diff --git a/apps/social/src/app/components/navbar.tsx b/apps/social/src/app/components/navbar.tsx
index 0cc8b52f..50e53944 100644
--- a/apps/social/src/app/components/navbar.tsx
+++ b/apps/social/src/app/components/navbar.tsx
@@ -4,20 +4,21 @@ import { logout } from "@/actions";
 import logo from "/public/logo.svg";
 import { getSession } from "@/lib/auth";
 import { SignOutButton } from "./sign-out-btn";
+
 import {
   ArrowLeft,
+  ScanFace,
   LinkIcon,
   LogIn,
-  MessagesSquare,
-  ScanFace,
-  ScrollText,
   UserCog,
+  ScrollText,
+  MessagesSquare,
 } from "lucide-react";
 
 import {
   Avatar,
-  AvatarFallback,
   AvatarImage,
+  AvatarFallback,
 } from "@umamin/ui/components/avatar";
 
 import {
@@ -66,6 +67,10 @@ export async function Navbar() {
                 <Link href={`/user`}>Profile</Link>
               </DropdownMenuItem>
               <DropdownMenuSeparator />
+              <DropdownMenuItem asChild>
+                <Link href={`/settings`}>Settings</Link>
+              </DropdownMenuItem>
+              <DropdownMenuSeparator />
               <DropdownMenuItem asChild>
                 {session ? (
                   <form action={logout} className="place-self-end">
diff --git a/apps/social/src/app/settings/page.tsx b/apps/social/src/app/settings/page.tsx
new file mode 100644
index 00000000..5b0beb93
--- /dev/null
+++ b/apps/social/src/app/settings/page.tsx
@@ -0,0 +1,15 @@
+import { getSession } from "@/lib/auth";
+import Settings from "@umamin/ui/app/settings/page";
+import { CurrentUserResult, getCurrentUser } from "./queries";
+import { redirect } from "next/navigation";
+
+export default async function Page() {
+  const { user, session } = await getSession();
+  const userData = await getCurrentUser(session?.id);
+
+  if (!user) {
+    redirect("/login");
+  }
+
+  return <Settings user={user} userData={userData as CurrentUserResult} />;
+}
diff --git a/apps/social/src/app/settings/queries.ts b/apps/social/src/app/settings/queries.ts
new file mode 100644
index 00000000..3e8e9543
--- /dev/null
+++ b/apps/social/src/app/settings/queries.ts
@@ -0,0 +1,39 @@
+import { cache } from "react";
+import getClient from "@/lib/gql/rsc";
+import { graphql, ResultOf } from "gql.tada";
+
+export const CURRENT_USER_QUERY = graphql(`
+  query CurrentUser {
+    user {
+      __typename
+      id
+      bio
+      username
+      displayName
+      question
+      quietMode
+      imageUrl
+      createdAt
+      accounts {
+        __typename
+        id
+        email
+        picture
+        createdAt
+      }
+    }
+  }
+`);
+
+const currentUserPersisted = graphql.persisted(
+  "3f2320bbe96bd7895f618b6cdedfdee5d2f40e3e0c1d75095ea0844a0ff107b4",
+  CURRENT_USER_QUERY
+);
+
+export const getCurrentUser = cache(async (sessionId?: string) => {
+  const result = await getClient(sessionId).query(currentUserPersisted, {});
+
+  return result?.data?.user;
+});
+
+export type CurrentUserResult = ResultOf<typeof CURRENT_USER_QUERY>["user"];
diff --git a/packages/ui/components.json b/packages/ui/components.json
index 4c168719..b249d208 100644
--- a/packages/ui/components.json
+++ b/packages/ui/components.json
@@ -11,7 +11,7 @@
     "prefix": ""
   },
   "aliases": {
-    "components": "@/components",
+    "components": "../../../components",
     "utils": "@/lib/utils"
   }
 }
diff --git a/packages/ui/package.json b/packages/ui/package.json
index 5ffacf59..cea6dfa1 100644
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -8,28 +8,47 @@
     "./tailwind.config": "./tailwind.config.ts",
     "./lib/*": "./src/lib/*.ts",
     "./components/*": "./src/components/ui/*.tsx",
-    "./ad": "./src/components/ad-container.tsx"
+    "./ad": "./src/components/ad-container.tsx",
+    "./app/*": "./src/components/*.tsx"
   },
   "scripts": {
     "ui:add": "pnpm dlx shadcn-ui@latest add",
     "clean": "rm -rf ./node_modules .turbo",
     "lint": "eslint . --max-warnings 0",
-    "check-types": "tsc --noEmit"
+    "check-types": "tsc --noEmit",
+    "gql:generate-persisted": "gql.tada generate-persisted",
+    "gql:generate-schema": "gql.tada generate-schema http://localhost:3000/api/graphql"
   },
   "devDependencies": {
+    "@0no-co/graphqlsp": "^1.12.12",
+    "@lucia-auth/adapter-drizzle": "^1.0.7",
+    "@node-rs/argon2": "^1.8.3",
     "@tailwindcss/typography": "^0.5.13",
     "@types/eslint": "^8.56.5",
     "@types/node": "^20.11.24",
     "@types/react": "^18.3.2",
     "@types/react-dom": "^18.3.0",
+    "@umamin/aes": "workspace:*",
+    "@umamin/db": "workspace:*",
     "@umamin/eslint-config": "workspace:*",
+    "@umamin/gql": "workspace:*",
     "@umamin/tsconfig": "workspace:*",
+    "@urql/core": "^5.0.5",
+    "@urql/exchange-persisted": "^4.3.0",
+    "@urql/next": "^1.1.1",
+    "arctic": "^1.9.2",
     "autoprefixer": "^10.4.19",
+    "date-fns": "^3.6.0",
     "eslint": "^8.57.0",
+    "firebase": "^10.12.4",
+    "gql.tada": "^1.8.5",
+    "lucia": "^3.2.0",
+    "nanoid": "^5.0.7",
+    "next": "14.2.5",
     "postcss": "^8.4.40",
     "react": "^18.3.1",
-    "typescript": "^5.5.4",
-    "tailwindcss": "^3.4.7"
+    "tailwindcss": "^3.4.7",
+    "typescript": "^5.5.4"
   },
   "dependencies": {
     "@hookform/resolvers": "^3.9.0",
diff --git a/packages/ui/src/app/actions.ts b/packages/ui/src/app/actions.ts
new file mode 100644
index 00000000..6dcaf759
--- /dev/null
+++ b/packages/ui/src/app/actions.ts
@@ -0,0 +1,259 @@
+"use server";
+
+import { nanoid } from "nanoid";
+import { db, eq } from "@umamin/db";
+import { cookies } from "next/headers";
+import { redirect } from "next/navigation";
+import { hash, verify } from "@node-rs/argon2";
+import {
+  user as userSchema,
+  account as accountSchema,
+} from "@umamin/db/schema/user";
+import { note as noteSchema } from "@umamin/db/schema/note";
+import { message as messageSchema } from "@umamin/db/schema/message";
+
+import { getSession, lucia } from "@/lib/auth";
+import { z } from "zod";
+
+export async function logout(): Promise<ActionResult> {
+  const { session } = await getSession();
+
+  if (!session) {
+    throw new Error("Unauthorized");
+  }
+
+  await lucia.invalidateSession(session.id);
+
+  const sessionCookie = lucia.createBlankSessionCookie();
+  cookies().set(
+    sessionCookie.name,
+    sessionCookie.value,
+    sessionCookie.attributes
+  );
+
+  return redirect("/login");
+}
+
+const signupSchema = z
+  .object({
+    username: z
+      .string()
+      .min(5, {
+        message: "Username must be at least 5 characters",
+      })
+      .max(20, {
+        message: "Username must not exceed 20 characters",
+      })
+      .refine((url) => /^[a-zA-Z0-9_-]+$/.test(url), {
+        message: "Username must be alphanumeric with no spaces",
+      }),
+    password: z
+      .string()
+      .min(5, {
+        message: "Password must be at least 5 characters",
+      })
+      .max(255, {
+        message: "Password must not exceed 255 characters",
+      }),
+    confirmPassword: z.string(),
+  })
+  .refine(
+    (values) => {
+      return values.password === values.confirmPassword;
+    },
+    {
+      message: "Password does not match",
