Privacy Policy

Last updated: February 27, 2026

Good Contact is operated by George Artemis Pty Ltd (ABN 55 692 993 132), based in Australia.

Table of Contents

1. Information We Collect

Good Contact stores contact information locally on your device, including:

  • Contact names, companies, and job titles
  • Phone numbers and email addresses
  • Dates of birth and family members (spouse, children)
  • Notes and activity logs
  • Reminders and engagement plans
  • Tags and relationship types

2. How We Use Your Information

Your information is used solely to provide the functionality of Good Contact:

  • Storing and organizing your contacts
  • Creating and managing reminders
  • Tracking interaction history
  • Generating engagement plans
  • Syncing data across your devices (if enabled)

3. Data Storage and Security

Local Storage (All Users)

All your contact data is stored locally on your device. Your passphrase is used to derive a master encryption key via PBKDF2 with 600,000 iterations. This master key encrypts your sensitive data using AES-256-GCM. Only you can decrypt the encrypted data.

Your master key is encrypted with your passphrase and stored in your device’s Keychain. It may also sync across your devices via iCloud Keychain (if enabled). A double-encrypted backup of your key is also stored on our servers (Supabase) — we cannot decrypt this backup without your passphrase. If you forget your passphrase and do not have access to iCloud Keychain, your encrypted data cannot be recovered.

Encrypted with AES-256-GCM (only you can access):

  • Notes and activity notes
  • Phone numbers and email addresses
  • Dates of birth (contact and spouse)
  • Spouse name and anniversary date
  • Reminder notes
  • Social media links (LinkedIn, X, Instagram)
  • Children’s names

Stored unencrypted (to enable search and sorting):

  • First name and last name
  • Company and job title
  • Relationship type and contact priority
  • Tags
  • Contact status (active/inactive)
  • Reminder dates, types, and recurrence settings
  • Activity types and dates
  • Timestamps (created, updated, completed)

Unencrypted fields are still protected by your device’s built-in storage encryption and your device passcode.

iCloud Sync (Premium Feature)

If you enable iCloud sync, your data is synced using Apple’s CloudKit service. The fields listed as encrypted above are encrypted on your device with your passphrase-derived master key before syncing — Apple cannot decrypt them. The fields listed as unencrypted above are synced without passphrase encryption but are protected by CloudKit’s own encryption (TLS in transit, AES-256 at rest). Your passphrase never syncs to iCloud.

Where Your Data Is Stored

Your personal information may be stored and processed in the following locations:

  • On your device: All contact data is stored locally on your iPhone, iPad, or Mac.
  • Australia and the United States: Account data (email, subscription status) is stored in our Supabase database, which may use servers in Australia and the United States.
  • United States: If you opt into analytics, crash reports are processed by Sentry (US-based). Your email, name, and country may be processed by our email marketing service (US-based).
  • Apple iCloud servers: If you enable iCloud sync, your data is stored on Apple’s CloudKit servers, which may be located in various countries. Passphrase-encrypted fields remain encrypted on Apple’s servers.

By using Good Contact, you consent to the transfer of your information to these locations. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy and the Australian Privacy Act 1988.

4. Data Sharing

We do not sell, rent, or trade your personal information. Your contact data (names, emails, phone numbers, notes) remains private and is never transmitted to third parties.

However, we do share limited account information with trusted service providers to operate our business:

  • Email Marketing Service (e.g., Mailchimp): Your email address, name, and country may be shared to send you product updates, tips, and support communications. You can unsubscribe from marketing emails anytime.
  • Apple iCloud: Your encrypted contact data syncs via CloudKit if you enable iCloud sync (Premium feature).

We never share your actual contact data with any third party. Only your account information (email, name) is shared for the purposes described above.

5. iCloud Sync (Premium Feature)

How CloudKit Sync Works

If you enable iCloud sync, your contact data is synced across your Apple devices using Apple’s CloudKit service. CloudKit is Apple’s cloud storage platform that syncs data to your iCloud account.

Encryption Model

Your contacts are protected by two layers of encryption when using CloudKit sync:

Layer 1: Your Passphrase Encryption (App-Level)

  • The encrypted fields listed in Section 3 (notes, phone numbers, email addresses, dates of birth, spouse details, children’s names, social media links, activity notes, and reminder notes) are encrypted with your passphrase-derived master key using AES-256-GCM before syncing
  • Your passphrase NEVER syncs to iCloud or Supabase
  • Apple cannot decrypt this layer — only you can with your passphrase

Layer 2: CloudKit Encryption (Transport & Storage)

  • In Transit: Synced data is sent via TLS to Apple’s servers
  • At Rest: Synced data is stored with AES-256 on Apple’s servers
  • Apple holds these CloudKit encryption keys

What This Means

  • Apple can access the CloudKit encryption layer
  • For passphrase-encrypted fields, the data Apple sees is already encrypted — they cannot read it without your passphrase
  • The unencrypted fields listed in Section 3 (names, company, job title, tags, relationship type, priority, status, reminder/activity dates and types, timestamps) are protected only by CloudKit’s encryption, meaning Apple could technically access them
  • Only you and your devices (with your passphrase) can access your encrypted data

Note: Metadata like sync timestamps and data structure may be visible to Apple for technical operations. Your data is subject to Apple’s Privacy Policy when using iCloud sync.

