Proton Contacts

6 mins
Contacts encryption

For usability reasons, Proton Contacts encrypts different contact fields in different ways. In this article, we look at: 

What is encrypted in your contacts

Display name and email address

Your contacts’ display names and email addresses are encrypted at rest but are not secured using zero-access encryption(new window). This means that we can access this information.

We need access to this information for some of our advanced features to work. These features include auto-complete in the composer, spam filtering and whitelists, filters, search, and conversation/threaded view.

Other details

In addition to the display name and email address(es), you can store other personal information for each contact in the contact’s detail fields. This includes the contact’s phone number(s), address(es), organization, birthday, and notes.

This information is stored using zero-access encryption, so Proton cannot access it. Fields secured by zero-access encryption show a padlock icon

Why encryption is important

Contact information, in particular, can be very sensitive. Any details saved inside a contact’s detail fields (with the padlock icon) are encrypted so that no one — not even Proton Mail — can access this data, modify it, or share it with third parties.

How digital signatures verify your contacts

All contact data, including the display name and email address(es), is digitally signed(new window) with a special private key linked to your account. This private key is only used to sign your contacts and allows you to verify that your contacts have not been tampered with or edited while they were in transit between your device and Proton Mail’s servers. This means that we cannot secretly tamper with any of your contact data. 

Verified contacts

Since Proton Mail(new window) version 3.12, all contacts are automatically digitally signed. Older contacts that existed before this time may not be. If in doubt, we recommend creating a new contact and transferring the old details over to it (exporting a contact and then re-importing it will achieve the same effect).

If the digital signature verification for a portion of your contact’s data fails, you will see the following warning:

Warning that verification of contact details' signature has failed

You now have two options:

1. Restore your encrypted data(new window) using your Proton Mail password or a recovery method. This is the preferred option since all your contact information will be retained.

2. Click the Re-sign button to the right of the warning message. But if you do this, all data in the detail fields will be lost. Only the display name and email address(es) will be retained.

How to search within encrypted contacts

At the top of the Contact page there is a search bar that allows users to search contacts. This search will only return results for information stored within the display name and email address fields, as the other fields are encrypted and inaccessible to Proton. 

If you are looking for a specific piece of information within a contact’s detail fields, we recommend searching for the contact’s name and then clicking on that contact to see the encrypted details.

How to import contacts

You can import contacts into Proton Mail by uploading a vCard (VSF) or CSV file. Please see our support article on adding and importing contacts(new window) for more details. 

How to export contacts

You can export all your contacts, or you can export individual contacts.

To export all your contacts:

1. Log in to your account at window) and click Contacts at the top right and choose the Settings tab.

2 Click the Export contacts button.

Export contacts button

Your contacts will then be decrypted in the browser. Once this is done, you can Save them to your default download folder as a VSF file. 

Modal showing exporting contacts

To export individual contacts:

1. Log in to your account at window) and click Contacts at the top right and click on the contact you wish to export.

2. Click the Export icon at the top right of the contacts details. The contact will be saved to your default download folder as a VCF file.

How to merge duplicate contacts

At this time, Proton Mail does not support duplicate detection, although duplicates are easy to find since contacts are automatically sorted by Display name in alphabetical order.

Once duplicate contacts have been identified, you can merge them. Simply select all the contacts you would like to merge and click the Merge button above the Contacts list. 

Button and link to merge contacts

For more details, see how to merge duplicate contacts.

What to do if you are unable to decrypt your contact details

The private key is encrypted using your password. If you reset your password, you will also change your private key. This will irreversibly prevent you from using your password to decrypt your contacts, so please remember: 

Changing your password will result in your contacts being permanently encrypted with no way to decrypt them.

We therefore recommend periodically exporting your contacts so you have a backup if you ever lose your password. This backup file can then be imported again, as described in adding and importing contacts(new window).

Didn’t find what you were looking for?

Contact support