Your contacts list is the most concentrated piece of social intelligence you carry. Almost nobody encrypts it. We compare Google, iCloud, Proton, Tuta, Nextcloud, EteSync, and SilentSuite on what the server can actually read.
SilentSuite is an open-source, end-to-end encrypted contacts sync, built on the same Etebase protocol as our calendar and tasks. Names, numbers, addresses, and birthdays are encrypted on your device before they reach our server. Hosted from €3/mo, AGPL-3.0 self-hostable, EU infrastructure, CardDAV available through our standalone bridge.
Most people don't think of their contacts list as sensitive data. It's “just names and phone numbers.” That framing is a mistake we want to spend the next few minutes unpicking, alongside an honest look at what the major contacts services actually do with your data.
Why your contacts list is a graph of your life
Your address book is the most concentrated piece of social intelligence you carry around. It's not just names. For each person it usually has: phone numbers, email addresses, home address, sometimes a photo, sometimes a birthday, often the company they work for, often a relationship label (“Mom,” “Therapist,” “Lawyer”), and a date when you first added them.
Aggregate that across a few hundred entries and you have a portrait of someone's life that's harder to assemble from any other single dataset. Who they trust enough to label as family. Who their doctor is. Whether they have a divorce lawyer. The clinics they visit. The names of every ex-colleague they didn't cut ties with. The phone number patterns of every country they've lived in.
This is why contact-list access is the most-requested permission in every advertising SDK. It's why nation-state intelligence agencies have prioritized phone-book metadata for two decades. It is, functionally, a map of who you are.
And almost nobody encrypts it.
Google Contacts
Google Contacts is the default for anyone with an Android phone or Gmail account. It is not end-to-end encrypted. Google can read every contact on your list and uses that data for service features like smart compose, automatic relationship inference, and ad targeting on the rest of Google's surface.
Google Contacts also pulls metadata about who you communicate with, when, and how often. It is one of the most data-rich services Google runs, and it sits in plaintext on infrastructure designed for machine-readable processing.
iCloud Contacts
iCloud Contacts is closer to encrypted, but with caveats. By default, Apple holds the encryption keys to your contacts. With Advanced Data Protection for iCloud enabled, contacts become end-to-end encrypted with keys you control.
Advanced Data Protection is opt-in, off by default, requires you to set up a recovery contact or printed recovery key, and is not available in some jurisdictions. It also doesn't apply if you sync contacts to non-Apple clients via the limited iCloud CardDAV endpoint, because Apple has to decrypt to serve those clients.
Proton Contacts
Proton encrypts contact data, but only the so-called “sensitive” fields (notes, birthdays, custom fields). Names, email addresses, and phone numbers, the fields most people would consider the actual identity of a contact, are stored unencrypted so that Proton Mail can autocomplete recipients, route messages, and search.
This is a reasonable engineering trade-off, but it's worth being honest that Proton Contacts is partial encryption, not full E2EE. Proton can see who is in your address book. They just can't see the notes you wrote about them.
Tuta Contacts
Tuta encrypts more contact fields than Proton, including names. Their encryption applies inside Tuta's own apps. There's no CardDAV, no third-party sync, no integration with the contacts app on your phone or laptop. If you live in Tuta's ecosystem this is fine. If you don't, the data is functionally trapped.
Nextcloud Contacts
Nextcloud is the most popular self-hosted CardDAV server. It works with every standard contacts app: macOS, iOS, Android (via DAVx5), Thunderbird, Outlook. The catch: contacts are stored in plaintext in the Nextcloud database.
If you self-host on a box only you can access, that's a perfectly defensible privacy posture. Nobody else has the keys to your house, so nobody else gets to read your address book. If you use a hosted Nextcloud provider, your contacts are sitting in plaintext on someone else's server, which is a different threat model entirely.
EteSync
EteSync was, until recently, the only mainstream service offering true end-to-end encrypted contacts that worked across platforms. The Etebase protocol encrypts the entire vCard payload before it leaves your device. The server stores ciphertext only.
It still does, technically. But the apps and server haven't seen meaningful updates in some time. We covered the situation in more detail in our post on why we picked the project up as SilentSuite.
