from apps.transactions.models import Transaction
+from apps.common.decorators.user import htmx_login_required


@only_htmx
-@login_required
+@htmx_login_required
@require_http_methods(["GET"])
 def toasts(request):
    return render(request, "common/fragments/toasts.html")
@@ -90,6 +91,12 @@ def month_year_picker(request):
        for date in all_months
    ]

+    today_url = (
+        reverse(url, kwargs={"month": current_date.month, "year": current_date.year})
+        if url
+        else ""
+    )
+
    return render(
        request,
        "common/fragments/month_year_picker.html",
@@ -97,6 +104,7 @@ def month_year_picker(request):
            "month_year_data": result,
            "current_month": current_month,
            "current_year": current_year,
+            "today_url": today_url,
        },
    )

--- a/app/apps/common/widgets/crispy/daisyui.py
+++ b/app/apps/common/widgets/crispy/daisyui.py
@@ -0,0 +1,5 @@
+from crispy_forms.layout import Field
+
+
+class Switch(Field):
+    template = "crispy-daisyui/layout/switch.html"
--- a/app/apps/common/widgets/datepicker.py
+++ b/app/apps/common/widgets/datepicker.py
@@ -1,15 +1,14 @@
 import datetime

-from django.forms import widgets
-from django.utils import formats, translation, dates
-from django.utils.translation import gettext_lazy as _
-
+from apps.common.functions.format import get_format
 from apps.common.utils.django import (
-    django_to_python_datetime,
    django_to_airdatepicker_datetime,
    django_to_airdatepicker_datetime_separated,
+    django_to_python_datetime,
 )
-from apps.common.functions.format import get_format
+from django.forms import widgets
+from django.utils import dates, formats, translation
+from django.utils.translation import gettext_lazy as _


 class AirDatePickerInput(widgets.DateInput):
@@ -19,6 +18,8 @@ class AirDatePickerInput(widgets.DateInput):
        format=None,
        clear_button=True,
        auto_close=True,
+        read_only=True,
+        toggle_selected=None,
        *args,
        **kwargs,
    ):
@@ -26,12 +27,18 @@ class AirDatePickerInput(widgets.DateInput):
        super().__init__(attrs=attrs, format=format, *args, **kwargs)
        self.clear_button = clear_button
        self.auto_close = auto_close
+        self.read_only = read_only
+        self.toggle_selected = (
+            toggle_selected if isinstance(toggle_selected, bool) else self.clear_button
+        )

    @staticmethod
    def _get_current_language():
        """Get current language code in format compatible with AirDatepicker"""
        lang_code = translation.get_language()
-        # AirDatepicker uses simple language codes
+        # AirDatepicker uses simple language codes, except for pt-br
+        if lang_code.lower() == "pt-br":
+            return "pt-BR"
        return lang_code.split("-")[0]

    def _get_format(self):
@@ -44,12 +51,18 @@ class AirDatePickerInput(widgets.DateInput):
    def build_attrs(self, base_attrs, extra_attrs=None):
        attrs = super().build_attrs(base_attrs, extra_attrs)

+        attrs["class"] = attrs.get("class", "") + " input"
+
        attrs["data-now-button-txt"] = _("Today")
        attrs["data-auto-close"] = str(self.auto_close).lower()
        attrs["data-clear-button"] = str(self.clear_button).lower()
+        attrs["data-toggle-selected"] = str(self.toggle_selected).lower()
        attrs["data-language"] = self._get_current_language()
        attrs["data-date-format"] = django_to_airdatepicker_datetime(self._get_format())

+        if self.read_only:
+            attrs["readonly"] = True
+
        return attrs

    def format_value(self, value):
@@ -89,6 +102,8 @@ class AirDateTimePickerInput(widgets.DateTimeInput):
        timepicker=True,
        clear_button=True,
        auto_close=True,
+        read_only=True,
+        toggle_selected=None,
        *args,
        **kwargs,
    ):
@@ -97,6 +112,10 @@ class AirDateTimePickerInput(widgets.DateTimeInput):
        self.timepicker = timepicker
        self.clear_button = clear_button
        self.auto_close = auto_close
+        self.read_only = read_only
+        self.toggle_selected = (
+            toggle_selected if isinstance(toggle_selected, bool) else self.clear_button
+        )

    @staticmethod
    def _get_current_language():
@@ -123,11 +142,15 @@ class AirDateTimePickerInput(widgets.DateTimeInput):
        attrs["data-now-button-txt"] = _("Now")
        attrs["data-timepicker"] = str(self.timepicker).lower()
        attrs["data-auto-close"] = str(self.auto_close).lower()
+        attrs["data-toggle-selected"] = str(self.toggle_selected).lower()
        attrs["data-clear-button"] = str(self.clear_button).lower()
        attrs["data-language"] = self._get_current_language()
        attrs["data-date-format"] = date_format
        attrs["data-time-format"] = time_format

+        if self.read_only:
+            attrs["readonly"] = True
+
        return attrs

    def format_value(self, value):
--- a/app/apps/common/widgets/decimal.py
+++ b/app/apps/common/widgets/decimal.py
@@ -35,8 +35,8 @@ class ArbitraryDecimalDisplayNumberInput(forms.TextInput):
        self.attrs.update(
            {
                "x-data": "",
-                "x-mask:dynamic": f"$money($input, '{get_format('DECIMAL_SEPARATOR')}', "
-                f"'{get_format('THOUSAND_SEPARATOR')}', '30')",
+                "x-mask:dynamic": f"$money($input, '{get_format('DECIMAL_SEPARATOR')}', '{get_format('THOUSAND_SEPARATOR')}', '30')",
+                "x-on:keyup": "if (!['Control', 'Shift', 'Alt', 'Meta'].includes($event.key) && !(($event.ctrlKey || $event.metaKey) && $event.key.toLowerCase() === 'a')) $el.dispatchEvent(new Event('input'))",
            }
        )

--- a/app/apps/common/widgets/tom_select.py
+++ b/app/apps/common/widgets/tom_select.py
@@ -1,4 +1,4 @@
-from django.forms import widgets, SelectMultiple
+from django.forms import SelectMultiple, widgets
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _

@@ -17,7 +17,7 @@ class TomSelect(widgets.Select):
        checkboxes=False,
        group_by=None,
        *args,
-        **kwargs
+        **kwargs,
    ):
        super().__init__(attrs, *args, **kwargs)
        self.remove_button = remove_button
--- a/app/apps/currencies/exchange_rates/fetcher.py
+++ b/app/apps/currencies/exchange_rates/fetcher.py
@@ -1,14 +1,9 @@
 import logging
-from datetime import timedelta

 from django.db.models import QuerySet
 from django.utils import timezone

-from apps.currencies.exchange_rates.providers import (
-    SynthFinanceProvider,
-    CoinGeckoFreeProvider,
-    CoinGeckoProProvider,
-)
+import apps.currencies.exchange_rates.providers as providers
 from apps.currencies.models import ExchangeRateService, ExchangeRate, Currency

 logger = logging.getLogger(__name__)
@@ -16,9 +11,12 @@ logger = logging.getLogger(__name__)

 # Map service types to provider classes
 PROVIDER_MAPPING = {
-    "synth_finance": SynthFinanceProvider,
-    "coingecko_free": CoinGeckoFreeProvider,
-    "coingecko_pro": CoinGeckoProProvider,
+    "coingecko_free": providers.CoinGeckoFreeProvider,
+    "coingecko_pro": providers.CoinGeckoProProvider,
+    "transitive": providers.TransitiveRateProvider,
+    "frankfurter": providers.FrankfurterProvider,
+    "twelvedata": providers.TwelveDataProvider,
+    "twelvedatamarkets": providers.TwelveDataMarketsProvider,
 }


