Privacy policy

1. Information we collect

Good Contact stores contact information locally on your device, including:

• Contact names, companies, and job titles
• Phone numbers and email addresses
• City and country
• Dates of birth and family members (spouse, children)
• Notes and activity logs
• Reminders and engagement plans
• Tags and relationship types

2. How we use your information

Your information is used solely to provide the functionality of Good Contact:

• Storing and organizing your contacts
• Creating and managing reminders
• Tracking interaction history
• Generating engagement plans
• Syncing data across your devices (if enabled)

3. Data storage and security

Authentication

Sign in to Good Contact uses Sign in with Apple. We never see, store, or transmit a password. Apple’s authentication infrastructure handles credential verification; we receive only the stable per-app identifier Apple provides for your account.

We also store an encrypted Apple-issued refresh token in our Supabase database, used only to revoke your Apple ID access if you delete your account (in compliance with Apple’s App Review Guideline 5.1.1(v)). The token is never used for any other purpose and is deleted along with the rest of your account data on deletion.

Local storage (all users)

Your contact data is stored locally on your device and encrypted at rest using Apple’s Data Protection, the same on-device encryption that secures Apple Contacts, Mail, and Photos. The encryption key is derived from your device passcode; we never have access to it. After you unlock your device for the first time following a restart, the key becomes available to Good Contact for the rest of that session, including while the device is subsequently locked. This lets background contact sync and reminders work without interruption.

When you export your contacts (Settings → More → Data Management → Export Contacts), the resulting CSV files contain your contact data, including notes and activity history, if you choose to include them, as plaintext. The export sheet lets you opt out of notes and activity history before the file is produced. Treat exported files like any sensitive document; anyone with access to the file can read its contents.

Additional protection (optional)

For an additional layer of protection while your device is unlocked, you can require Face ID, Touch ID, or your device passcode to open Good Contact specifically (Settings → Security → Require [biometric] to open). This adds a sign-in gate every time you open the app, which protects against someone with momentary access to your unlocked device seeing your contact list. This is a user-interface gate; it does not change how your data is encrypted on disk, but for the realistic everyday threat, a stranger picking up your unlocked phone, it is the layer that matters.

iCloud sync (Premium feature)

If you enable iCloud sync, your contact data is synced across your Apple devices through your own private CloudKit database in your iCloud account. Apple encrypts CloudKit data in transit (TLS) and at rest (AES-256). Only your devices, signed in with your Apple ID, can access this database. Good Contact’s servers are never in the sync path.

Where your data is stored

Your personal information may be stored and processed in the following locations:

• On your device: All contact data is stored locally on your iPhone, iPad, or Mac, protected by Apple’s Data Protection.
• Australia and the United States: Your account profile and subscription state are stored in our Supabase database, which may use servers in Australia and the United States. Contact data is never stored on our servers.
• United States: If you opt into analytics, crash reports are processed by Sentry (US-based). Your email and first name may be processed by our email marketing service (US-based).
• Apple iCloud servers: If you enable iCloud sync, your contact data is stored in your private CloudKit database on Apple’s servers, which may be located in various countries. Your data there is encrypted at rest and accessible only to your Apple ID.

By using Good Contact, you consent to the transfer of your information to these locations. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy and the Australian Privacy Act 1988.

4. Data sharing

We do not sell, rent, or trade your personal information. Your contact data (names, emails, phone numbers, notes) remains private and is never transmitted to third parties.

However, we do share limited account information with trusted service providers to operate our business:

• Email Marketing Service (Loops): Your email address and first name may be shared to send you product updates, tips, and support communications. You can unsubscribe from marketing emails anytime.
• Apple iCloud: If you enable iCloud sync (Premium feature), your contact data syncs through your private CloudKit database in your own iCloud account.

We never share your actual contact data with any third party. Only your account information (email, first name) is shared for the purposes described above.

5. iCloud sync (Premium feature)

How CloudKit sync works

If you enable iCloud sync, your contact data is synced across your Apple devices using Apple’s CloudKit service. CloudKit syncs data to a private database within your own iCloud account, not to a Good Contact server. The data path is between your Apple devices and Apple’s servers; we are never in it.

Encryption

CloudKit data is encrypted in transit (TLS) and at rest (AES-256) on Apple’s servers. Apple manages the underlying CloudKit encryption keys, but the database is private to your Apple ID. Only your authenticated devices can read it.