6. Device Integrations

Apple Contacts

Good Contact can access your device’s Contacts app in two ways:

  • One-off Import: You can import your Apple Contacts into Good Contact as a one-time action. This reads your Apple Contacts and creates corresponding entries in Good Contact. No ongoing sync occurs.
  • Bidirectional Sync (Premium Feature): If you enable Apple Contacts sync, Good Contact will continuously sync with your device’s Contacts app. New contacts from Apple Contacts are imported into Good Contact, and your Good Contact data (name, company, title, phone, email) is synced back to matching Apple Contacts.

For both methods, Good Contact does not delete contacts from Apple Contacts. Only basic contact information is synced — your encrypted notes, tags, reminders, and other Good Contact-specific data are never written to Apple Contacts.

Apple Calendar

If you enable calendar sync, Good Contact will request permission to access your device’s Calendar app. Meeting, coffee, and meal reminders created in Good Contact can be synced to your Apple Calendar as events. Good Contact does not read or modify any existing calendar events — it only creates and updates events that it has created.

7. Data Collection and Analytics

Essential Data Collection (Always Collected)

To provide core app functionality, we collect and process the following data in our secure database (Supabase), regardless of your analytics preferences:

  • Your name, email address, and country
  • Company and industry
  • Subscription status (free/premium)
  • Purchase and cancellation events
  • Transaction IDs from App Store purchases
  • Platform (iOS/macOS)
  • App settings (biometric unlock, calendar sync, contacts sync, iCloud sync preferences)
  • Contact metrics: total contacts, active contacts, inactive contacts, and contacts at risk of lapsing
  • An encrypted backup of your encryption key (encrypted with your passphrase — we cannot decrypt it)

This data is collected and processed because it is necessary to:

  • Create and manage your account
  • Verify and track your subscription status
  • Manage free tier contact limits and personalise upgrade prompts
  • Sync your settings across devices
  • Provide customer support
  • Send product updates and communications
  • Detect and prevent subscription fraud

Optional Analytics and Marketing Data

With your consent, we collect the following usage data for analytics purposes:

  • Number of reminders (not the reminder content)
  • Last app usage timestamp
  • Error logs and crash reports (via Sentry — all personal info is automatically scrubbed)

This data is used to:

  • Improve app features and user experience
  • Identify and fix crashes and bugs
  • Understand product usage patterns

You can opt out of analytics anytime in Settings → Privacy. This will NOT affect your subscription or app functionality. Opting out disables Sentry crash reporting and resets your usage data.

Marketing Communications

Your email address and name are shared with our email marketing service (e.g., Mailchimp) to send you product updates and tips. You can unsubscribe from marketing emails anytime via the link in each email. Marketing communications are separate from the analytics opt-in above.

Important: Your actual contact data (names, emails, phone numbers, notes) is NEVER sent to our servers, Sentry, or email marketing services. We never sell your data to third parties.

8. Third-Party Services

Good Contact uses the following third-party services:

Apple StoreKit

For in-app purchases and subscriptions. Payment information is handled entirely by Apple. We do not have access to your payment information.

Supabase

For secure cloud storage of subscription data and optional analytics. Supabase is SOC 2 Type II certified and GDPR compliant. Data is encrypted in transit (TLS) and at rest (AES-256).

Email Marketing Service (e.g., Mailchimp)

For sending product updates, tips, and support communications. We share your email address, name, and country. You can unsubscribe from marketing emails anytime via the link in each email. Your contact data is never shared with email marketing services.

Sentry (Optional — Analytics Opt-In Only)

For crash reporting and error monitoring to help us improve app stability. Only active if you opt into analytics. Sentry automatically scrubs all personal information before sending — we never receive your contact data, names, emails, phone numbers, or passphrases. Sentry collects: crash reports, error messages (sanitized), app version, platform, and subscription tier.

For more information:

9. Your Rights

Australian Privacy Act 1988

Under the Australian Privacy Principles (APPs), you have the right to:

  • Access: Request access to the personal information we hold about you (APP 12). Contact us at hello@georgeartemis.com to request a copy of your data.
  • Correction: Request correction of inaccurate, out-of-date, or incomplete personal information (APP 13). You can update your profile in Settings, or contact us for data held on our servers.
  • Complaint: If you believe we have breached the APPs, you may lodge a complaint with us at hello@georgeartemis.com. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

GDPR (European Users)

Under the GDPR, you additionally have the right to:

  • Erasure: Delete all your data from our servers, including your account, profile, and subscription history (Settings → Delete Account)
  • Portability: Export your contacts in vCard or CSV format
  • Object: Opt out of optional analytics (Settings → Privacy)
  • Withdraw Consent: Change your analytics preference anytime in Settings → Privacy. To stop marketing communications, unsubscribe via the link in any marketing email.

10. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will take reasonable steps to notify affected individuals. Where applicable, we may also notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme. For EU users, we will endeavour to notify the relevant supervisory authority within 72 hours in line with GDPR best practice.

11. Children’s Privacy

Good Contact is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14. If you believe a child under 14 has provided us with personal information, please contact us at hello@georgeartemis.com so we can delete it.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted within the app and on this page, and continued use constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to make a complaint, or want to exercise your privacy rights, please contact us:

George Artemis Pty Ltd

ABN 55 692 993 132

Email: hello@georgeartemis.com

Website: goodcontact.io

Your privacy is our priority. We built Good Contact to be the most private and secure contact manager available.

Questions? Email us at hello@georgeartemis.com