@@ -199,25 +197,70 @@ class ExchangeRateFetcher:

                if provider.rates_inverted:
                    # If rates are inverted, we need to swap currencies
-                    ExchangeRate.objects.create(
-                        from_currency=to_currency,
-                        to_currency=from_currency,
-                        rate=rate,
-                        date=timezone.now(),
-                    )
+                    if service.singleton:
+                        # Try to get the last automatically created exchange rate
+                        exchange_rate = (
+                            ExchangeRate.objects.filter(
+                                automatic=True,
+                                from_currency=to_currency,
+                                to_currency=from_currency,
+                            )
+                            .order_by("-date")
+                            .first()
+                        )
+                    else:
+                        exchange_rate = None
+
+                    if not exchange_rate:
+                        ExchangeRate.objects.create(
+                            automatic=True,
+                            from_currency=to_currency,
+                            to_currency=from_currency,
+                            rate=rate,
+                            date=timezone.now(),
+                        )
+                    else:
+                        exchange_rate.rate = rate
+                        exchange_rate.date = timezone.now()
+                        exchange_rate.save()
+
                    processed_pairs.add((to_currency.id, from_currency.id))
                else:
                    # If rates are not inverted, we can use them as is
-                    ExchangeRate.objects.create(
-                        from_currency=from_currency,
-                        to_currency=to_currency,
-                        rate=rate,
-                        date=timezone.now(),
-                    )
+                    if service.singleton:
+                        # Try to get the last automatically created exchange rate
+                        exchange_rate = (
+                            ExchangeRate.objects.filter(
+                                automatic=True,
+                                from_currency=from_currency,
+                                to_currency=to_currency,
+                            )
+                            .order_by("-date")
+                            .first()
+                        )
+                    else:
+                        exchange_rate = None
+
+                    if not exchange_rate:
+                        ExchangeRate.objects.create(
+                            automatic=True,
+                            from_currency=from_currency,
+                            to_currency=to_currency,
+                            rate=rate,
+                            date=timezone.now(),
+                        )
+                    else:
+                        exchange_rate.rate = rate
+                        exchange_rate.date = timezone.now()
+                        exchange_rate.save()
+
                    processed_pairs.add((from_currency.id, to_currency.id))

            service.last_fetch = timezone.now()
+            service.failure_count = 0
            service.save()

        except Exception as e:
            logger.error(f"Error fetching rates for {service.name}: {e}")
+            service.failure_count += 1
+            service.save()
--- a/app/apps/currencies/exchange_rates/providers.py
+++ b/app/apps/currencies/exchange_rates/providers.py
@@ -3,80 +3,16 @@ import time

 import requests
 from decimal import Decimal
-from typing import Tuple, List
+from typing import Tuple, List, Optional, Dict

 from django.db.models import QuerySet

-from apps.currencies.models import Currency
+from apps.currencies.models import Currency, ExchangeRate
 from apps.currencies.exchange_rates.base import ExchangeRateProvider

 logger = logging.getLogger(__name__)


-class SynthFinanceProvider(ExchangeRateProvider):
-    """Implementation for Synth Finance API (synthfinance.com)"""
-
-    BASE_URL = "https://api.synthfinance.com/rates/live"
-    rates_inverted = False  # SynthFinance returns non-inverted rates
-
-    def __init__(self, api_key: str = None):
-        super().__init__(api_key)
-        self.session = requests.Session()
-        self.session.headers.update({"Authorization": f"Bearer {self.api_key}"})
-
-    def get_rates(
-        self, target_currencies: QuerySet, exchange_currencies: set
-    ) -> List[Tuple[Currency, Currency, Decimal]]:
-        results = []
-        currency_groups = {}
-        for currency in target_currencies:
-            if currency.exchange_currency in exchange_currencies:
-                group = currency_groups.setdefault(currency.exchange_currency.code, [])
-                group.append(currency)
-
-        for base_currency, currencies in currency_groups.items():
-            try:
-                to_currencies = ",".join(
-                    currency.code
-                    for currency in currencies
-                    if currency.code != base_currency
-                )
-                response = self.session.get(
-                    f"{self.BASE_URL}",
-                    params={"from": base_currency, "to": to_currencies},
-                )
-                response.raise_for_status()
-                data = response.json()
-                rates = data["data"]["rates"]
-
-                for currency in currencies:
-                    if currency.code == base_currency:
-                        rate = Decimal("1")
-                    else:
-                        rate = Decimal(str(rates[currency.code]))
-                    # Return the rate as is, without inversion
-                    results.append((currency.exchange_currency, currency, rate))
-
-                credits_used = data["meta"]["credits_used"]
-                credits_remaining = data["meta"]["credits_remaining"]
-                logger.info(
-                    f"Synth Finance API call: {credits_used} credits used, {credits_remaining} remaining"
-                )
-            except requests.RequestException as e:
-                logger.error(
-                    f"Error fetching rates from Synth Finance API for base {base_currency}: {e}"
-                )
-            except KeyError as e:
-                logger.error(
-                    f"Unexpected response structure from Synth Finance API for base {base_currency}: {e}"
-                )
-            except Exception as e:
-                logger.error(
-                    f"Unexpected error processing Synth Finance data for base {base_currency}: {e}"
-                )
-        return results
-
-
 class CoinGeckoFreeProvider(ExchangeRateProvider):
    """Implementation for CoinGecko Free API"""