+      path: ["confirmPassword"],
+    }
+  );
+
+export async function signup(_: any, formData: FormData) {
+  const validatedFields = signupSchema.safeParse({
+    username: formData.get("username"),
+    password: formData.get("password"),
+    confirmPassword: formData.get("confirmPassword"),
+  });
+
+  if (!validatedFields.success) {
+    return {
+      errors: validatedFields.error.flatten().fieldErrors,
+    };
+  }
+
+  const passwordHash = await hash(validatedFields.data.password, {
+    memoryCost: 19456,
+    timeCost: 2,
+    outputLen: 32,
+    parallelism: 1,
+  });
+
+  const userId = nanoid();
+
+  try {
+    await db.insert(userSchema).values({
+      id: userId,
+      username: validatedFields.data.username.toLowerCase(),
+      passwordHash,
+    });
+  } catch (err: any) {
+    if (err.code === "SQLITE_CONSTRAINT") {
+      if (err.message.includes("user.username")) {
+        return {
+          errors: {
+            username: ["Username already taken"],
+          },
+        };
+      }
+    }
+
+    throw new Error("Something went wrong");
+  }
+
+  const session = await lucia.createSession(userId, {});
+  const sessionCookie = lucia.createSessionCookie(session.id);
+
+  cookies().set(
+    sessionCookie.name,
+    sessionCookie.value,
+    sessionCookie.attributes
+  );
+
+  return redirect("/inbox");
+}
+
+export async function login(_: any, formData: FormData): Promise<ActionResult> {
+  const username = formData.get("username");
+
+  if (
+    typeof username !== "string" ||
+    username.length < 5 ||
+    username.length > 20 ||
+    !/^[a-zA-Z0-9_-]+$/.test(username)
+  ) {
+    return {
+      error: "Incorrect username or password",
+    };
+  }
+
+  const password = formData.get("password");
+
+  if (
+    typeof password !== "string" ||
+    password.length < 5 ||
+    password.length > 255
+  ) {
+    return {
+      error: "Incorrect username or password",
+    };
+  }
+
+  const existingUser = await db.query.user.findFirst({
+    where: eq(userSchema.username, username.toLowerCase()),
+  });
+
+  if (!existingUser || !existingUser.passwordHash) {
+    return {
+      error: "Incorrect username or password",
+    };
+  }
+
+  const validPassword = await verify(existingUser.passwordHash, password, {
+    memoryCost: 19456,
+    timeCost: 2,
+    outputLen: 32,
+    parallelism: 1,
+  });
+
+  if (!validPassword) {
+    return {
+      error: "Incorrect username or password",
+    };
+  }
+
+  const session = await lucia.createSession(existingUser.id, {});
+  const sessionCookie = lucia.createSessionCookie(session.id);
+  cookies().set(
+    sessionCookie.name,
+    sessionCookie.value,
+    sessionCookie.attributes
+  );
+
+  return redirect("/inbox");
+}
+
+export async function updatePassword({
+  currentPassword,
+  password,
+}: {
+  currentPassword?: string;
+  password: string;
+}): Promise<ActionResult> {
+  const { user } = await getSession();
+
+  if (!user) {
+    throw new Error("Unauthorized");
+  }
+
+  if (currentPassword && user.passwordHash) {
+    const validPassword = await verify(user.passwordHash, currentPassword, {
+      memoryCost: 19456,
+      timeCost: 2,
+      outputLen: 32,
+      parallelism: 1,
+    });
+
+    if (!validPassword) {
+      return {
+        error: "Incorrect password",
+      };
+    }
+  }
+
+  const passwordHash = await hash(password, {
+    memoryCost: 19456,
+    timeCost: 2,
+    outputLen: 32,
+    parallelism: 1,
+  });
+
+  await db
+    .update(userSchema)
+    .set({ passwordHash })
+    .where(eq(userSchema.id, user.id));
+
+  return redirect("/settings");
+}
+
+export async function deleteAccount() {
+  const { user } = await getSession();
+
+  if (!user) {
+    throw new Error("Unauthorized");
+  }
+
+  try {
+    await db.batch([
+      db.delete(messageSchema).where(eq(messageSchema.receiverId, user.id)),
+      db.delete(accountSchema).where(eq(accountSchema.userId, user.id)),
+      db.delete(noteSchema).where(eq(noteSchema.userId, user.id)),
+      db.delete(userSchema).where(eq(userSchema.id, user.id)),
+    ]);
+
+    await lucia.invalidateSession(user.id);
+
+    const sessionCookie = lucia.createBlankSessionCookie();
+    cookies().set(
+      sessionCookie.name,
+      sessionCookie.value,
+      sessionCookie.attributes
+    );
+  } catch (err) {
+    throw new Error("Failed to delete account");
+  }
+
+  return redirect("/login");
+}
+
+interface ActionResult {
+  error: string | null;
+}
diff --git a/packages/ui/src/components/settings/components/account-form.tsx b/packages/ui/src/components/settings/components/account-form.tsx
new file mode 100644
index 00000000..bc445c61
--- /dev/null
+++ b/packages/ui/src/components/settings/components/account-form.tsx
@@ -0,0 +1,176 @@
+"use client";
+
+import { z } from "zod";
+import { toast } from "sonner";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { analytics } from "../../../lib/firebase";
+import { logEvent } from "firebase/analytics";
+import { Loader2, CircleX } from "lucide-react";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useRouter, useSearchParams } from "next/navigation";
+
+import { Button } from "../../../components/ui/button";
+import { Input } from "../../../components/ui/input";
+
+import {
+  Form,
+  FormControl,
+  FormField,
+  FormItem,
+  FormLabel,
+  FormMessage,
+} from "../../../components/ui/form";
+import { updatePassword } from "../../../app/actions";
+
+const FormSchema = z
+  .object({
+    currentPassword: z.string().max(255, { message: "Invalid password" }),
+    password: z
+      .string()
+      .min(5, {
+        message: "Password must be at least 5 characters",
+      })
+      .max(255, {
+        message: "Password must not exceed 255 characters",
+      }),
+    confirmPassword: z.string(),
+  })
+  .refine(
+    (values) => {
+      return values.password === values.confirmPassword;
+    },
+    {
+      message: "Password does not match",
+      path: ["confirmPassword"],
+    }
+  );
+
+export function AccountForm({ pwdHash }: { pwdHash?: string | null }) {
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const [saving, setSaving] = useState(false);
+
+  const form = useForm<z.infer<typeof FormSchema>>({
+    resolver: zodResolver(FormSchema),
+    defaultValues: {
+      currentPassword: "",
+      password: "",
+      confirmPassword: "",
+    },
+  });
+
+  async function onSubmit(data: z.infer<typeof FormSchema>) {
+    setSaving(true);
+
+    const res = await updatePassword({
+      currentPassword: data.currentPassword,
+      password: data.password,
+    });
+
+    if (res?.error) {
+      toast.error(res.error);
+      setSaving(false);
+      return;
+    }
+
+    setSaving(false);
+
+    toast.success("Password updated successfully");
+    form.reset();
+    router.refresh();
+    logEvent(analytics, "update_password");
+  }
+
+  return (
+    <>
+      {searchParams.get("error") === "already_linked" && (
+        <div className="flex items-center text-red-500 text-sm mt-2">
+          <CircleX className="h-4 w-4 mr-1" />
+          Account already linked to a different profile.