Note: Metadata such as sync timestamps and data structure may be visible to Apple for technical operations. Your data is subject to Apple’s Privacy Policy when using iCloud sync.

Deleting iCloud data

When you delete your account, or choose “Disable Sync & Delete iCloud Data,” Good Contact asks Apple’s CloudKit to remove your synced contacts from your private iCloud database. Because that data lives in your own iCloud account and is removed by Apple’s sync system, this is done on a best-effort basis: the app requests deletion and waits for confirmation, but completion depends on your network connection and Apple’s servers and may continue in the background after you leave the app. For a very large contact database, or if your device is offline, removal may be delayed or incomplete.

You can remove all of Good Contact’s iCloud data yourself at any time, independently of the app:

• iPhone/iPad: Settings → [your name] → iCloud → Manage Account Storage → Good Contact → Delete Data from iCloud.
• Mac: System Settings → [your name] → iCloud → Manage… → Good Contact → Delete from iCloud.

This removes the synced copy from Apple’s servers across all your devices. Menu labels vary slightly by iOS/macOS version.

6. Device integrations & on-device features

Good Contact integrates with several iOS/macOS system features. This section covers what each integration accesses, what (if anything) is transmitted, and how to disable each one.

Apple Contacts

Good Contact can read your device’s Contacts app to bring contacts into Good Contact. You control when this happens. There is no continuous background sync.

• Preview & Apply Sync: From Settings → Sync, tap “Sync with Apple Contacts” to see a preview of what would change (new contacts to import, existing contacts to refresh with current data from Apple, links to disconnect for contacts deleted in Apple Contacts). Nothing is changed in Good Contact until you tap Apply.
• Saving a new contact in Good Contact: When you create a new contact in-app, Good Contact can optionally also create a matching entry in Apple Contacts. Your preference (Always / Never / Ask each time) is set in Settings → Sync.
• Per-contact “Add to Apple Contacts”: From a contact’s detail view you can add an individual contact to Apple Contacts on demand.

Good Contact never deletes contacts from Apple Contacts, and never makes automatic ongoing changes to your Apple Contacts data. Tags, reminders, activities, and engagement plans are Good Contact-specific and never written to Apple Contacts. Notes will be included in the per-contact “Add to Apple Contacts” action once Apple grants Good Contact the relevant entitlement.

Apple Calendar

If you enable calendar sync, Good Contact requests access to your device’s Calendar app. Meeting, coffee, and meal reminders created in Good Contact can be synced to your Apple Calendar as events. Good Contact only creates and updates events it created itself. It does not read or modify any other calendar events.

Camera & photo library

For business card scanning, Good Contact requests access to your device’s camera and/or photo library. Images are processed entirely on-device using Apple’s Vision framework. No images are uploaded or transmitted off your device. You can revoke either permission in iOS Settings → Privacy & Security at any time.

Siri & app shortcuts

Good Contact registers with Siri so you can use voice commands to log activities, set reminders, look up contacts, complete reminders, and view today’s check-ins. When you use a Siri command, Apple’s Siri infrastructure briefly handles your voice query and the resulting parameters (contact names, dates, activity types) to invoke Good Contact. Standard Apple Siri privacy applies. See apple.com/legal/privacy/data/en/siri.

Spotlight search

Good Contact indexes a limited subset of your data into the system Spotlight index so contacts and upcoming reminders appear in iOS/macOS system search.

• Indexed: contact name, company, job title, and relationship; reminder type, date, and the associated contact’s name.
• Never indexed: notes, activity logs, phone numbers, email addresses, birthdays, anniversaries, spouse, children.

The Spotlight index is on-device only. It is not synced via iCloud. You can disable Spotlight indexing in Good Contact’s Settings; doing so removes any existing entries.

On-device AI (Apple Intelligence)

On iOS 26+/macOS 26+ devices that support Apple Intelligence, Good Contact uses on-device language models to:

• Extract contact details from pasted text, photos, or shared content (the “Smart Contact” extraction, Premium)
• Draft outreach messages for reminders (Premium)

All AI processing runs on your device using Apple’s Foundation Models framework, which provides on-device-only access to the model (there is no developer path to Apple’s servers). Your data is not sent to a server, to Apple, or to any third-party AI service. These features require a supported device with Apple Intelligence turned on in Settings, and they become available once the on-device model has finished downloading (which needs sufficient free storage). Availability can also depend on your device’s language and region.