@@ -150,3 +86,420 @@ class CoinGeckoProProvider(CoinGeckoFreeProvider):
        super().__init__(api_key)
        self.session = requests.Session()
        self.session.headers.update({"x-cg-pro-api-key": api_key})
+
+
+class TransitiveRateProvider(ExchangeRateProvider):
+    """Calculates exchange rates through paths of existing rates"""
+
+    rates_inverted = True
+
+    def __init__(self, api_key: str = None):
+        super().__init__(api_key)  # API key not needed but maintaining interface
+
+    @classmethod
+    def requires_api_key(cls) -> bool:
+        return False
+
+    def get_rates(
+        self, target_currencies: QuerySet, exchange_currencies: set
+    ) -> List[Tuple[Currency, Currency, Decimal]]:
+        results = []
+
+        # Get recent rates for building the graph
+        recent_rates = ExchangeRate.objects.all()
+
+        # Build currency graph
+        currency_graph = self._build_currency_graph(recent_rates)
+
+        for target in target_currencies:
+            if (
+                not target.exchange_currency
+                or target.exchange_currency not in exchange_currencies
+            ):
+                continue
+
+            # Find path and calculate rate
+            from_id = target.exchange_currency.id
+            to_id = target.id
+
+            path, rate = self._find_conversion_path(currency_graph, from_id, to_id)
+
+            if path and rate:
+                path_codes = [Currency.objects.get(id=cid).code for cid in path]
+                logger.info(
+                    f"Found conversion path: {' -> '.join(path_codes)}, rate: {rate}"
+                )
+                results.append((target.exchange_currency, target, rate))
+            else:
+                logger.debug(
+                    f"No conversion path found for {target.exchange_currency.code}->{target.code}"
+                )
+
+        return results
+
+    @staticmethod
+    def _build_currency_graph(rates) -> Dict[int, Dict[int, Decimal]]:
+        """Build a graph representation of currency relationships"""
+        graph = {}
+
+        for rate in rates:
+            # Add both directions to make the graph bidirectional
+            if rate.from_currency_id not in graph:
+                graph[rate.from_currency_id] = {}
+            graph[rate.from_currency_id][rate.to_currency_id] = rate.rate
+
+            if rate.to_currency_id not in graph:
+                graph[rate.to_currency_id] = {}
+            graph[rate.to_currency_id][rate.from_currency_id] = Decimal("1") / rate.rate
+
+        return graph
+
+    @staticmethod
+    def _find_conversion_path(
+        graph, from_id, to_id
+    ) -> Tuple[Optional[list], Optional[Decimal]]:
+        """Find the shortest path between currencies using breadth-first search"""
+        if from_id not in graph or to_id not in graph:
+            return None, None
+
+        queue = [(from_id, [from_id], Decimal("1"))]
+        visited = {from_id}
+
+        while queue:
+            current, path, current_rate = queue.pop(0)
+
+            if current == to_id:
+                return path, current_rate
+
+            for neighbor, rate in graph.get(current, {}).items():
+                if neighbor not in visited:
+                    visited.add(neighbor)
+                    queue.append((neighbor, path + [neighbor], current_rate * rate))
+
+        return None, None
+
+
+class FrankfurterProvider(ExchangeRateProvider):
+    """Implementation for the Frankfurter API (frankfurter.dev)"""
+
+    BASE_URL = "https://api.frankfurter.dev/v1/latest"
+    rates_inverted = (
+        False  # Frankfurter returns non-inverted rates (e.g., 1 EUR = 1.1 USD)
+    )
+
+    def __init__(self, api_key: str = None):
+        """
+        Initializes the provider. The Frankfurter API does not require an API key,
+        so the api_key parameter is ignored.
+        """
+        super().__init__(api_key)
+        self.session = requests.Session()
+
+    @classmethod
+    def requires_api_key(cls) -> bool:
+        return False
+
+    def get_rates(
+        self, target_currencies: QuerySet, exchange_currencies: set
+    ) -> List[Tuple[Currency, Currency, Decimal]]:
+        results = []
+        currency_groups = {}
+        # Group target currencies by their exchange (base) currency to minimize API calls
+        for currency in target_currencies:
+            if currency.exchange_currency in exchange_currencies:
+                group = currency_groups.setdefault(currency.exchange_currency.code, [])
+                group.append(currency)
+
+        # Make one API call for each base currency
+        for base_currency, currencies in currency_groups.items():
+            try:
+                # Create a comma-separated list of target currency codes
+                to_currencies = ",".join(
+                    currency.code
+                    for currency in currencies
+                    if currency.code != base_currency
+                )
+
+                # If there are no target currencies other than the base, skip the API call
+                if not to_currencies:
+                    # Handle the case where the only request is for the base rate (e.g., USD to USD)
+                    for currency in currencies:
+                        if currency.code == base_currency:
+                            results.append(
+                                (currency.exchange_currency, currency, Decimal("1"))
+                            )
+                    continue
+
+                response = self.session.get(
+                    self.BASE_URL,
+                    params={"base": base_currency, "symbols": to_currencies},
+                )
+                response.raise_for_status()
+                data = response.json()
+                rates = data["rates"]
+
+                # Process the returned rates
+                for currency in currencies:
+                    if currency.code == base_currency:
+                        # The rate for the base currency to itself is always 1
+                        rate = Decimal("1")
+                    else:
+                        rate = Decimal(str(rates[currency.code]))
+
+                    results.append((currency.exchange_currency, currency, rate))
+
+            except requests.RequestException as e:
+                logger.error(
+                    f"Error fetching rates from Frankfurter API for base {base_currency}: {e}"
+                )
+            except KeyError as e:
+                logger.error(
+                    f"Unexpected response structure from Frankfurter API for base {base_currency}: {e}"
+                )
+            except Exception as e:
+                logger.error(
+                    f"Unexpected error processing Frankfurter data for base {base_currency}: {e}"
+                )
+        return results
+
+
+class TwelveDataProvider(ExchangeRateProvider):
+    """Implementation for the Twelve Data API (twelvedata.com)"""
+
+    BASE_URL = "https://api.twelvedata.com/exchange_rate"
+    rates_inverted = (
+        False  # The API returns direct rates, e.g., for EUR/USD it's 1 EUR = X USD
+    )
+
+    def __init__(self, api_key: str):
+        """
+        Initializes the provider with an API key and a requests session.
+        """
+        super().__init__(api_key)
+        self.session = requests.Session()
+
+    @classmethod
+    def requires_api_key(cls) -> bool:
+        """This provider requires an API key."""
+        return True
+
+    def get_rates(
+        self, target_currencies: QuerySet, exchange_currencies: set
+    ) -> List[Tuple[Currency, Currency, Decimal]]:
+        """
+        Fetches exchange rates from the Twelve Data API for the given currency pairs.
+
+        This provider makes one API call for each requested currency pair.
+        """
+        results = []
+
+        for target_currency in target_currencies:
+            # Ensure the target currency's exchange currency is one we're interested in
+            if target_currency.exchange_currency not in exchange_currencies:
+                continue
+
+            base_currency = target_currency.exchange_currency
+
+            # The exchange rate for the same currency is always 1
+            if base_currency.code == target_currency.code:
+                rate = Decimal("1")
+                results.append((base_currency, target_currency, rate))
+                continue
+
+            # Construct the symbol in the format "BASE/TARGET", e.g., "EUR/USD"
+            symbol = f"{base_currency.code}/{target_currency.code}"
+
+            try:
+                params = {
+                    "symbol": symbol,
+                    "apikey": self.api_key,
+                }
+
+                response = self.session.get(self.BASE_URL, params=params)
+                response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
+
+                data = response.json()
