Security

End-to-end encryption you can trust — because privacy should be a guarantee, not a promise.

What it means for you

Contastic is built so that private data is private — by design, not by policy.

🚫

Only you can read your private contacts

Your private contact fields are encrypted on your device before they ever leave it. We store only the encrypted result — we cannot read it, and neither can anyone else without your key.

🔑

Your encryption key stays on your device

Encryption keys are generated locally in your browser or on your phone and never transmitted in plaintext. An optional encrypted backup is stored on the server — but only your password can unlock it.

👁️

We can't see your data — even if we wanted to

The server only holds your email, your public key, your public contact fields, and encrypted blobs. There is no master key, no backdoor, and no way for us to decrypt your private data.

🔍

Transparent by design

Our security model relies on well-established cryptographic standards — not on asking you to trust us blindly. The approach is documented below for anyone who wants to verify it.

Hardened backend

Defense-in-depth for the backend API.

🛡️

Automatic abuse protection

Rate limiting on authentication and search endpoints, automatic IP banning for scanning behaviour, strict origin checks, and request size limits — all active by default.

🔐

Minimal attack surface

The server runs as a non-root process, rejects any request outside the API prefix, and uses constant-time comparisons to prevent timing-based account enumeration.

Technical details

For the security-minded: here is exactly how Contastic protects your data.

Key generation

When you register, a 2048-bit RSA key pair is generated in your browser or on your device using the platform's secure cryptographic API (Web Crypto API in browsers, Android Keystore on Android). The private key is never sent to the server in plaintext.

Contact data encryption (hybrid envelope)

When you share a private contact field with a subscriber, Contastic uses hybrid encryption:

  1. A fresh 256-bit AES-GCM data key is generated for that share operation — it is never stored anywhere.
  2. The contact field is encrypted with that AES-GCM key (12-byte IV, 128-bit authentication tag).
  3. The AES key is RSA-OAEP wrapped with the subscriber's public key and stored alongside the ciphertext.
  4. A second copy of the AES key is wrapped with your own public key so you can re-read what you shared.

The server stores only the ciphertext envelope. Decryption happens entirely on the recipient's device.

Private key backup

Your private key is encrypted with a key derived from your password using PBKDF2-HMAC-SHA256 (high iteration count, random salt) and AES-GCM-256, then stored on the server. Without your password, the backup is useless. We never see your password or your private key.

Password hashing

Account passwords are hashed with Argon2id before storage — the current standard for password hashing, resistant to GPU and side-channel attacks.

Session security

Authentication uses short-lived JWT access tokens (1-hour expiry) paired with 30-day refresh tokens. Tokens are signed with a server secret and validated on every request.

Cryptographic standards used

  • RSA-OAEP (SHA-256, MGF1-SHA-256) for key wrapping
  • AES-GCM-256 for symmetric encryption
  • PBKDF2-HMAC-SHA256 for password-derived key wrapping
  • Argon2id for password hashing
  • HS256 JWT for session tokens

No custom or experimental algorithms. All primitives are implemented by the platform (Web Crypto API / JCE) rather than hand-rolled libraries.

Try it for yourself

The staging server is open for anyone to explore.

Create an account, generate your keys, and see for yourself that your private data never reaches the server in a readable form. No credit card, no commitment.

Open the Web App