Contastic was designed to share contact data without sharing it with us.
When you run Contastic on the public staging server, here is exactly what is stored.
• Your email address (used only for login)
• Your public encryption key
• Public contact fields you explicitly mark public
• Subscription relationships (who follows whom)
• Encrypted private data blobs (unreadable without your private key)
• Plaintext private contact data
• Your private encryption key
• Your password (only a securely hashed password — we never see the plaintext)
• Location data, usage analytics, or behavioral tracking
Data sharing is always opt-in and subscriber-specific.
Each data field is individually tagged public or private. Public fields are visible to any logged-in user who finds you via search.
Nobody gets access to your private data without your explicit approval. Pending requests appear in your inbox.
When approving a subscription, you select exactly which private fields to share with that person. Different subscribers can see different fields.
Remove a subscriber to delete the encrypted share from the server. Their copy (decrypted on their device) is their own copy — you cannot reach into their device, but you can stop sharing updates.
You can delete your account and all associated data at any time.
Account deletion removes every record the server holds for you — contact data, subscriptions, encrypted key backup, and your login credentials — and immediately invalidates all active sessions on every device. See the account deletion page for step-by-step instructions and the self-service deletion form.