+
+                # The API may return an error message in a JSON object
+                if "rate" not in data:
+                    error_message = data.get("message", "Rate not found in response.")
+                    logger.error(
+                        f"Could not fetch rate for {symbol} from Twelve Data: {error_message}"
+                    )
+                    continue
+
+                # Convert the rate to a Decimal for precision
+                rate = Decimal(str(data["rate"]))
+                results.append((base_currency, target_currency, rate))
+
+                logger.info(f"Successfully fetched rate for {symbol} from Twelve Data.")
+
+                time.sleep(
+                    60
+                )  # We sleep every pair as to not step over TwelveData's minute limit
+
+            except requests.RequestException as e:
+                logger.error(
+                    f"Error fetching rate from Twelve Data API for symbol {symbol}: {e}"
+                )
+            except KeyError as e:
+                logger.error(
+                    f"Unexpected response structure from Twelve Data API for symbol {symbol}: Missing key {e}"
+                )
+            except Exception as e:
+                logger.error(
+                    f"An unexpected error occurred while processing Twelve Data for {symbol}: {e}"
+                )
+
+        return results
+
+
+class TwelveDataMarketsProvider(ExchangeRateProvider):
+    """
+    Provides prices for market instruments (stocks, ETFs, etc.) using the Twelve Data API.
+
+    This provider performs a multi-step process:
+    1. Parses instrument codes which can be symbols, FIGI, CUSIP, or ISIN.
+    2. For CUSIPs, it defaults the currency to USD. For all others, it searches
+       for the instrument to determine its native trading currency.
+    3. Fetches the latest price for the instrument in its native currency.
+    4. Converts the price to the requested target exchange currency.
+    """
+
+    SYMBOL_SEARCH_URL = "https://api.twelvedata.com/symbol_search"
+    PRICE_URL = "https://api.twelvedata.com/price"
+    EXCHANGE_RATE_URL = "https://api.twelvedata.com/exchange_rate"
+
+    rates_inverted = True
+
+    def __init__(self, api_key: str):
+        super().__init__(api_key)
+        self.session = requests.Session()
+
+    @classmethod
+    def requires_api_key(cls) -> bool:
+        return True
+
+    def _parse_code(self, raw_code: str) -> Tuple[str, str]:
+        """Parses the raw code to determine its type and value."""
+        if raw_code.startswith("figi:"):
+            return "figi", raw_code.removeprefix("figi:")
+        if raw_code.startswith("cusip:"):
+            return "cusip", raw_code.removeprefix("cusip:")
+        if raw_code.startswith("isin:"):
+            return "isin", raw_code.removeprefix("isin:")
+        return "symbol", raw_code
+
+    def get_rates(
+        self, target_currencies: QuerySet, exchange_currencies: set
+    ) -> List[Tuple[Currency, Currency, Decimal]]:
+        results = []
+
+        for asset in target_currencies:
+            if asset.exchange_currency not in exchange_currencies:
+                continue
+
+            code_type, code_value = self._parse_code(asset.code)
+            original_currency_code = None
+
+            try:
+                # Determine the instrument's native currency
+                if code_type == "cusip":
+                    # CUSIP codes always default to USD
+                    original_currency_code = "USD"
+                    logger.info(f"Defaulting CUSIP {code_value} to USD currency.")
+                else:
+                    # For all other types, find currency via symbol search
+                    search_params = {"symbol": code_value, "apikey": "demo"}
+                    search_res = self.session.get(
+                        self.SYMBOL_SEARCH_URL, params=search_params
+                    )
+                    search_res.raise_for_status()
+                    search_data = search_res.json()
+
+                    if not search_data.get("data"):
+                        logger.warning(
+                            f"TwelveDataMarkets: Symbol search for '{code_value}' returned no results."
+                        )
+                        continue
+
+                    instrument_data = search_data["data"][0]
+                    original_currency_code = instrument_data.get("currency")
+
+                if not original_currency_code:
+                    logger.error(
+                        f"TwelveDataMarkets: Could not determine original currency for '{code_value}'."
+                    )
+                    continue
+
+                # Get the instrument's price in its native currency
+                price_params = {code_type: code_value, "apikey": self.api_key}
+                price_res = self.session.get(self.PRICE_URL, params=price_params)
+                price_res.raise_for_status()
+                price_data = price_res.json()
+
+                if "price" not in price_data:
+                    error_message = price_data.get(
+                        "message", "Price key not found in response"
+                    )
+                    logger.error(
+                        f"TwelveDataMarkets: Could not get price for {code_type} '{code_value}': {error_message}"
+                    )
+                    continue
+
+                price_in_original_currency = Decimal(price_data["price"])
+
+                # Convert price to the target exchange currency
+                target_exchange_currency = asset.exchange_currency
+
+                if (
+                    original_currency_code.upper()
+                    == target_exchange_currency.code.upper()
+                ):
+                    final_price = price_in_original_currency
+                else:
+                    rate_symbol = (
+                        f"{original_currency_code}/{target_exchange_currency.code}"
+                    )
+                    rate_params = {"symbol": rate_symbol, "apikey": self.api_key}
+                    rate_res = self.session.get(
+                        self.EXCHANGE_RATE_URL, params=rate_params
+                    )
+                    rate_res.raise_for_status()
+                    rate_data = rate_res.json()
+
+                    if "rate" not in rate_data:
+                        error_message = rate_data.get(
+                            "message", "Rate key not found in response"
+                        )
+                        logger.error(
+                            f"TwelveDataMarkets: Could not get conversion rate for '{rate_symbol}': {error_message}"
+                        )
+                        continue
+
+                    conversion_rate = Decimal(str(rate_data["rate"]))
+                    final_price = price_in_original_currency * conversion_rate
+
+                results.append((target_exchange_currency, asset, final_price))
+                logger.info(
+                    f"Successfully processed price for {asset.code} as {final_price} {target_exchange_currency.code}"
+                )
+
+                time.sleep(
+                    60
+                )  # We sleep every pair as to not step over TwelveData's minute limit
+
+            except requests.RequestException as e:
+                logger.error(
+                    f"TwelveDataMarkets: API request failed for {code_value}: {e}"
+                )
+            except (KeyError, IndexError) as e:
+                logger.error(
+                    f"TwelveDataMarkets: Error processing API response for {code_value}: {e}"
+                )
+            except Exception as e:
+                logger.error(
+                    f"TwelveDataMarkets: An unexpected error occurred for {code_value}: {e}"
+                )
+
+        return results
--- a/app/apps/currencies/forms.py
+++ b/app/apps/currencies/forms.py
@@ -1,16 +1,15 @@
-from crispy_bootstrap5.bootstrap5 import Switch
-from crispy_forms.bootstrap import FormActions
-from crispy_forms.helper import FormHelper
-from crispy_forms.layout import Layout, Row, Column
-from django import forms
-from django.forms import CharField
-from django.utils.translation import gettext_lazy as _
-
+from apps.common.widgets.crispy.daisyui import Switch
 from apps.common.widgets.crispy.submit import NoClassSubmit
 from apps.common.widgets.datepicker import AirDateTimePickerInput
 from apps.common.widgets.decimal import ArbitraryDecimalDisplayNumberInput
 from apps.common.widgets.tom_select import TomSelect
 from apps.currencies.models import Currency, ExchangeRate, ExchangeRateService
+from crispy_forms.bootstrap import FormActions
+from crispy_forms.helper import FormHelper
+from crispy_forms.layout import Column, Layout, Row
+from django import forms
+from django.forms import CharField
+from django.utils.translation import gettext_lazy as _