+        </div>
+      )}
+
+      <Form {...form}>
+        <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-8 mt-8">
+          {pwdHash && (
+            <FormField
+              control={form.control}
+              name="currentPassword"
+              render={({ field }) => (
+                <FormItem>
+                  <FormLabel>Current Password</FormLabel>
+                  <FormControl>
+                    <Input
+                      type="password"
+                      placeholder="Verify your password"
+                      disabled={saving}
+                      className="focus-visible:ring-transparent"
+                      {...field}
+                    />
+                  </FormControl>
+                  <FormMessage />
+                </FormItem>
+              )}
+            />
+          )}
+
+          <FormField
+            control={form.control}
+            name="password"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>New Password</FormLabel>
+                <FormControl>
+                  <Input
+                    type="password"
+                    placeholder="Create a new strong password"
+                    disabled={saving}
+                    className="focus-visible:ring-transparent"
+                    {...field}
+                  />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="confirmPassword"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>Confirm New Password</FormLabel>
+                <FormControl>
+                  <Input
+                    type="password"
+                    disabled={saving}
+                    className="focus-visible:ring-transparent"
+                    {...field}
+                  />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <div>
+            <Button
+              disabled={
+                saving ||
+                (!!pwdHash && !form.getValues("currentPassword")) ||
+                !form.getValues("password") ||
+                !form.getValues("confirmPassword")
+              }
+              type="submit"
+              className="w-full mt-2"
+            >
+              {saving && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+              {pwdHash ? "Change" : "Add"} Password
+            </Button>
+          </div>
+        </form>
+      </Form>
+    </>
+  );
+}
diff --git a/packages/ui/src/components/settings/components/account.tsx b/packages/ui/src/components/settings/components/account.tsx
new file mode 100644
index 00000000..a901db21
--- /dev/null
+++ b/packages/ui/src/components/settings/components/account.tsx
@@ -0,0 +1,93 @@
+import Link from "next/link";
+import { ScanFace, ShieldAlert } from "lucide-react";
+import { formatDistanceToNow, fromUnixTime } from "date-fns";
+
+import {
+  Alert,
+  AlertDescription,
+  AlertTitle,
+} from "../../../components/ui/alert";
+
+import {
+  Avatar,
+  AvatarFallback,
+  AvatarImage,
+} from "../../../components/ui/avatar";
+import { DangerSettings } from "./danger";
+import { AccountForm } from "./account-form";
+import { CurrentUserResult } from "../queries";
+import { Label } from "../../../components/ui/label";
+import { Button } from "../../../components/ui/button";
+import { Card, CardHeader } from "../../../components/ui/card";
+
+export function AccountSettings({
+  user,
+  pwdHash,
+}: {
+  user: CurrentUserResult;
+  pwdHash?: string | null;
+}) {
+  const account = user?.accounts?.length ? user.accounts[0] : null;
+
+  return (
+    <div>
+      {!!account && (
+        <>
+          <Label>Connected Account</Label>
+          <Card className="mt-2">
+            <CardHeader className="flex-row space-x-4">
+              <Avatar className="h-16 w-16">
+                <AvatarImage
+                  className="rounded-full"
+                  src={account.picture ?? ""}
+                  alt="Profile Picture"
+                />
+                <AvatarFallback className="md:text-4xl text-xl">
+                  <ScanFace />
+                </AvatarFallback>
+              </Avatar>
+
+              <div className="text-sm">
+                <p>{account.email}</p>
+
+                <p className="text-muted-foreground">
+                  Linked{" "}
+                  {formatDistanceToNow(fromUnixTime(account.createdAt), {
+                    addSuffix: true,
+                  })}
+                </p>
+              </div>
+            </CardHeader>
+          </Card>
+        </>
+      )}
+
+      {!pwdHash && (
+        <Alert className="mt-8">
+          <ShieldAlert className="h-5 w-5" />
+          <AlertTitle>Password (optional)</AlertTitle>
+          <AlertDescription>
+            You can have another way of logging in by adding a password.
+          </AlertDescription>
+        </Alert>
+      )}
+
+      {!account && (
+        <Alert>
+          <ShieldAlert className="h-5 w-5" />
+          <AlertTitle>Link Account</AlertTitle>
+          <AlertDescription>
+            To prevent account loss, you may connect your account with Google.
+            You can still login with your credentials.
+          </AlertDescription>
+          <Button variant="secondary" asChild className="mt-6 w-full">
+            <Link href="/login/google">Connect with Google</Link>
+          </Button>
+        </Alert>
+      )}
+
+      <AccountForm pwdHash={pwdHash} />
+      <DangerSettings />
+    </div>
+  );
+}
diff --git a/packages/ui/src/components/settings/components/danger.tsx b/packages/ui/src/components/settings/components/danger.tsx
new file mode 100644
index 00000000..25e8cfef
--- /dev/null
+++ b/packages/ui/src/components/settings/components/danger.tsx
@@ -0,0 +1,70 @@
+"use client";
+
+import { useState } from "react";
+import { UserRoundX } from "lucide-react";
+
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from "../../../components/ui/dialog";
+import { Input } from "../../../components/ui/input";
+
+import {
+  Alert,
+  AlertDescription,
+  AlertTitle,
+} from "../../../components/ui/alert";
+import { deleteAccount } from "../../../app/actions";
+import { DeleteButton } from "./delete-button";
+import { Button } from "../../../components/ui/button";
+
+export function DangerSettings() {
+  const [confirmText, setConfirmText] = useState("");
+  return (
+    <div className="border-t-2 border-dashed border-muted pt-8 mt-8">
+      <Alert>
+        <UserRoundX className="h-5 w-5" />
+        <AlertTitle>Danger Zone</AlertTitle>
+        <AlertDescription>
+          This action will permanently delete your profile and messages. All of
+          your data will be removed from our servers forever.
+        </AlertDescription>
+
+        <Dialog>
+          <DialogTrigger asChild>
+            <Button
+              variant="outline"
+              className="mt-6 w-full text-red-500 hover:text-red-500"
+            >
+              Delete Account
+            </Button>
+          </DialogTrigger>
+          <DialogContent className="sm:max-w-md max-w-[95%] rounded-md">
+            <DialogHeader>
+              <DialogTitle>Are you absolutely sure?</DialogTitle>
+              <DialogDescription>
+                This will permanently delete your account and remove your data
+                from our servers. Type{" "}
+                <span className="text-yellow-500">delete my account</span> to
+                confirm.