SilentSuite Contacts
SilentSuite encrypts the entire vCard, not just the “sensitive fields.” Names, numbers, addresses, photos, custom fields, the relationships you draw between people, all of it ciphertext on our server. We don't need to read your address book to deliver the sync, so we don't.
Because we share the Etebase protocol with EteSync, contact lists migrate from EteSync to SilentSuite without rebuilding from scratch. And because we ship a standalone CalDAV/CardDAV bridge, your encrypted contacts also appear in the system contacts app on macOS, iOS (via Apple Contacts), Thunderbird, and any DAV-compatible client.
Comparison table
Here's how the major contacts services compare on encryption, openness, and integration. As always, if we've gotten something wrong, tell us.
| | | | | | | |
|---|---|---|---|---|---|---|---|
| E2EE all fields | No | Partial | Partial | Yes | No | Yes | Yes |
| Names readable to server | Yes | Partial | Yes | No | Yes | No | No |
| CardDAV support | No | Partial | No | No | Yes | Via bridge | Yes* |
| Cross-platform | Yes | Limited | Limited | Limited | Yes | Yes | Yes |
| Open source | No | No | Partial | Yes | Yes | Yes | Yes |
| Self-hostable | No | No | No | No | Yes | Yes | Yes |
| Status | Active | Active | Active | Active | Active | Abandoned | Active |
| Price | Free | Bundled with iCloud | Free / from €4/mo | Free / from €3/mo | Self-host cost | Was €2/mo | From €3/mo |
“Partial” for iCloud means E2EE only with Advanced Data Protection enabled. “Partial” for Proton means encryption applied to notes/custom fields but not to names/numbers.
* SilentSuite contacts sync over Etebase natively. CardDAV for third-party clients (Apple Contacts, Thunderbird, DAVx5) goes through our standalone bridge.
Why is CardDAV hard to encrypt end-to-end?
CardDAV was designed in the early 2000s by Apple and the IETF as a standard way to read and write vCards over HTTP. It assumes the server can parse, search, and merge contact entries. To do those things, the server needs the data in plaintext. End-to-end encryption is fundamentally incompatible with that design, which is why Nextcloud (and every other vanilla CardDAV server) stores contacts unencrypted.
The way around this is to do the sync at a different layer. The Etebase protocol that SilentSuite and EteSync use treats each collection as opaque encrypted blobs. The server doesn't parse vCards. It just stores and serves ciphertext. CardDAV compatibility is provided by a local bridge running on the client, which decrypts the blobs and exposes a CardDAV endpoint that standard contacts apps can talk to.
It's a more complex architecture, but it's the only one that gives you both real E2EE and compatibility with the system contacts app on macOS, iOS, and Thunderbird.
How do I migrate from Google Contacts?
- Export from Google. Go to contacts.google.com, select the contacts you want to take, and export as vCard (
.vcf). - Sign up for SilentSuite at app.silentsuite.io/signup.
- Import the .vcf file from the SilentSuite web client. The file is decrypted client-side and re-encrypted under your SilentSuite key before the server sees it.
- Connect your devices. On Android, install the SilentSuite app. On Apple devices and Thunderbird, install the standalone bridge and connect with your account.
- Remove Google Contacts as the source of truth on your phone (Android: Settings → Accounts → Google → uncheck Contacts sync).
FAQ
Is Google Contacts end-to-end encrypted?
No. Google holds the keys and processes contacts in plaintext.
Is iCloud Contacts end-to-end encrypted?
Only with Advanced Data Protection enabled, which is opt-in and unavailable in some regions.
Is Proton Contacts end-to-end encrypted?
Partially. Proton encrypts notes and custom fields. Names, email addresses, and phone numbers are stored unencrypted so Proton Mail can use them.
Can I use SilentSuite contacts in Apple Contacts or Thunderbird?
Yes, through our standalone CardDAV bridge. The bridge decrypts locally and exposes your contacts to standard apps.
Does SilentSuite support vCard import and export?
Yes. Standard .vcf files in and out, no lock-in. Useful for migrating in from Google or out to wherever you want to go next.
Your address book deserves the same level of protection as your messages. It usually doesn't get it. Sign up for SilentSuite if you want contacts your provider literally cannot read.
Interested in private sync?
SilentSuite is available now. Sign up and start syncing your calendar, contacts, and tasks with end-to-end encryption.
Get Started