 class CurrencyForm(forms.ModelForm):
@@ -26,6 +25,7 @@ class CurrencyForm(forms.ModelForm):
            "suffix",
            "code",
            "exchange_currency",
+            "is_archived",
        ]
        widgets = {
            "exchange_currency": TomSelect(),
@@ -40,6 +40,7 @@ class CurrencyForm(forms.ModelForm):
        self.helper.layout = Layout(
            "code",
            "name",
+            Switch("is_archived"),
            "decimal_places",
            "prefix",
            "suffix",
@@ -49,17 +50,13 @@ class CurrencyForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )

@@ -87,17 +84,13 @@ class ExchangeRateForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )

@@ -114,6 +107,7 @@ class ExchangeRateServiceForm(forms.ModelForm):
            "fetch_interval",
            "target_currencies",
            "target_accounts",
+            "singleton",
        ]

    def __init__(self, *args, **kwargs):
@@ -126,10 +120,11 @@ class ExchangeRateServiceForm(forms.ModelForm):
            "name",
            "service_type",
            Switch("is_active"),
+            Switch("singleton"),
            "api_key",
            Row(
-                Column("interval_type", css_class="form-group col-md-6"),
-                Column("fetch_interval", css_class="form-group col-md-6"),
+                Column("interval_type"),
+                Column("fetch_interval"),
            ),
            "target_currencies",
            "target_accounts",
@@ -138,16 +133,12 @@ class ExchangeRateServiceForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )
--- a/app/apps/currencies/migrations/0012_alter_exchangerateservice_service_type.py
+++ b/app/apps/currencies/migrations/0012_alter_exchangerateservice_service_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.1.6 on 2025-03-02 01:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0011_remove_exchangerateservice_fetch_interval_hours_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerateservice',
+            name='service_type',
+            field=models.CharField(choices=[('synth_finance', 'Synth Finance'), ('synth_finance_stock', 'Synth Finance Stock'), ('coingecko_free', 'CoinGecko (Demo/Free)'), ('coingecko_pro', 'CoinGecko (Pro)')], max_length=255, verbose_name='Service Type'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0013_alter_exchangerateservice_service_type.py
+++ b/app/apps/currencies/migrations/0013_alter_exchangerateservice_service_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.1.6 on 2025-03-02 01:58
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0012_alter_exchangerateservice_service_type'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerateservice',
+            name='service_type',
+            field=models.CharField(choices=[('synth_finance', 'Synth Finance'), ('synth_finance_stock', 'Synth Finance Stock'), ('coingecko_free', 'CoinGecko (Demo/Free)'), ('coingecko_pro', 'CoinGecko (Pro)'), ('transitive', 'Transitive (Calculated from Existing Rates)')], max_length=255, verbose_name='Service Type'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0014_alter_currency_options.py
+++ b/app/apps/currencies/migrations/0014_alter_currency_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 5.1.7 on 2025-03-09 21:54
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0013_alter_exchangerateservice_service_type'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='currency',
+            options={'ordering': ['name', 'id'], 'verbose_name': 'Currency', 'verbose_name_plural': 'Currencies'},
+        ),
+    ]
--- a/app/apps/currencies/migrations/0015_exchangerate_automatic_exchangerateservice_singleton.py
+++ b/app/apps/currencies/migrations/0015_exchangerate_automatic_exchangerateservice_singleton.py
@@ -0,0 +1,23 @@
+# Generated by Django 5.2.4 on 2025-08-08 02:18
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0014_alter_currency_options'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='exchangerate',
+            name='automatic',
+            field=models.BooleanField(default=False, verbose_name='Automatic'),
+        ),
+        migrations.AddField(
+            model_name='exchangerateservice',
+            name='singleton',
+            field=models.BooleanField(default=False, help_text='Create one exchange rate and keep updating it. Avoids database clutter.', verbose_name='Single exchange rate'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0016_alter_exchangerate_automatic.py
+++ b/app/apps/currencies/migrations/0016_alter_exchangerate_automatic.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.4 on 2025-08-08 02:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0015_exchangerate_automatic_exchangerateservice_singleton'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerate',
+            name='automatic',
+            field=models.BooleanField(default=False, verbose_name='Auto'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0017_alter_exchangerateservice_service_type.py
+++ b/app/apps/currencies/migrations/0017_alter_exchangerateservice_service_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.5 on 2025-08-16 22:18
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0016_alter_exchangerate_automatic'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerateservice',
+            name='service_type',
+            field=models.CharField(choices=[('synth_finance', 'Synth Finance'), ('synth_finance_stock', 'Synth Finance Stock'), ('coingecko_free', 'CoinGecko (Demo/Free)'), ('coingecko_pro', 'CoinGecko (Pro)'), ('transitive', 'Transitive (Calculated from Existing Rates)'), ('frankfurter', 'Frankfurter')], max_length=255, verbose_name='Service Type'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0018_alter_exchangerateservice_service_type.py
+++ b/app/apps/currencies/migrations/0018_alter_exchangerateservice_service_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.5 on 2025-08-17 03:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0017_alter_exchangerateservice_service_type'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerateservice',
+            name='service_type',
+            field=models.CharField(choices=[('synth_finance', 'Synth Finance'), ('synth_finance_stock', 'Synth Finance Stock'), ('coingecko_free', 'CoinGecko (Demo/Free)'), ('coingecko_pro', 'CoinGecko (Pro)'), ('transitive', 'Transitive (Calculated from Existing Rates)'), ('frankfurter', 'Frankfurter'), ('twelvedata', 'TwelveData')], max_length=255, verbose_name='Service Type'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0019_alter_exchangerateservice_service_type.py
+++ b/app/apps/currencies/migrations/0019_alter_exchangerateservice_service_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.5 on 2025-08-17 06:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0018_alter_exchangerateservice_service_type'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerateservice',
+            name='service_type',
+            field=models.CharField(choices=[('synth_finance', 'Synth Finance'), ('synth_finance_stock', 'Synth Finance Stock'), ('coingecko_free', 'CoinGecko (Demo/Free)'), ('coingecko_pro', 'CoinGecko (Pro)'), ('transitive', 'Transitive (Calculated from Existing Rates)'), ('frankfurter', 'Frankfurter'), ('twelvedata', 'TwelveData'), ('twelvedatamarkets', 'TwelveData Markets')], max_length=255, verbose_name='Service Type'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0020_migrate_synth_finance_services.py
+++ b/app/apps/currencies/migrations/0020_migrate_synth_finance_services.py
@@ -0,0 +1,51 @@
+# Generated by Django 5.2.5 on 2025-08-17 06:25
+
+from django.db import migrations
+
+# The new value we are migrating to
+NEW_SERVICE_TYPE = "frankfurter"
+# The old values we are deprecating
+OLD_SERVICE_TYPE_TO_UPDATE = "synth_finance"
+OLD_SERVICE_TYPE_TO_DELETE = "synth_finance_stock"
+
+
+def forwards_func(apps, schema_editor):
+    """
+    Forward migration:
+    - Deletes all ExchangeRateService instances with service_type 'synth_finance_stock'.
+    - Updates all ExchangeRateService instances with service_type 'synth_finance' to 'frankfurter'.
+    """
+    ExchangeRateService = apps.get_model("currencies", "ExchangeRateService")
+    db_alias = schema_editor.connection.alias
+
+    # 1. Delete the SYNTH_FINANCE_STOCK entries
+    ExchangeRateService.objects.using(db_alias).filter(
+        service_type=OLD_SERVICE_TYPE_TO_DELETE
+    ).delete()
+
+    # 2. Update the SYNTH_FINANCE entries to FRANKFURTER
+    ExchangeRateService.objects.using(db_alias).filter(
+        service_type=OLD_SERVICE_TYPE_TO_UPDATE
+    ).update(service_type=NEW_SERVICE_TYPE, api_key=None)
+
+
+def backwards_func(apps, schema_editor):
+    """
+    Backward migration: This operation is not safely reversible.
+    - We cannot know which 'frankfurter' services were originally 'synth_finance'.
+    - The deleted 'synth_finance_stock' services cannot be recovered.
+    We will leave this function empty to allow migrating backwards without doing anything.
+    """
+    pass
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        # Add the previous migration file here
+        ("currencies", "0019_alter_exchangerateservice_service_type"),
+    ]
+
+    operations = [
+        migrations.RunPython(forwards_func, reverse_code=backwards_func),
+    ]
--- a/app/apps/currencies/migrations/0021_alter_exchangerateservice_service_type.py
+++ b/app/apps/currencies/migrations/0021_alter_exchangerateservice_service_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.5 on 2025-08-17 06:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0020_migrate_synth_finance_services'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='exchangerateservice',
+            name='service_type',
+            field=models.CharField(choices=[('coingecko_free', 'CoinGecko (Demo/Free)'), ('coingecko_pro', 'CoinGecko (Pro)'), ('transitive', 'Transitive (Calculated from Existing Rates)'), ('frankfurter', 'Frankfurter'), ('twelvedata', 'TwelveData'), ('twelvedatamarkets', 'TwelveData Markets')], max_length=255, verbose_name='Service Type'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0022_currency_is_archived.py
+++ b/app/apps/currencies/migrations/0022_currency_is_archived.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.5 on 2025-08-30 00:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0021_alter_exchangerateservice_service_type'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='currency',
+            name='is_archived',
+            field=models.BooleanField(default=False, verbose_name='Archived'),
+        ),
+    ]
--- a/app/apps/currencies/migrations/0023_add_failure_count.py
+++ b/app/apps/currencies/migrations/0023_add_failure_count.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.10 on 2026-01-10 06:08
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('currencies', '0022_currency_is_archived'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='exchangerateservice',
+            name='failure_count',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]
--- a/app/apps/currencies/models.py
+++ b/app/apps/currencies/models.py
@@ -32,12 +32,18 @@ class Currency(models.Model):
        help_text=_("Default currency for exchange calculations"),
    )

+    is_archived = models.BooleanField(
+        default=False,
+        verbose_name=_("Archived"),
+    )
+
    def __str__(self):
        return self.name

    class Meta:
        verbose_name = _("Currency")
        verbose_name_plural = _("Currencies")
+        ordering = ["name", "id"]

    def clean(self):
        super().clean()
@@ -69,6 +75,8 @@ class ExchangeRate(models.Model):
    )
    date = models.DateTimeField(verbose_name=_("Date and Time"))

+    automatic = models.BooleanField(verbose_name=_("Auto"), default=False)
+
    class Meta:
        verbose_name = _("Exchange Rate")
        verbose_name_plural = _("Exchange Rates")
@@ -91,9 +99,12 @@ class ExchangeRateService(models.Model):
    """Configuration for exchange rate services"""

    class ServiceType(models.TextChoices):
-        SYNTH_FINANCE = "synth_finance", "Synth Finance"
        COINGECKO_FREE = "coingecko_free", "CoinGecko (Demo/Free)"
        COINGECKO_PRO = "coingecko_pro", "CoinGecko (Pro)"
+        TRANSITIVE = "transitive", "Transitive (Calculated from Existing Rates)"
+        FRANKFURTER = "frankfurter", "Frankfurter"
+        TWELVEDATA = "twelvedata", "TwelveData"
+        TWELVEDATA_MARKETS = "twelvedatamarkets", "TwelveData Markets"

    class IntervalType(models.TextChoices):
        ON = "on", _("On")
@@ -125,6 +136,8 @@ class ExchangeRateService(models.Model):
        null=True, blank=True, verbose_name=_("Last Successful Fetch")
    )