+              </DialogDescription>
+            </DialogHeader>
+
+            <form action={deleteAccount}>
+              <Input
+                value={confirmText}
+                onChange={(e) => setConfirmText(e.target.value)}
+                placeholder="Enter confirmation text"
+              />
+              <DeleteButton confirmText={confirmText} />
+            </form>
+          </DialogContent>
+        </Dialog>
+      </Alert>
+    </div>
+  );
+}
diff --git a/packages/ui/src/components/settings/components/delete-button.tsx b/packages/ui/src/components/settings/components/delete-button.tsx
new file mode 100644
index 00000000..3f55742b
--- /dev/null
+++ b/packages/ui/src/components/settings/components/delete-button.tsx
@@ -0,0 +1,21 @@
+"use client";
+
+import { Button } from "../../../components/ui/button";
+import { Loader2 } from "lucide-react";
+import { useFormStatus } from "react-dom";
+
+export function DeleteButton({ confirmText }: { confirmText: string }) {
+  const { pending } = useFormStatus();
+
+  return (
+    <Button
+      disabled={pending || confirmText !== "delete my account"}
+      type="submit"
+      variant="secondary"
+      className="mt-3 w-full"
+    >
+      {pending && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+      Delete Account
+    </Button>
+  );
+}
diff --git a/packages/ui/src/components/settings/components/general.tsx b/packages/ui/src/components/settings/components/general.tsx
new file mode 100644
index 00000000..bf9ce958
--- /dev/null
+++ b/packages/ui/src/components/settings/components/general.tsx
@@ -0,0 +1,215 @@
+"use client";
+
+import { z } from "zod";
+import { toast } from "sonner";
+import { useState } from "react";
+import { graphql } from "gql.tada";
+import { useForm } from "react-hook-form";
+import { analytics } from "../../../lib/firebase";
+import { useRouter } from "next/navigation";
+import { logEvent } from "firebase/analytics";
+import { Info, Loader2 } from "lucide-react";
+import { zodResolver } from "@hookform/resolvers/zod";
+
+import client from "@/lib/gql/client";
+import { formatError } from "../../../lib/utils";
+import { Input } from "../../../components/ui/input";
+import { Button } from "../../../components/ui/button";
+import { Textarea } from "../../../components/ui/textarea";
+
+import {
+  Form,
+  FormControl,
+  FormDescription,
+  FormField,
+  FormItem,
+  FormLabel,
+  FormMessage,
+} from "../../../components/ui/form";
+import { CurrentUserResult } from "../queries";
+
+const UPDATE_USER_MUTATION = graphql(`
+  mutation UpdateUser($input: UpdateUserInput!) {
+    updateUser(input: $input)
+  }
+`);
+
+const updateUserPersisted = graphql.persisted(
+  "0eb5223468cd7923b5d9a12fc2104425d047f9d34a871160b2e8d37bfc9224fc",
+  UPDATE_USER_MUTATION
+);
+
+const FormSchema = z.object({
+  question: z
+    .string()
+    .min(1, {
+      message: "Custom message must be at least 1 character.",
+    })
+    .max(150, {
+      message: "Custom message must not be longer than 150 characters.",
+    }),
+  bio: z.string().max(150, {
+    message: "Bio must not be longer than 150 characters.",
+  }),
+  displayName: z.string().max(20, {
+    message: "Display name must not exceed 20 characters.",
+  }),
+  username: z
+    .string()
+    .min(5, {
+      message: "Username must be at least 5 characters.",
+    })
+    .max(20, {
+      message: "Username must not exceed 20 characters.",
+    })
+    .refine((url) => /^[a-zA-Z0-9_-]+$/.test(url), {
+      message: "Username must be alphanumeric with no spaces.",
+    }),
+});
+
+export function GeneralSettings({ user }: { user: CurrentUserResult }) {
+  const router = useRouter();
+  const [saving, setSaving] = useState(false);
+  const account = user?.accounts?.length ? user.accounts[0] : null;
+
+  const form = useForm<z.infer<typeof FormSchema>>({
+    resolver: zodResolver(FormSchema),
+    defaultValues: {
+      bio: user?.bio ?? "",
+      question: user?.question,
+      username: user?.username,
+      displayName: user?.displayName ?? "",
+    },
+  });
+
+  async function onSubmit(data: z.infer<typeof FormSchema>) {
+    if (
+      user?.username === data.username &&
+      user?.bio === data.bio &&
+      user?.question === data.question &&
+      user?.displayName === data.displayName
+    ) {
+      toast.info("No changes detected");
+      return;
+    }
+
+    setSaving(true);
+
+    const res = await client.mutation(updateUserPersisted, {
+      input: {
+        ...data,
+        username: data.username.toLowerCase(),
+      },
+    });
+
+    if (res.error) {
+      setSaving(false);
+      toast.error(formatError(res.error.message));
+      return;
+    }
+
+    setSaving(false);
+    router.refresh();
+    toast.success("Details updated");
+    logEvent(analytics, "update_details");
+  }
+
+  return (
+    <Form {...form}>
+      <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-8">
+        <FormField
+          control={form.control}
+          name="displayName"
+          render={({ field }) => (
+            <FormItem>
+              <FormLabel>Display Name</FormLabel>
+              <FormControl>
+                <Input
+                  disabled={saving}
+                  className="focus-visible:ring-transparent"
+                  placeholder="Umamin"
+                  {...field}
+                />
+              </FormControl>
+              <FormMessage />
+            </FormItem>
+          )}
+        />
+
+        <FormField
+          control={form.control}
+          name="username"
+          render={({ field }) => (
+            <FormItem>
+              <FormLabel>Username</FormLabel>
+              <FormControl>
+                <Input
+                  disabled={!account || saving}
+                  className="focus-visible:ring-transparent"
+                  placeholder="umamin"
+                  {...field}
+                />
+              </FormControl>
+              {account ? (
+                <FormDescription>
+                  Your previous username will be available to other users.
+                </FormDescription>
+              ) : (
+                <FormDescription className="flex items-center text-yellow-500">
+                  <Info className="w-4 h-4 mr-1" />
+                  Google account required
+                </FormDescription>
+              )}
+              <FormMessage />
+            </FormItem>
+          )}
+        />
+
+        <FormField
+          control={form.control}
+          name="question"
+          render={({ field }) => (
+            <FormItem>
+              <FormLabel>Custom Message</FormLabel>
+              <FormControl>
+                <Textarea
+                  disabled={saving}
+                  placeholder="Send me an anonymous message!"
+                  className="focus-visible:ring-transparent resize-none"
+                  {...field}
+                />
+              </FormControl>
+              <FormMessage />
+            </FormItem>
+          )}
+        />
+
+        <FormField
+          control={form.control}
+          name="bio"
+          render={({ field }) => (
+            <FormItem>
+              <FormLabel>Bio</FormLabel>
+              <FormControl>
+                <Textarea
+                  disabled={saving}
+                  placeholder="Tell us a little bit about yourself"
+                  className="focus-visible:ring-transparent resize-none"
+                  {...field}
+                />
+              </FormControl>
+              <FormMessage />
+            </FormItem>
+          )}
+        />
+
+        <div>
+          <Button disabled={saving} type="submit" className="w-full mt-2">
+            {saving && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+            Save Changes
+          </Button>
+        </div>
+      </form>
+    </Form>
+  );
+}
diff --git a/packages/ui/src/components/settings/components/privacy.tsx b/packages/ui/src/components/settings/components/privacy.tsx
new file mode 100644
index 00000000..2c66625d
--- /dev/null
+++ b/packages/ui/src/components/settings/components/privacy.tsx
@@ -0,0 +1,128 @@
+"use client";
+
+import { toast } from "sonner";
+import { useState } from "react";
+import { graphql } from "gql.tada";
+import { useRouter } from "next/navigation";
+import { logEvent } from "firebase/analytics";
+import { CircleUserRound, MessageCircleOff } from "lucide-react";
+
+import client from "@/lib/gql/client";
+import { formatError } from "../../..//lib/utils";
+import { analytics } from "../../../lib/firebase";
+import { Label } from "@umamin/ui/components/label";
+import { Switch } from "@umamin/ui/components/switch";
+
+import type { CurrentUserResult } from "../queries";
+
+const UPDATE_PICTURE_MUTATION = graphql(`
+  mutation UpdatePicture($imageUrl: String) {
+    updatePicture(imageUrl: $imageUrl)
+  }
+`);
+
+const UPDATE_QUIET_MODE_MUTATION = graphql(`
+  mutation UpdateQuietMode($quietMode: Boolean!) {
+    updateQuietMode(quietMode: $quietMode)
+  }
+`);
+