Phone call detection

On iOS, Good Contact uses Apple’s CallKit framework to detect when a phone call started from within the app has ended. After the call ends, the app prompts you to log the activity against the relevant contact. CallKit only reports call state events (start, connect, end); Good Contact does not record, transcribe, or transmit any call content. This feature can be disabled in Settings.

Notifications

Good Contact uses two notification types:

• Local notifications: Scheduled reminders and morning/evening summaries. These are generated on your device and never sent over the internet.
• Push notifications: If you enable iCloud sync (Premium), Apple’s APNs service delivers silent change notifications to your other devices so changes propagate without polling. A silent push is also used to notify your other devices if you delete your account.

You can disable all notifications in iOS Settings → Notifications → Good Contact.

Share extension

Good Contact registers a Share Extension so you can share text, URLs, or images from other apps directly into Good Contact for contact extraction. Shared content is processed on your device using the on-device AI described above. Nothing is uploaded. You can disable the Share Extension in iOS Settings → General → Share Sheet.

Biometric authentication (optional app lock)

You can require Face ID, Touch ID, or your device passcode to open Good Contact (Settings → Security). This is a convenience layer in addition to Apple’s Data Protection; it does not change how your data is encrypted at rest. Biometric authentication is handled entirely by iOS/macOS. Good Contact never sees your biometric data.

7. Data collection and analytics

Essential data collection (always collected)

To provide core app functionality, we collect and process the following data in our secure database (Supabase), regardless of your analytics preferences:

• Your Apple-provided user identifier (a stable identifier Apple gives us when you sign in)
• Your name, email address, and country
• Company and industry
• Subscription status (free/premium)
• Purchase and cancellation events
• Transaction IDs from App Store purchases
• Platform (iOS/macOS)
• App settings (biometric unlock, calendar sync, contacts sync, iCloud sync preferences)
• Contact metrics: total contacts, active contacts, inactive contacts, and contacts at risk of lapsing

This data is collected and processed because it is necessary to:

• Create and manage your account
• Verify and track your subscription status
• Manage free tier contact limits and personalise upgrade prompts
• Sync your settings across devices
• Provide customer support
• Send product updates and communications
• Detect and prevent subscription fraud

Optional analytics and marketing data

With your consent, we collect the following usage data for analytics purposes:

• Number of reminders (not the reminder content)
• Last app usage timestamp
• Error logs and crash reports (via Sentry, all personal info is automatically scrubbed)

This data is used to:

• Improve app features and user experience
• Identify and fix crashes and bugs
• Understand product usage patterns

You can opt out of analytics anytime in Settings → Privacy. This will NOT affect your subscription or app functionality. Opting out disables Sentry crash reporting and resets your usage data.

8. Third-party services

Good Contact uses the following third-party services:

For more information:

• Apple Privacy
• Supabase Security
• Loops Privacy
• Sentry Privacy

9. Your rights

You have the right to:

• Access: Request access to the personal information we hold about you. Contact us at hello@goodcontact.io to request a copy of your data.
• Correction: Request correction of inaccurate, out-of-date, or incomplete personal information. You can update your profile in Settings, or contact us for data held on our servers.
• Erasure: Delete all your data from our servers, including your account, profile, and subscription history (Settings → Delete Account).
• Portability: Export your contacts in vCard or CSV format.
• Object: Opt out of optional analytics (Settings → Privacy).
• Withdraw Consent: Change your analytics preference anytime in Settings → Privacy. To stop marketing communications, unsubscribe via the link in any marketing email.
• Complaint: If you believe we have mishandled your personal information, lodge a complaint with us at hello@goodcontact.io. We will respond within 30 days.

10. Data breach notification

In the event of a data breach that is likely to result in serious harm, we will comply with the relevant applicable laws of Australia.

11. Children’s privacy

Good Contact is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at hello@goodcontact.io so we can delete it.

12. Changes to privacy policy

We may update this Privacy Policy from time to time. Changes will be posted within the app and on our website, and continued use constitutes acceptance of the updated policy.

13. Contact us

If you have any questions about this Privacy Policy, wish to make a complaint, or want to exercise your privacy rights, please contact us: