Security & Privacy

This is a summary of the most important information about security and privacy in regards to Contact Cache. We also have Privacy Policy and Terms of Service where you can find information about legal protection of your data.

Contact Cache is private

Contact Cache is designed to be a private tool without any data sharing or social features between users. It is a safe space just for you.

Your data are encrypted

All the data that you enter into the application after login are encrypted on the client (on your device) and shared with the server or stored locally only in an encrypted form. The data are encrypted with a key derived from your password.

Data are stored locally in the browser in IndexedDB storage or in a file in the case of a desktop application to optimize data downloads and for offline support. All this data are stored only in encrypted form.

For encryption we use AES-GCM with 256 bit key.

To derive your encryption key from the password we use PBKDF2 algorithm with 100000 iterations and SHA-256 as the hash function.

This encryption strategy was chosen as a strong enough strategy for now and we will re-evaluate it whenever necessary to keep your data safe.

Should you be concern about the strength of the encryption or require something else, get in touch at support@contactcache.com.

Password hashing

We also use your password for authentication with the server, but we never send your password over the network. Your password is hashed with a random salt before and this hash is then used as your password for the server.

Nobody tracks your activity in the application

In the application itself, we don’t use any third party marketing or behaviour trackers. This is the only way to guarantee that nobody is reading your data that you chose to encrypt with us. This applies also to login and signup pages which means that your password or email cannot be stolen by a third party marketing tool.

We only store date and time metadata that we need for the functionality of the application. We store dates and times of items being created or updated and we also store the date and time of your signup and last login. We can also see how many items such as notes or contacts you have created, but we cannot read the content.

We don’t store or associate your IP address with the account or its usage.

Two factor authentication

Contact Cache currently doesn’t support two-factor authentication. Please let us know if you are interested in this feature.

How can I make sure that I am properly protected?

Always check that you are logging in on the correct address https://app.contactcache.com, watch out for any spelling mistakes.

Use a strong password. The password is a key to your data. The stronger it is the better. If you suspect that you have been a victim of a phishing attact, change your password immediately.

You should not run any browser or browser extension which you don’t trust. We recommend you to use Mozilla Firefox without any additional extensions or plugins and keeping it up to date by upgrading to new versions.

You should protect your device from access by third parties and not run any software that you don’t trust on your computer, tablet or phone.

For maximum security, properly log out from the application after each use and don’t run Contact Cache on public or someone else’s computers or other devices.

If you feel that you might be a target of a cyber-security attack, please hire a security consultant to help you protect yourself. Contact Cache cannot protect you automatically against every possible attack.