+const updatePicturePersisted = graphql.persisted(
+  "84fbec200028bf15058bc1addbef6e960ac4013dfb8c03205440e89e9f6cb19d",
+  UPDATE_PICTURE_MUTATION
+);
+
+const updateQuietModePersisted = graphql.persisted(
+  "8c072442a1cbead14dc07404113b1dc2e3473fbd060fb5658f2c0acf6189a6c7",
+  UPDATE_QUIET_MODE_MUTATION
+);
+
+export function PrivacySettings({ user }: { user: CurrentUserResult }) {
+  const router = useRouter();
+  const [loading, setLoading] = useState(false);
+  const [picture, setPicture] = useState(!!user?.imageUrl);
+  const [quietMode, setQuietMode] = useState(user?.quietMode);
+
+  const toggleDisplayPicture = async () => {
+    setLoading(true);
+
+    if (!user?.accounts?.length) {
+      toast.error("Google account not connected");
+      setLoading(false);
+      return;
+    }
+
+    const res = await client.mutation(updatePicturePersisted, {
+      imageUrl: picture ? null : user?.accounts[0]?.picture,
+    });
+
+    if (res.error) {
+      toast.error(formatError(res.error.message));
+      setLoading(false);
+      return;
+    }
+
+    setPicture((prev) => !prev);
+    toast.success(`Picture ${!picture ? "is now" : "is no longer"} displaying`);
+    setLoading(false);
+    router.refresh();
+
+    logEvent(analytics, "toggle_display_picture");
+  };
+
+  const toggleQuietMode = async () => {
+    setLoading(true);
+
+    const res = await client.mutation(updateQuietModePersisted, {
+      quietMode: !quietMode,
+    });
+
+    if (res.error) {
+      toast.error(formatError(res.error.message));
+      setLoading(false);
+      return;
+    }
+
+    setQuietMode((prev) => !prev);
+    toast.success(`Quiet mode ${!quietMode ? "enabled" : "disabled"}`);
+    setLoading(false);
+    router.refresh();
+
+    logEvent(analytics, "toggle_quiet_mode");
+  };
+
+  return (
+    <section>
+      <Label>Update Preferences</Label>
+      <div className=" flex items-center space-x-4 rounded-md border p-4 mt-2">
+        <CircleUserRound />
+        <div className="flex-1 space-y-1">
+          <p className="text-sm font-medium leading-none">Display Picture</p>
+          <p className="text-sm text-muted-foreground">
+            Show picture from connected account
+          </p>
+        </div>
+        <Switch
+          disabled={loading}
+          checked={picture}
+          onCheckedChange={toggleDisplayPicture}
+        />
+      </div>
+
+      <div className=" flex items-center space-x-4 rounded-md border p-4 mt-4">
+        <MessageCircleOff />
+        <div className="flex-1 space-y-1">
+          <p className="text-sm font-medium leading-none">Quiet Mode</p>
+          <p className="text-sm text-muted-foreground">
+            Temporarily disable incoming messages
+          </p>
+        </div>
+        <Switch
+          disabled={loading}
+          checked={quietMode}
+          onCheckedChange={toggleQuietMode}
+        />
+      </div>
+    </section>
+  );
+}
diff --git a/packages/ui/src/components/settings/components/sign-out-button.tsx b/packages/ui/src/components/settings/components/sign-out-button.tsx
new file mode 100644
index 00000000..d34486a3
--- /dev/null
+++ b/packages/ui/src/components/settings/components/sign-out-button.tsx
@@ -0,0 +1,21 @@
+"use client";
+
+import { Loader2 } from "lucide-react";
+import { useFormStatus } from "react-dom";
+import { Button } from "@umamin/ui/components/button";
+
+export function SignOutButton() {
+  const { pending } = useFormStatus();
+
+  return (
+    <Button
+      data-testid="logout-btn"
+      type="submit"
+      disabled={pending}
+      variant="outline"
+    >
+      {pending && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+      Sign Out
+    </Button>
+  );
+}
diff --git a/packages/ui/src/components/settings/loading.tsx b/packages/ui/src/components/settings/loading.tsx
new file mode 100644
index 00000000..e1cdb72b
--- /dev/null
+++ b/packages/ui/src/components/settings/loading.tsx
@@ -0,0 +1,44 @@
+import { Skeleton } from "@umamin/ui/components/skeleton";
+
+export default function Loading() {
+  return (
+    <div className="full mx-auto max-w-lg container lg:mt-36 mt-28 [&>div]:gap-3 [&>div]:flex flex gap-8 flex-col">
+      <div className="flex justify-between items-center">
+        <div className="flex flex-col gap-3">
+          <Skeleton className="w-24 h-[25px] rounded-md" />
+          <Skeleton className="w-44 h-[10px] rounded-md" />
+        </div>
+
+        <Skeleton className="w-20 h-[30px] rounded-md" />
+      </div>
+
+      <div className="flex flex-col mt-10">
+        <div className="flex justify-around">
+          <Skeleton className="h-[15px] w-[90px] rounded-md" />
+          <Skeleton className="h-[15px] w-[90px] rounded-md" />
+          <Skeleton className="h-[15px] w-[90px] rounded-md" />
+        </div>
+
+        <Skeleton className="w-full h-[2px] rounded-md " />
+      </div>
+
+      <div className="flex-col">
+        <Skeleton className="w-1/5 h-[10px] rounded-md" />
+        <Skeleton className="w-full h-[30px] rounded-md" />
+      </div>
+
+      <div className="flex-col">
+        <Skeleton className="w-1/5 h-[10px] rounded-md" />
+        <Skeleton className="w-full h-[30px] rounded-md" />
+        <Skeleton className="w-1/2 h-[10px] rounded-md" />
+      </div>
+
+      <div className="flex-col">
+        <Skeleton className="w-1/5 h-[10px] rounded-md" />
+        <Skeleton className="w-full h-[90px] rounded-md" />
+      </div>
+
+      <Skeleton className="w-full h-[30px] rounded-md" />
+    </div>
+  );
+}
diff --git a/packages/ui/src/components/settings/page.tsx b/packages/ui/src/components/settings/page.tsx
new file mode 100644
index 00000000..8dcdb7cd
--- /dev/null
+++ b/packages/ui/src/components/settings/page.tsx
@@ -0,0 +1,103 @@
+// import { logout } from "@/";
+import { logout } from "../../app/actions";
+
+import { GeneralSettings } from "./components/general";
+import { AccountSettings } from "./components/account";
+import { PrivacySettings } from "./components/privacy";
+import { SignOutButton } from "./components/sign-out-button";
+
+import {
+  Tabs,
+  TabsContent,
+  TabsList,
+  TabsTrigger,
+} from "@umamin/ui/components/tabs";
+import { SelectUser } from "@umamin/db/schema/user";
+import { CurrentUserResult } from "./queries";
+
+export const metadata = {
+  title: "Umamin — Settings",
+  description:
+    "Manage your preferences and account settings on Umamin. Customize your profile, adjust privacy settings, and control how you interact anonymously.",
+  robots: {
+    index: false,
+    follow: false,
+  },
+  openGraph: {
+    type: "website",
+    title: "Umamin — Settings",
+    description:
+      "Manage your preferences and account settings on Umamin. Customize your profile, adjust privacy settings, and control how you interact anonymously.",
+    url: "https://www.umamin.link/settings",
+  },
+  twitter: {
+    card: "summary_large_image",
+    title: "Umamin — Settings",
+    description:
+      "Manage your preferences and account settings on Umamin. Customize your profile, adjust privacy settings, and control how you interact anonymously.",
+  },
+};
+
+export default function Settings({
+  userData,
+  user,
+}: {
+  userData: CurrentUserResult;
+  user: SelectUser;
+}) {
+  if (!userData) {
+    console.log(userData);
+  }
+
+  const tabsData = [
+    {
+      name: "General",
+      content: !!userData && <GeneralSettings user={userData} />,
+    },
+    {
+      name: "Account",
+      content: !!userData && (
+        <AccountSettings user={userData} pwdHash={user.passwordHash} />
+      ),
+    },
+    {
+      name: "Privacy",
+      content: !!userData && <PrivacySettings user={userData} />,
+    },
+  ];
+
+  return (
+    <div className="w-full mx-auto max-w-lg container lg:mt-36 mt-28 min-h-screen pb-24">
+      <div className="flex items-center justify-between">
+        <h2 className="text-2xl tracking-tight font-semibold">Settings</h2>
+        <form action={logout}>
+          <SignOutButton />
+        </form>
+      </div>
+
+      <p className="text-sm text-muted-foreground">
+        Manage your account settings
+      </p>
+
+      <Tabs defaultValue="General" className="w-full mt-12">
+        <TabsList className="w-full bg-transparent px-0 flex mb-8">
+          {tabsData.map((tab) => (
+            <TabsTrigger
+              key={tab.name}
+              value={tab.name}
+              className="w-full data-[state=active]:border-border border-secondary transition-color border-b rounded-none font-semibold"
+            >
+              {tab.name}
+            </TabsTrigger>
+          ))}
+        </TabsList>
+
+        {tabsData.map((tab) => (
+          <TabsContent key={tab.name} value={tab.name}>
+            {tab.content}
+          </TabsContent>
+        ))}
+      </Tabs>
+    </div>
+  );
+}
diff --git a/packages/ui/src/components/settings/queries.ts b/packages/ui/src/components/settings/queries.ts
new file mode 100644
index 00000000..385027f5
--- /dev/null
+++ b/packages/ui/src/components/settings/queries.ts
@@ -0,0 +1,39 @@
+import { cache } from "react";
