Privacy Policy

Last updated: January 28, 2025

Table of Contents

1. Information We Collect

Good Contact stores contact information locally on your device, including:

  • Contact names, companies, and job titles
  • Phone numbers and email addresses
  • Notes and activity logs
  • Reminders and engagement plans
  • Tags and relationship types

2. How We Use Your Information

Your information is used solely to provide the functionality of Good Contact:

  • Storing and organizing your contacts
  • Creating and managing reminders
  • Tracking interaction history
  • Generating engagement plans
  • Syncing data across your devices (if enabled)

3. Data Storage and Security

Local Storage (All Users)

All your contact data is stored locally on your device and protected with passphrase encryption using industry-standard AES-256-GCM. Your passphrase is used to derive encryption keys via PBKDF2 with 600,000 iterations. Only you have access to decrypt your contacts — we cannot access your encrypted data.

iCloud Sync (Premium Feature)

If you enable iCloud sync, your already-encrypted contact data is synced using Apple's CloudKit service. Your contacts are encrypted on your device with your passphrase before syncing, then CloudKit adds an additional encryption layer (TLS in transit, AES-256 at rest). Since your passphrase never syncs to iCloud, Apple cannot decrypt your contact data even though they hold the CloudKit encryption keys. Only you and your devices with your passphrase can access your contacts.

4. Data Sharing

We do not sell, rent, or trade your personal information. Your contact data (names, emails, phone numbers, notes) remains private and is never transmitted to third parties.

However, we do share limited account information with trusted service providers to operate our business:

  • Email Marketing Service (e.g., Mailchimp): Your email address, name, and country may be shared to send you product updates, tips, and support communications. You can unsubscribe from marketing emails anytime.
  • Apple iCloud: Your encrypted contact data syncs via CloudKit if you enable iCloud sync (Premium feature).

We never share your actual contact data with any third party. Only your account information (email, name) is shared for the purposes described above.

5. iCloud Sync (Premium Feature)

How CloudKit Sync Works

If you enable iCloud sync, your contact data is synced across your Apple devices using Apple's CloudKit service. CloudKit is Apple's cloud storage platform that syncs data to your iCloud account.

Encryption Model

Your contacts are protected by two layers of encryption when using CloudKit sync:

Layer 1: Your Passphrase Encryption (App-Level)

  • Your contacts are encrypted with your passphrase before syncing
  • This encryption happens on your device using AES-256-GCM
  • Your passphrase NEVER syncs to iCloud
  • Apple cannot decrypt this layer — only you can with your passphrase

Layer 2: CloudKit Encryption (Transport & Storage)

  • In Transit: Encrypted data is sent via TLS to Apple's servers
  • At Rest: Encrypted data is stored with AES-256 on Apple's servers
  • Apple holds these CloudKit encryption keys

What This Means

  • Apple can access the CloudKit encryption layer
  • BUT the data they see is already encrypted by your passphrase (Layer 1)
  • Apple cannot read your contact data without your passphrase
  • Only you and your devices (with your passphrase) can decrypt your contacts

Note: Metadata like sync timestamps and data structure may be visible to Apple for technical operations. Your data is subject to Apple's Privacy Policy when using iCloud sync.

6. iCloud Contacts Integration

If you enable Apple Contacts sync (premium feature), Good Contact will request permission to access your device's Contacts app. This is a bidirectional sync:

  • Import: New contacts from your Apple Contacts are imported into Good Contact
  • Export: Your Good Contact data (name, company, title, phone, email) is synced back to matching Apple Contacts

This means Good Contact will read AND update your Apple Contacts to keep them in sync. We do not delete contacts from Apple Contacts. Only basic contact information is synced — your encrypted notes, tags, reminders, and other Good Contact-specific data are never written to Apple Contacts.

7. Data Collection and Analytics

Essential Data Collection (Always Collected)

To provide subscription features and customer support, we collect and store the following data in our secure database (Supabase), regardless of your analytics preferences:

  • Your email address
  • Subscription status (free/premium)
  • Purchase and cancellation events
  • Transaction IDs from App Store purchases
  • Platform (iOS/macOS)

This data is collected under GDPR Article 6(1)(b) (performance of contract) and is necessary to:

  • Process payments and refunds
  • Provide customer support
  • Prevent subscription fraud
  • Comply with tax and legal requirements

Optional Analytics and Marketing Data

With your consent, we collect usage data for analytics and marketing purposes:

  • Number of contacts (not the contacts themselves)
  • Number of reminders (not the reminder content)
  • Last app usage timestamp
  • Error logs and crash reports (via Sentry — all personal info is automatically scrubbed)
  • Your name and country (for personalized support and communication)

This data is used to:

  • Improve app features and user experience
  • Identify and fix crashes and bugs
  • Understand product usage patterns
  • Send relevant product updates and tips (via email marketing service)
  • Provide personalized customer support

Marketing Communications

If you opt in, your email address, name, and country may be shared with our email marketing service (e.g., Mailchimp) to send you product updates and tips. You can unsubscribe from marketing emails anytime via the link in each email.

You can opt out anytime in Settings → Privacy. This will NOT affect your subscription or app functionality. Opting out disables Sentry crash reporting and stops marketing communications.

Important: Your actual contact data (names, emails, phone numbers, notes) is NEVER sent to our servers, Sentry, or email marketing services. We never sell your data to third parties.

8. Third-Party Services

Good Contact uses the following third-party services:

Apple StoreKit

For in-app purchases and subscriptions. Payment information is handled entirely by Apple. We do not have access to your payment information.

Supabase

For secure cloud storage of subscription data and optional analytics. Supabase is SOC 2 Type II certified and GDPR compliant. Data is encrypted in transit (TLS) and at rest (AES-256).

Email Marketing Service (e.g., Mailchimp)

For sending product updates, tips, and support communications. We share your email address, name, and country. You can unsubscribe from marketing emails anytime via the link in each email. Your contact data is never shared with email marketing services.

Sentry (Optional — Analytics Opt-In Only)

For crash reporting and error monitoring to help us improve app stability. Only active if you opt into analytics. Sentry automatically scrubs all personal information before sending — we never receive your contact data, names, emails, phone numbers, or passphrases.

For more information:

9. Your Rights (GDPR Compliance)

Under GDPR and other privacy laws, you have the following rights:

  • Access: Request a copy of your data stored in our database
  • Rectification: Correct inaccurate data (update in Settings)
  • Erasure: Delete all your data from our servers (Settings → Privacy → Reset All Data)
  • Portability: Export your contacts in vCard or CSV format
  • Object: Opt out of optional analytics and marketing (Settings → Privacy)
  • Withdraw Consent: Change your analytics and marketing preference anytime

Note: Subscription data (email, purchase history) can only be deleted after your subscription expires or is cancelled, as it's needed for billing and support.

To exercise these rights or for data-related requests, contact us at hello@georgeartemis.com.

10. Children's Privacy

Good Contact is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@georgeartemis.com, and we will take steps to delete such information.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted within the app and on this page, and continued use constitutes acceptance of the updated policy.

How We Notify You:

  • Material changes will be announced via in-app notification
  • The "Last updated" date at the top of this policy will be updated
  • Continued use of Good Contact after changes constitutes acceptance

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Good Contact

Email: hello@georgeartemis.com

We typically respond to privacy inquiries within 48 hours.

Your privacy is our priority. We built Good Contact to be the most private and secure contact manager available.

Questions? Email us at hello@georgeartemis.com