+    failure_count = models.PositiveIntegerField(default=0)
+
    target_currencies = models.ManyToManyField(
        Currency,
        verbose_name=_("Target Currencies"),
@@ -145,6 +158,14 @@ class ExchangeRateService(models.Model):
        blank=True,
    )

+    singleton = models.BooleanField(
+        verbose_name=_("Single exchange rate"),
+        default=False,
+        help_text=_(
+            "Create one exchange rate and keep updating it. Avoids database clutter."
+        ),
+    )
+
    class Meta:
        verbose_name = _("Exchange Rate Service")
        verbose_name_plural = _("Exchange Rate Services")
@@ -204,11 +225,11 @@ class ExchangeRateService(models.Model):
                        }
                    )
                hours = int(self.fetch_interval)
-                if hours < 0 or hours > 23:
+                if hours < 1 or hours > 24:
                    raise ValidationError(
                        {
                            "fetch_interval": _(
-                                "'Every X hours' interval must be between 0 and 23."
+                                "'Every X hours' interval must be between 1 and 24."
                            )
                        }
                    )
@@ -218,7 +239,7 @@ class ExchangeRateService(models.Model):
                    hours = self._parse_hour_ranges(self.fetch_interval)
                    # Store in normalized format (optional)
                    self.fetch_interval = ",".join(str(h) for h in sorted(hours))
-                except ValueError as e:
+                except ValueError:
                    raise ValidationError(
                        {
                            "fetch_interval": _(
@@ -229,7 +250,7 @@ class ExchangeRateService(models.Model):
                    )
        except ValidationError:
            raise
-        except Exception as e:
+        except Exception:
            raise ValidationError(
                {
                    "fetch_interval": _(
--- a/app/apps/currencies/tasks.py
+++ b/app/apps/currencies/tasks.py
@@ -8,7 +8,7 @@ logger = logging.getLogger(__name__)


@app.periodic(cron="0 * * * *")  # Run every hour
-@app.task(name="automatic_fetch_exchange_rates")
+@app.task(lock="automatic_fetch_exchange_rates", name="automatic_fetch_exchange_rates")
 def automatic_fetch_exchange_rates(timestamp=None):
    """Fetch exchange rates for all due services"""
    fetcher = ExchangeRateFetcher()
@@ -19,7 +19,7 @@ def automatic_fetch_exchange_rates(timestamp=None):
        logger.error(e, exc_info=True)


-@app.task(name="manual_fetch_exchange_rates")
+@app.task(lock="manual_fetch_exchange_rates", name="manual_fetch_exchange_rates")
 def manual_fetch_exchange_rates(timestamp=None):
    """Fetch exchange rates for all due services"""
    fetcher = ExchangeRateFetcher()
--- a/app/apps/currencies/tests.py
+++ b/app/apps/currencies/tests.py
@@ -40,12 +40,6 @@ class CurrencyTests(TestCase):
        with self.assertRaises(ValidationError):
            currency.full_clean()

-    def test_currency_unique_code(self):
-        """Test that currency codes must be unique"""
-        Currency.objects.create(code="USD", name="US Dollar", decimal_places=2)
-        with self.assertRaises(IntegrityError):
-            Currency.objects.create(code="USD", name="Another Dollar", decimal_places=2)
-
    def test_currency_unique_name(self):
        """Test that currency names must be unique"""
        Currency.objects.create(code="USD", name="US Dollar", decimal_places=2)
--- a/app/apps/currencies/tests/init.py
+++ b/app/apps/currencies/tests/init.py
@@ -0,0 +1 @@
+# Tests package for currencies app
--- a/app/apps/currencies/tests/test_automatic_exchange_rates.py
+++ b/app/apps/currencies/tests/test_automatic_exchange_rates.py
@@ -0,0 +1,109 @@
+from decimal import Decimal
+from unittest.mock import patch, MagicMock
+
+from django.test import TestCase
+from django.utils import timezone
+
+from apps.currencies.models import Currency, ExchangeRateService
+from apps.currencies.exchange_rates.fetcher import ExchangeRateFetcher
+
+
+class ExchangeRateServiceFailureTrackingTests(TestCase):
+    """Tests for the failure count tracking functionality."""
+
+    def setUp(self):
+        """Set up test data."""
+        self.usd = Currency.objects.create(
+            code="USD", name="US Dollar", decimal_places=2, prefix="$ "
+        )
+        self.eur = Currency.objects.create(
+            code="EUR", name="Euro", decimal_places=2, prefix="€ "
+        )
+        self.eur.exchange_currency = self.usd
+        self.eur.save()
+
+        self.service = ExchangeRateService.objects.create(
+            name="Test Service",
+            service_type=ExchangeRateService.ServiceType.FRANKFURTER,
+            is_active=True,
+        )
+        self.service.target_currencies.add(self.eur)
+
+    def test_failure_count_increments_on_provider_error(self):
+        """Test that failure_count increments when provider raises an exception."""
+        self.assertEqual(self.service.failure_count, 0)
+
+        with patch.object(
+            self.service, "get_provider", side_effect=Exception("API Error")
+        ):
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+
+        self.service.refresh_from_db()
+        self.assertEqual(self.service.failure_count, 1)
+
+    def test_failure_count_resets_on_success(self):
+        """Test that failure_count resets to 0 on successful fetch."""
+        # Set initial failure count
+        self.service.failure_count = 5
+        self.service.save()
+
+        # Mock a successful provider
+        mock_provider = MagicMock()
+        mock_provider.requires_api_key.return_value = False
+        mock_provider.get_rates.return_value = [(self.usd, self.eur, Decimal("0.85"))]
+        mock_provider.rates_inverted = False
+
+        with patch.object(self.service, "get_provider", return_value=mock_provider):
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+
+        self.service.refresh_from_db()
+        self.assertEqual(self.service.failure_count, 0)
+
+    def test_failure_count_accumulates_across_fetches(self):
+        """Test that failure_count accumulates with consecutive failures."""
+        self.assertEqual(self.service.failure_count, 0)
+
+        with patch.object(
+            self.service, "get_provider", side_effect=Exception("API Error")
+        ):
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+            self.service.refresh_from_db()
+            self.assertEqual(self.service.failure_count, 1)
+
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+            self.service.refresh_from_db()
+            self.assertEqual(self.service.failure_count, 2)
+
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+            self.service.refresh_from_db()
+            self.assertEqual(self.service.failure_count, 3)
+
+    def test_last_fetch_not_updated_on_failure(self):
+        """Test that last_fetch is NOT updated when a failure occurs."""
+        original_last_fetch = self.service.last_fetch
+        self.assertIsNone(original_last_fetch)
+
+        with patch.object(
+            self.service, "get_provider", side_effect=Exception("API Error")
+        ):
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+
+        self.service.refresh_from_db()
+        self.assertIsNone(self.service.last_fetch)
+        self.assertEqual(self.service.failure_count, 1)
+
+    def test_last_fetch_updated_on_success(self):
+        """Test that last_fetch IS updated when fetch succeeds."""
+        self.assertIsNone(self.service.last_fetch)
+
+        mock_provider = MagicMock()
+        mock_provider.requires_api_key.return_value = False
+        mock_provider.get_rates.return_value = [(self.usd, self.eur, Decimal("0.85"))]
+        mock_provider.rates_inverted = False
+
+        with patch.object(self.service, "get_provider", return_value=mock_provider):
+            ExchangeRateFetcher._fetch_service_rates(self.service)
+
+        self.service.refresh_from_db()
+        self.assertIsNotNone(self.service.last_fetch)
+        self.assertEqual(self.service.failure_count, 0)
--- a/app/apps/currencies/views/currencies.py
+++ b/app/apps/currencies/views/currencies.py
@@ -23,7 +23,7 @@ def currencies_index(request):
@login_required
@require_http_methods(["GET"])
 def currencies_list(request):
-    currencies = Currency.objects.all().order_by("id")
+    currencies = Currency.objects.all().order_by("name")
    return render(
        request,
        "currencies/fragments/list.html",
--- a/app/apps/currencies/views/exchange_rates_services.py
+++ b/app/apps/currencies/views/exchange_rates_services.py
@@ -11,9 +11,11 @@ from apps.common.decorators.htmx import only_htmx
 from apps.currencies.forms import ExchangeRateForm, ExchangeRateServiceForm
 from apps.currencies.models import ExchangeRate, ExchangeRateService
 from apps.currencies.tasks import manual_fetch_exchange_rates
+from apps.common.decorators.demo import disabled_on_demo


@login_required
+@disabled_on_demo
@require_http_methods(["GET"])
 def exchange_rates_services_index(request):
    return render(
@@ -24,6 +26,7 @@ def exchange_rates_services_index(request):

@only_htmx
@login_required
+@disabled_on_demo
@require_http_methods(["GET"])
 def exchange_rates_services_list(request):
    services = ExchangeRateService.objects.all()
@@ -37,6 +40,7 @@ def exchange_rates_services_list(request):

@only_htmx
@login_required
+@disabled_on_demo
@require_http_methods(["GET", "POST"])
 def exchange_rate_service_add(request):
    if request.method == "POST":
@@ -63,6 +67,7 @@ def exchange_rate_service_add(request):

@only_htmx
@login_required
+@disabled_on_demo
@require_http_methods(["GET", "POST"])
 def exchange_rate_service_edit(request, pk):
    service = get_object_or_404(ExchangeRateService, id=pk)
@@ -91,6 +96,7 @@ def exchange_rate_service_edit(request, pk):

@only_htmx
@login_required
+@disabled_on_demo
@require_http_methods(["DELETE"])
 def exchange_rate_service_delete(request, pk):
    service = get_object_or_404(ExchangeRateService, id=pk)
@@ -109,6 +115,7 @@ def exchange_rate_service_delete(request, pk):

@only_htmx
@login_required
+@disabled_on_demo
@require_http_methods(["GET"])
 def exchange_rate_service_force_fetch(request):
    manual_fetch_exchange_rates.defer()
--- a/app/apps/dca/admin.py
+++ b/app/apps/dca/admin.py
@@ -1,7 +1,13 @@
 from django.contrib import admin

 from apps.dca.models import DCAStrategy, DCAEntry
+from apps.common.admin import SharedObjectModelAdmin
+

-# Register your models here.
-admin.site.register(DCAStrategy)
 admin.site.register(DCAEntry)
+
+
+@admin.register(DCAStrategy)
+class TransactionEntityModelAdmin(SharedObjectModelAdmin):
+    def get_queryset(self, request):
+        return DCAStrategy.all_objects.all()
--- a/app/apps/dca/forms.py
+++ b/app/apps/dca/forms.py
@@ -1,22 +1,20 @@
-from crispy_bootstrap5.bootstrap5 import Switch, BS5Accordion
-from crispy_forms.bootstrap import FormActions, AccordionGroup
-from crispy_forms.helper import FormHelper
-from crispy_forms.layout import Layout, Row, Column, HTML
-from django import forms
-from django.utils.translation import gettext_lazy as _
-
 from apps.accounts.models import Account
-from apps.common.widgets.crispy.submit import NoClassSubmit
-from apps.common.widgets.datepicker import AirDatePickerInput
-from apps.common.widgets.decimal import ArbitraryDecimalDisplayNumberInput
-from apps.common.widgets.tom_select import TomSelect
-from apps.dca.models import DCAStrategy, DCAEntry
-from apps.common.widgets.tom_select import TransactionSelect
-from apps.transactions.models import Transaction, TransactionTag, TransactionCategory
 from apps.common.fields.forms.dynamic_select import (
    DynamicModelChoiceField,
    DynamicModelMultipleChoiceField,
 )
+from apps.common.widgets.crispy.daisyui import Switch
+from apps.common.widgets.crispy.submit import NoClassSubmit
+from apps.common.widgets.datepicker import AirDatePickerInput
+from apps.common.widgets.decimal import ArbitraryDecimalDisplayNumberInput
+from apps.common.widgets.tom_select import TomSelect, TransactionSelect
+from apps.dca.models import DCAEntry, DCAStrategy
+from apps.transactions.models import Transaction, TransactionCategory, TransactionTag
+from crispy_forms.bootstrap import AccordionGroup, FormActions, Accordion
+from crispy_forms.helper import FormHelper
+from crispy_forms.layout import HTML, Column, Layout, Row
+from django import forms
+from django.utils.translation import gettext_lazy as _


 class DCAStrategyForm(forms.ModelForm):
@@ -36,8 +34,8 @@ class DCAStrategyForm(forms.ModelForm):
        self.helper.layout = Layout(
            "name",
            Row(
-                Column("payment_currency", css_class="form-group col-md-6"),
-                Column("target_currency", css_class="form-group col-md-6"),
+                Column("payment_currency"),
+                Column("target_currency"),
            ),
            "notes",
        )
@@ -45,17 +43,13 @@ class DCAStrategyForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )

@@ -155,11 +149,11 @@ class DCAEntryForm(forms.ModelForm):
        self.helper.layout = Layout(
            "date",
            Row(
-                Column("amount_paid", css_class="form-group col-md-6"),
-                Column("amount_received", css_class="form-group col-md-6"),
+                Column("amount_paid"),
+                Column("amount_received"),
            ),
            "notes",
-            BS5Accordion(
+            Accordion(
                AccordionGroup(
                    _("Create transaction"),
                    Switch("create_transaction"),
@@ -168,19 +162,11 @@ class DCAEntryForm(forms.ModelForm):
                            Row(
                                Column(
                                    "from_account",
-                                    css_class="form-group col-md-6 mb-0",
                                ),
-                                css_class="form-row",
                            ),
                            Row(
-                                Column(
-                                    "from_category",
-                                    css_class="form-group col-md-6 mb-0",
-                                ),
-                                Column(
-                                    "from_tags", css_class="form-group col-md-6 mb-0"
-                                ),
-                                css_class="form-row",
+                                Column("from_category"),
+                                Column("from_tags"),
                            ),
                        ),
                        css_class="p-1 mx-1 my-3 border rounded-3",
@@ -190,16 +176,12 @@ class DCAEntryForm(forms.ModelForm):
                            Row(
                                Column(
                                    "to_account",
-                                    css_class="form-group col-md-6 mb-0",
+                                    css_class="form-group",
                                ),
-                                css_class="form-row",
                            ),
                            Row(
-                                Column(
-                                    "to_category", css_class="form-group col-md-6 mb-0"
-                                ),
-                                Column("to_tags", css_class="form-group col-md-6 mb-0"),
-                                css_class="form-row",
+                                Column("to_category"),
+                                Column("to_tags"),
                            ),
                        ),
                        css_class="p-1 mx-1 my-3 border rounded-3",
@@ -220,17 +202,13 @@ class DCAEntryForm(forms.ModelForm):
        if self.instance and self.instance.pk:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Update"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Update"), css_class="btn btn-primary"),
                ),
            )
        else:
            self.helper.layout.append(
                FormActions(
-                    NoClassSubmit(
-                        "submit", _("Add"), css_class="btn btn-outline-primary w-100"
-                    ),
+                    NoClassSubmit("submit", _("Add"), css_class="btn btn-primary"),
                ),
            )

@@ -266,6 +244,24 @@ class DCAEntryForm(forms.ModelForm):
                id=expense_transaction.id
            )

+        self.fields["from_account"].queryset = Account.objects.filter(
+            is_archived=False,
+        )
+
+        self.fields["from_category"].queryset = TransactionCategory.objects.filter(
+            active=True
+        )
+        self.fields["from_tags"].queryset = TransactionTag.objects.filter(active=True)
+
+        self.fields["to_account"].queryset = Account.objects.filter(
+            is_archived=False,
+        )
+
+        self.fields["to_category"].queryset = TransactionCategory.objects.filter(
+            active=True
+        )
+        self.fields["to_tags"].queryset = TransactionTag.objects.filter(active=True)
+
    def clean(self):
        cleaned_data = super().clean()