+import getClient from "@/lib/gql/rsc";
+import { graphql, ResultOf } from "gql.tada";
+
+export const CURRENT_USER_QUERY = graphql(`
+  query CurrentUser {
+    user {
+      __typename
+      id
+      bio
+      username
+      displayName
+      question
+      quietMode
+      imageUrl
+      createdAt
+      accounts {
+        __typename
+        id
+        email
+        picture
+        createdAt
+      }
+    }
+  }
+`);
+
+const currentUserPersisted = graphql.persisted(
+  "3f2320bbe96bd7895f618b6cdedfdee5d2f40e3e0c1d75095ea0844a0ff107b4",
+  CURRENT_USER_QUERY,
+);
+
+export const getCurrentUser = cache(async (sessionId?: string) => {
+  const result = await getClient(sessionId).query(currentUserPersisted, {});
+
+  return result?.data?.user;
+});
+
+export type CurrentUserResult = ResultOf<typeof CURRENT_USER_QUERY>["user"];
diff --git a/packages/ui/src/graphql-env.d.ts b/packages/ui/src/graphql-env.d.ts
new file mode 100644
index 00000000..6f718946
--- /dev/null
+++ b/packages/ui/src/graphql-env.d.ts
@@ -0,0 +1,51 @@
+/* eslint-disable */
+/* prettier-ignore */
+
+export type introspection_types = {
+    'Account': { kind: 'OBJECT'; name: 'Account'; fields: { 'createdAt': { name: 'createdAt'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'email': { name: 'email'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'ID'; ofType: null; }; } }; 'picture': { name: 'picture'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
+    'Boolean': unknown;
+    'CreateMessageInput': { kind: 'INPUT_OBJECT'; name: 'CreateMessageInput'; isOneOf: false; inputFields: [{ name: 'content'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }, { name: 'question'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }, { name: 'receiverId'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }, { name: 'senderId'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; }; defaultValue: null }]; };
+    'CursorInput': { kind: 'INPUT_OBJECT'; name: 'CursorInput'; isOneOf: false; inputFields: [{ name: 'createdAt'; type: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; defaultValue: null }, { name: 'id'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; }; defaultValue: null }]; };
+    'Date': unknown;
+    'ID': unknown;
+    'Int': unknown;
+    'JSON': unknown;
+    'Message': { kind: 'OBJECT'; name: 'Message'; fields: { 'content': { name: 'content'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'createdAt': { name: 'createdAt'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'ID'; ofType: null; }; } }; 'question': { name: 'question'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'receiver': { name: 'receiver'; type: { kind: 'OBJECT'; name: 'User'; ofType: null; } }; 'receiverId': { name: 'receiverId'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'reply': { name: 'reply'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'updatedAt': { name: 'updatedAt'; type: { kind: 'SCALAR'; name: 'Int'; ofType: null; } }; }; };
+    'MessageCursor': { kind: 'OBJECT'; name: 'MessageCursor'; fields: { 'createdAt': { name: 'createdAt'; type: { kind: 'SCALAR'; name: 'Int'; ofType: null; } }; 'id': { name: 'id'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; }; };
+    'MessagesFromCursorInput': { kind: 'INPUT_OBJECT'; name: 'MessagesFromCursorInput'; isOneOf: false; inputFields: [{ name: 'cursor'; type: { kind: 'INPUT_OBJECT'; name: 'CursorInput'; ofType: null; }; defaultValue: null }, { name: 'type'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }]; };
+    'MessagesWithCursor': { kind: 'OBJECT'; name: 'MessagesWithCursor'; fields: { 'cursor': { name: 'cursor'; type: { kind: 'OBJECT'; name: 'MessageCursor'; ofType: null; } }; 'data': { name: 'data'; type: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'Message'; ofType: null; }; }; } }; 'hasMore': { name: 'hasMore'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Boolean'; ofType: null; }; } }; }; };
+    'Mutation': { kind: 'OBJECT'; name: 'Mutation'; fields: { 'createMessage': { name: 'createMessage'; type: { kind: 'OBJECT'; name: 'Message'; ofType: null; } }; 'createReply': { name: 'createReply'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'deleteMessage': { name: 'deleteMessage'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'deleteNote': { name: 'deleteNote'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'updateNote': { name: 'updateNote'; type: { kind: 'OBJECT'; name: 'Note'; ofType: null; } }; 'updatePicture': { name: 'updatePicture'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'updateQuietMode': { name: 'updateQuietMode'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'updateUser': { name: 'updateUser'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; }; };
+    'Note': { kind: 'OBJECT'; name: 'Note'; fields: { 'content': { name: 'content'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'ID'; ofType: null; }; } }; 'isAnonymous': { name: 'isAnonymous'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Boolean'; ofType: null; }; } }; 'updatedAt': { name: 'updatedAt'; type: { kind: 'SCALAR'; name: 'Int'; ofType: null; } }; 'user': { name: 'user'; type: { kind: 'OBJECT'; name: 'PublicUser'; ofType: null; } }; }; };
+    'NoteCursor': { kind: 'OBJECT'; name: 'NoteCursor'; fields: { 'id': { name: 'id'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'updatedAt': { name: 'updatedAt'; type: { kind: 'SCALAR'; name: 'Int'; ofType: null; } }; }; };
+    'NotesFromCursorInput': { kind: 'INPUT_OBJECT'; name: 'NotesFromCursorInput'; isOneOf: false; inputFields: [{ name: 'id'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; }; defaultValue: null }, { name: 'updatedAt'; type: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; defaultValue: null }]; };
+    'NotesWithCursor': { kind: 'OBJECT'; name: 'NotesWithCursor'; fields: { 'cursor': { name: 'cursor'; type: { kind: 'OBJECT'; name: 'NoteCursor'; ofType: null; } }; 'data': { name: 'data'; type: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'Note'; ofType: null; }; }; } }; 'hasMore': { name: 'hasMore'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Boolean'; ofType: null; }; } }; }; };
+    'PublicUser': { kind: 'OBJECT'; name: 'PublicUser'; fields: { 'bio': { name: 'bio'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'createdAt': { name: 'createdAt'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'displayName': { name: 'displayName'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'ID'; ofType: null; }; } }; 'imageUrl': { name: 'imageUrl'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'question': { name: 'question'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'quietMode': { name: 'quietMode'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Boolean'; ofType: null; }; } }; 'username': { name: 'username'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
+    'Query': { kind: 'OBJECT'; name: 'Query'; fields: { 'messages': { name: 'messages'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'Message'; ofType: null; }; }; }; } }; 'messagesFromCursor': { name: 'messagesFromCursor'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'MessagesWithCursor'; ofType: null; }; } }; 'note': { name: 'note'; type: { kind: 'OBJECT'; name: 'Note'; ofType: null; } }; 'notes': { name: 'notes'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'Note'; ofType: null; }; }; }; } }; 'notesFromCursor': { name: 'notesFromCursor'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'NotesWithCursor'; ofType: null; }; } }; 'user': { name: 'user'; type: { kind: 'OBJECT'; name: 'User'; ofType: null; } }; 'userByUsername': { name: 'userByUsername'; type: { kind: 'OBJECT'; name: 'PublicUser'; ofType: null; } }; }; };
+    'String': unknown;
+    'UpdateUserInput': { kind: 'INPUT_OBJECT'; name: 'UpdateUserInput'; isOneOf: false; inputFields: [{ name: 'bio'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; }; defaultValue: null }, { name: 'displayName'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }, { name: 'question'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }, { name: 'username'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; }; defaultValue: null }]; };
+    'User': { kind: 'OBJECT'; name: 'User'; fields: { 'accounts': { name: 'accounts'; type: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'Account'; ofType: null; }; }; } }; 'bio': { name: 'bio'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'createdAt': { name: 'createdAt'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'displayName': { name: 'displayName'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'ID'; ofType: null; }; } }; 'imageUrl': { name: 'imageUrl'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'question': { name: 'question'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'quietMode': { name: 'quietMode'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Boolean'; ofType: null; }; } }; 'username': { name: 'username'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
+};
+
+/** An IntrospectionQuery representation of your schema.
+ *
+ * @remarks
+ * This is an introspection of your schema saved as a file by GraphQLSP.
+ * It will automatically be used by `gql.tada` to infer the types of your GraphQL documents.
+ * If you need to reuse this data or update your `scalars`, update `tadaOutputLocation` to
+ * instead save to a .ts instead of a .d.ts file.
+ */
+export type introspection = {
+  name: never;
+  query: 'Query';
+  mutation: 'Mutation';
+  subscription: never;
+  types: introspection_types;
+};
+
+import * as gqlTada from 'gql.tada';
+
+declare module 'gql.tada' {
+  interface setupSchema {
+    introspection: introspection
+  }
+}
\ No newline at end of file
diff --git a/packages/ui/src/lib/auth.ts b/packages/ui/src/lib/auth.ts
new file mode 100644
index 00000000..05f347e7
--- /dev/null
+++ b/packages/ui/src/lib/auth.ts
@@ -0,0 +1,84 @@
+import { cache } from "react";
+import { Google } from "arctic";
+import { cookies } from "next/headers";
+import { Lucia, Session, User } from "lucia";
+import { DrizzleSQLiteAdapter } from "@lucia-auth/adapter-drizzle";
+
+import { db } from "@umamin/db";
+import {
+  SelectUser,
+  user as userSchema,
+  session as sessionSchema,
+} from "@umamin/db/schema/user";
+
+export const google = new Google(
+  process.env.GOOGLE_CLIENT_ID!,
+  process.env.GOOGLE_CLIENT_SECRET!,
+  process.env.GOOGLE_REDIRECT_URI!,
+);
+
+const adapter = new DrizzleSQLiteAdapter(db, sessionSchema, userSchema);
+
+export const lucia = new Lucia(adapter, {
+  sessionCookie: {
+    expires: false,
+    attributes: {
+      secure: process.env.NODE_ENV === "production",
+    },
+  },
+  getUserAttributes: (attributes) => {
+    return {
+      ...attributes,
+    };
+  },
+});
+
+export const getSession = cache(
+  async (): Promise<
+    { user: User; session: Session } | { user: null; session: null }
+  > => {
+    const sessionId = cookies().get(lucia.sessionCookieName)?.value ?? null;
+
+    if (!sessionId) {
+      return {
+        user: null,
+        session: null,
+      };
+    }
+
+    const result = await lucia.validateSession(sessionId);
+
+    try {
+      if (result.session && result.session.fresh) {
+        const sessionCookie = lucia.createSessionCookie(result.session.id);
+        cookies().set(
+          sessionCookie.name,
+          sessionCookie.value,
+          sessionCookie.attributes,
+        );
+      }
+
+      if (!result.session) {
+        const sessionCookie = lucia.createBlankSessionCookie();
+        cookies().set(
+          sessionCookie.name,
+          sessionCookie.value,
+          sessionCookie.attributes,
+        );
+      }
+    } catch (err) {
+      console.log(err);
+    }
+    return result;
+  },
+);
+
+declare module "lucia" {
+  // eslint-disable-next-line no-unused-vars
+  interface Register {
+    Lucia: typeof lucia;
+    DatabaseUserAttributes: DatabaseUserAttributes;
+  }
+}
+
+interface DatabaseUserAttributes extends SelectUser {}
diff --git a/packages/ui/src/lib/firebase.ts b/packages/ui/src/lib/firebase.ts
new file mode 100644
index 00000000..04417caf
--- /dev/null
+++ b/packages/ui/src/lib/firebase.ts
@@ -0,0 +1,22 @@
+import { initializeApp } from "firebase/app";
+import { Analytics, getAnalytics } from "firebase/analytics";
+
+let analytics: Analytics;
+
+const firebaseConfig = {
+  apiKey: "AIzaSyCqW6WYm0Tra6Kcp2sgeHrLPqPboyCJInY",
+  authDomain: "umamin-v2.firebaseapp.com",
+  projectId: "umamin-v2",
+  storageBucket: "umamin-v2.appspot.com",
+  messagingSenderId: "1093852617153",
+  appId: "1:1093852617153:web:5547a874c4a61bb9dbb740",
+  measurementId: "G-E7V75FEX43",
+};
+
+const app = initializeApp(firebaseConfig);
+
+if (typeof window !== "undefined") {
+  analytics = getAnalytics(app);
+}
+
+export { analytics };
diff --git a/packages/ui/src/lib/gql/client.ts b/packages/ui/src/lib/gql/client.ts
new file mode 100644
index 00000000..a25fa2c4
--- /dev/null
+++ b/packages/ui/src/lib/gql/client.ts
@@ -0,0 +1,17 @@
+import { Client, cacheExchange, fetchExchange } from "@urql/core";
+import { persistedExchange } from "@urql/exchange-persisted";
+
+const client = new Client({
+  url: process.env.NEXT_PUBLIC_GQL_URL!,
+  exchanges: [
+    cacheExchange,
+    persistedExchange({
+      enforcePersistedQueries: true,
+      enableForMutation: true,
+      generateHash: (_, document: any) => document.documentId,
+    }),
+    fetchExchange,
+  ],
+});
+
+export default client;
diff --git a/packages/ui/src/lib/gql/rsc.ts b/packages/ui/src/lib/gql/rsc.ts
new file mode 100644
index 00000000..30064a5c
--- /dev/null
+++ b/packages/ui/src/lib/gql/rsc.ts
@@ -0,0 +1,32 @@
+import { lucia } from "../auth";
+import { registerUrql } from "@urql/next/rsc";
+import { persistedExchange } from "@urql/exchange-persisted";
+import { cacheExchange, createClient, fetchExchange } from "@urql/core";
+
+const getClient = (sessionId?: string) => {
+  const makeClient = () => {
+    return createClient({
+      url: process.env.NEXT_PUBLIC_GQL_URL!,
+      exchanges: [
+        cacheExchange,
+        persistedExchange({
+          enforcePersistedQueries: true,
+          enableForMutation: true,
+          generateHash: (_, document: any) => document.documentId,
+        }),
+        fetchExchange,
+      ],
+      fetchOptions: () => ({
+        headers: {
+          cookie: `${lucia.sessionCookieName}=${sessionId}`,
+        },
+      }),
+    });
+  };
+
+  const { getClient: _getClient } = registerUrql(makeClient);
+
+  return _getClient();
+};
+
+export default getClient;
diff --git a/packages/ui/src/lib/utils.ts b/packages/ui/src/lib/utils.ts
index d084ccad..f6cde4f2 100644
--- a/packages/ui/src/lib/utils.ts
+++ b/packages/ui/src/lib/utils.ts
@@ -1,6 +1,47 @@
-import { type ClassValue, clsx } from "clsx"
-import { twMerge } from "tailwind-merge"
+import { type ClassValue, clsx } from "clsx";
+import { twMerge } from "tailwind-merge";
+import { toast } from "sonner";
+import { formatDistanceToNow, fromUnixTime } from "date-fns";
 
 export function cn(...inputs: ClassValue[]) {
-  return twMerge(clsx(inputs))
+  return twMerge(clsx(inputs));
+}
+
+export const formatError = (err: string) => {
+  return err.replace("[GraphQL] ", "");
+};
+
+export function shortTimeAgo(epoch: number) {
+  const distance = formatDistanceToNow(fromUnixTime(epoch));
+
+  if (distance === "less than a minute") {
+    return "just now";
+  }
+
+  const minutesMatch = distance.match(/(\d+)\s+min/);
+  if (minutesMatch) {
+    return `${minutesMatch[1]}m`;
+  }
+
+  const hoursMatch = distance.match(/(\d+)\s+hour/);
+  if (hoursMatch) {
+    return `${hoursMatch[1]}h`;
+  }
+
+  const daysMatch = distance.match(/(\d+)\s+day/);
+  if (daysMatch) {
+    return `${daysMatch[1]}d`;
+  }
+
+  const monthsMatch = distance.match(/(\d+)\s+month/);
+  if (monthsMatch) {
+    return `${monthsMatch[1]}mo`;
+  }
+
+  const yearsMatch = distance.match(/(\d+)\s+year/);
+  if (yearsMatch) {
+    return `${yearsMatch[1]}y`;
+  }
+
+  return distance;
 }
diff --git a/packages/ui/src/schema.graphql b/packages/ui/src/schema.graphql
new file mode 100644
index 00000000..899d1ca7
--- /dev/null
+++ b/packages/ui/src/schema.graphql
@@ -0,0 +1,130 @@
+type Account {
+  createdAt: Int!
+  email: String!
+  id: ID!
+  picture: String!
+}
+
+input CreateMessageInput {
+  content: String!
+  question: String!
+  receiverId: String!
+  senderId: String
+}
+
+input CursorInput {
+  createdAt: Int
+  id: String
+}
+
+"""
+A date string, such as 2007-12-03, compliant with the `full-date` format outlined in section 5.6 of the RFC 3339 profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar.
+"""
+scalar Date
+
+"""
+The `JSON` scalar type represents JSON values as specified by [ECMA-404](http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf).
+"""
+scalar JSON
+
+type Message {
+  content: String!
+  createdAt: Int!
+  id: ID!
+  question: String!
+  receiver: User
+  receiverId: String!
+  reply: String
+  updatedAt: Int
+}
+
+type MessageCursor {
+  createdAt: Int
+  id: String
+}
+
+input MessagesFromCursorInput {
+  cursor: CursorInput
+  type: String!
+}
+
+type MessagesWithCursor {
+  cursor: MessageCursor
+  data: [Message!]
+  hasMore: Boolean!
+}
+
+type Mutation {
+  createMessage(input: CreateMessageInput!): Message
+  createReply(content: String!, messageId: String!): String
+  deleteMessage(id: String!): String
+  deleteNote: String
+  updateNote(content: String!, isAnonymous: Boolean!): Note
+  updatePicture(imageUrl: String): String
+  updateQuietMode(quietMode: Boolean!): String
+  updateUser(input: UpdateUserInput!): String
+}
+
+type Note {
+  content: String!
+  id: ID!
+  isAnonymous: Boolean!
+  updatedAt: Int
+  user: PublicUser
+}
+
+type NoteCursor {
+  id: String
+  updatedAt: Int
+}
+
+input NotesFromCursorInput {
+  id: String
+  updatedAt: Int
+}
+
+type NotesWithCursor {
+  cursor: NoteCursor
+  data: [Note!]
+  hasMore: Boolean!
+}
+
+type PublicUser {
+  bio: String
+  createdAt: Int!
+  displayName: String
+  id: ID!
+  imageUrl: String
+  question: String!
+  quietMode: Boolean!
+  username: String!
+}
+
+type Query {
+  messages(type: String!): [Message!]!
+  messagesFromCursor(input: MessagesFromCursorInput!): MessagesWithCursor!
+  note: Note
+  notes: [Note!]!
+  notesFromCursor(cursor: NotesFromCursorInput!): NotesWithCursor!
+  user: User
+  userByUsername(username: String!): PublicUser
+}
+
+input UpdateUserInput {
+  bio: String
+  displayName: String!
+  question: String!
+  username: String!
+}
+
+type User {
+  accounts: [Account!]
+  bio: String
+  createdAt: Int!
+  displayName: String
+  id: ID!
+  imageUrl: String
+  question: String!
+  quietMode: Boolean!
+  username: String!
+}
\ No newline at end of file
diff --git a/packages/ui/tsconfig.json b/packages/ui/tsconfig.json
index 1c370262..58b5dc54 100644
--- a/packages/ui/tsconfig.json
+++ b/packages/ui/tsconfig.json
@@ -1,11 +1,25 @@
 {
   "extends": "@umamin/tsconfig/react-library.json",
   "compilerOptions": {
+    "plugins": [
+      {
+        "name": "next"
+      },
+      {
+        "name": "@0no-co/graphqlsp",
+        "schema": "./src/schema.graphql",
+        "tadaOutputLocation": "./src/graphql-env.d.ts",
+        "tadaPersistedLocation": "./src/persisted-operations.json",
+        "trackFieldUsage": false
+      }
+    ],
     "outDir": "dist",
     "rootDir": ".",
     "paths": {
       "@/*": ["./src/*"]
-    }
+    },
+    "module": "esnext",
+    "moduleResolution": "bundler",
   },
   "include": ["src"],
   "exclude": ["node_modules", "dist"]
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 8a04796e..a11a8f1c 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -688,6 +688,15 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
+      '@0no-co/graphqlsp':
+        specifier: ^1.12.12
+        version: 1.12.12(graphql@16.9.0)(typescript@5.5.4)
+      '@lucia-auth/adapter-drizzle':
+        specifier: ^1.0.7
+        version: 1.0.7(lucia@3.2.0)
+      '@node-rs/argon2':
+        specifier: ^1.8.3
+        version: 1.8.3
       '@tailwindcss/typography':
         specifier: ^0.5.13
         version: 0.5.13(tailwindcss@3.4.7)
@@ -703,18 +712,57 @@ importers:
       '@types/react-dom':
         specifier: ^18.3.0
         version: 18.3.0
+      '@umamin/aes':
+        specifier: workspace:*
+        version: link:../aes
+      '@umamin/db':
+        specifier: workspace:*
+        version: link:../db
       '@umamin/eslint-config':
         specifier: workspace:*
         version: link:../eslint
+      '@umamin/gql':
+        specifier: workspace:*
+        version: link:../gql
       '@umamin/tsconfig':
         specifier: workspace:*
         version: link:../tsconfig
+      '@urql/core':
+        specifier: ^5.0.5
+        version: 5.0.5(graphql@16.9.0)
+      '@urql/exchange-persisted':
+        specifier: ^4.3.0
+        version: 4.3.0(@urql/core@5.0.5(graphql@16.9.0))
+      '@urql/next':
+        specifier: ^1.1.1
+        version: 1.1.1(next@14.2.5(@opentelemetry/api@1.9.0)(@playwright/test@1.45.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)(urql@4.1.0(@urql/core@5.0.5(graphql@16.9.0))(react@18.3.1))
+      arctic:
+        specifier: ^1.9.2
+        version: 1.9.2
       autoprefixer:
         specifier: ^10.4.19
         version: 10.4.19(postcss@8.4.40)
+      date-fns:
+        specifier: ^3.6.0
+        version: 3.6.0
       eslint:
         specifier: ^8.57.0
         version: 8.57.0
+      firebase:
+        specifier: ^10.12.4
+        version: 10.12.5
+      gql.tada:
+        specifier: ^1.8.5
+        version: 1.8.5(graphql@16.9.0)(typescript@5.5.4)
+      lucia:
+        specifier: ^3.2.0
+        version: 3.2.0
+      nanoid:
+        specifier: ^5.0.7
+        version: 5.0.7
+      next:
+        specifier: 14.2.5
+        version: 14.2.5(@opentelemetry/api@1.9.0)(@playwright/test@1.45.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       postcss:
         specifier: ^8.4.40
         version: 8.4.40
@@ -4454,6 +4502,7 @@ packages:
 
   libsql@0.3.19:
     resolution: {integrity: sha512-Aj5cQ5uk/6fHdmeW0TiXK42FqUlwx7ytmMLPSaUQPin5HKKKuUPD62MAbN4OEweGBBI7q1BekoEN4gPUEL6MZA==}
+    cpu: [x64, arm64, wasm32]
     os: [darwin, linux, win32]
 
   lilconfig@2.1.0:
@@ -9155,7 +9204,7 @@ snapshots:
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
       eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       eslint-plugin-jsx-a11y: 6.9.0(eslint@8.57.0)
       eslint-plugin-react: 7.35.0(eslint@8.57.0)
       eslint-plugin-react-hooks: 4.6.2(eslint@8.57.0)
@@ -9209,7 +9258,7 @@ snapshots:
       enhanced-resolve: 5.17.1
       eslint: 8.57.0
       eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.6
       is-core-module: 2.15.0
@@ -9284,7 +9333,7 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.5.4))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5