--- a/app/apps/dca/migrations/0003_dcastrategy_owner_dcastrategy_shared_with_and_more.py
+++ b/app/apps/dca/migrations/0003_dcastrategy_owner_dcastrategy_shared_with_and_more.py
@@ -0,0 +1,31 @@
+# Generated by Django 5.1.6 on 2025-03-07 18:20
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dca', '0002_alter_dcaentry_amount_paid_and_more'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='dcastrategy',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_owned', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='dcastrategy',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_shared', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='dcastrategy',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('public', 'Public')], default='private', max_length=10),
+        ),
+    ]
--- a/app/apps/dca/migrations/0004_alter_dcastrategy_owner_and_more.py
+++ b/app/apps/dca/migrations/0004_alter_dcastrategy_owner_and_more.py
@@ -0,0 +1,31 @@
+# Generated by Django 5.2.4 on 2025-07-28 02:15
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dca', '0003_dcastrategy_owner_dcastrategy_shared_with_and_more'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='dcastrategy',
+            name='owner',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_owned', to=settings.AUTH_USER_MODEL, verbose_name='Owner'),
+        ),
+        migrations.AlterField(
+            model_name='dcastrategy',
+            name='shared_with',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_shared', to=settings.AUTH_USER_MODEL, verbose_name='Shared with users'),
+        ),
+        migrations.AlterField(
+            model_name='dcastrategy',
+            name='visibility',
+            field=models.CharField(choices=[('private', 'Private'), ('public', 'Public')], default='private', max_length=10, verbose_name='Visibility'),
+        ),
+    ]
--- a/app/apps/dca/models.py
+++ b/app/apps/dca/models.py
@@ -1,16 +1,15 @@
-from datetime import timedelta
 from decimal import Decimal
-from statistics import mean, stdev

 from django.db import models
 from django.template.defaultfilters import date
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _

+from apps.common.models import SharedObject, SharedObjectManager
 from apps.currencies.utils.convert import convert, get_exchange_rate


-class DCAStrategy(models.Model):
+class DCAStrategy(SharedObject):
    name = models.CharField(max_length=255, verbose_name=_("Name"))
    target_currency = models.ForeignKey(
        "currencies.Currency",
@@ -28,6 +27,9 @@ class DCAStrategy(models.Model):
    created_at = models.DateTimeField(auto_now_add=True)
    updated_at = models.DateTimeField(auto_now=True)

+    objects = SharedObjectManager()
+    all_objects = models.Manager()  # Unfiltered manager
+
    class Meta:
        verbose_name = _("DCA Strategy")
        verbose_name_plural = _("DCA Strategies")
--- a/app/apps/dca/urls.py
+++ b/app/apps/dca/urls.py
@@ -12,6 +12,16 @@ urlpatterns = [
        views.strategy_delete,
        name="dca_strategy_delete",
    ),
+    path(
+        "dca/<int:strategy_id>/take-ownership/",
+        views.strategy_take_ownership,
+        name="dca_strategy_take_ownership",
+    ),
+    path(
+        "dca/<int:pk>/share/",
+        views.strategy_share,
+        name="dca_strategy_share_settings",
+    ),
    path(
        "dca/<int:strategy_id>/",
        views.strategy_detail_index,
--- a/app/apps/dca/views.py
+++ b/app/apps/dca/views.py
@@ -1,4 +1,3 @@
-# apps/dca_tracker/views.py
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.db.models import Sum, Avg
@@ -11,6 +10,8 @@ from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
 from apps.dca.forms import DCAEntryForm, DCAStrategyForm
 from apps.dca.models import DCAStrategy, DCAEntry
+from apps.common.models import SharedObject
+from apps.common.forms import SharedObjectForm


@login_required
@@ -21,7 +22,7 @@ def strategy_index(request):
@only_htmx
@login_required
 def strategy_list(request):
-    strategies = DCAStrategy.objects.all().order_by("created_at")
+    strategies = DCAStrategy.objects.all().order_by("name")
    return render(
        request, "dca/fragments/strategy/list.html", {"strategies": strategies}
    )
@@ -57,6 +58,16 @@ def strategy_add(request):
 def strategy_edit(request, strategy_id):
    dca_strategy = get_object_or_404(DCAStrategy, id=strategy_id)

+    if dca_strategy.owner and dca_strategy.owner != request.user:
+        messages.error(request, _("Only the owner can edit this"))
+
+        return HttpResponse(
+            status=204,
+            headers={
+                "HX-Trigger": "updated, hide_offcanvas",
+            },
+        )
+
    if request.method == "POST":
        form = DCAStrategyForm(request.POST, instance=dca_strategy)
        if form.is_valid():
@@ -85,9 +96,15 @@ def strategy_edit(request, strategy_id):
 def strategy_delete(request, strategy_id):
    dca_strategy = get_object_or_404(DCAStrategy, id=strategy_id)

-    dca_strategy.delete()
-
-    messages.success(request, _("DCA strategy deleted successfully"))
+    if (
+        dca_strategy.owner != request.user
+        and request.user in dca_strategy.shared_with.all()
+    ):
+        dca_strategy.shared_with.remove(request.user)
+        messages.success(request, _("Item no longer shared with you"))
+    else:
+        dca_strategy.delete()
+        messages.success(request, _("DCA strategy deleted successfully"))

    return HttpResponse(
        status=204,
@@ -97,6 +114,65 @@ def strategy_delete(request, strategy_id):
    )


+@only_htmx
+@login_required
+@require_http_methods(["GET"])
+def strategy_take_ownership(request, strategy_id):
+    dca_strategy = get_object_or_404(DCAStrategy, id=strategy_id)
+
+    if not dca_strategy.owner:
+        dca_strategy.owner = request.user
+        dca_strategy.visibility = SharedObject.Visibility.private
+        dca_strategy.save()
+
+        messages.success(request, _("Ownership taken successfully"))
+
+    return HttpResponse(
+        status=204,
+        headers={
+            "HX-Trigger": "updated, hide_offcanvas",
+        },
+    )
+
+
+@only_htmx
+@login_required
+@require_http_methods(["GET", "POST"])
+def strategy_share(request, pk):
+    obj = get_object_or_404(DCAStrategy, id=pk)
+
+    if obj.owner and obj.owner != request.user:
+        messages.error(request, _("Only the owner can edit this"))
+
+        return HttpResponse(
+            status=204,
+            headers={
+                "HX-Trigger": "updated, hide_offcanvas",
+            },
+        )
+
+    if request.method == "POST":
+        form = SharedObjectForm(request.POST, instance=obj, user=request.user)
+        if form.is_valid():
+            form.save()
+            messages.success(request, _("Configuration saved successfully"))
+
+            return HttpResponse(
+                status=204,
+                headers={
+                    "HX-Trigger": "updated, hide_offcanvas",
+                },
+            )
+    else:
+        form = SharedObjectForm(instance=obj, user=request.user)
+
+    return render(
+        request,
+        "dca/fragments/strategy/share.html",
+        {"form": form, "object": obj},
+    )
+
+
@login_required
 def strategy_detail_index(request, strategy_id):
    strategy = get_object_or_404(DCAStrategy, id=strategy_id)
@@ -157,7 +233,7 @@ def strategy_entry_add(request, strategy_id):
    if request.method == "POST":
        form = DCAEntryForm(request.POST, strategy=strategy)
        if form.is_valid():
-            entry = form.save()
+            form.save()
            messages.success(request, _("Entry added successfully"))

            return HttpResponse(
--- a/app/apps/export_app/init.py
+++ b/app/apps/export_app/init.py
--- a/app/apps/export_app/admin.py
+++ b/app/apps/export_app/admin.py
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/app/apps/export_app/apps.py
+++ b/app/apps/export_app/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ExportConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.export_app"
--- a/Show More
+++ b/Show More