Privacy Policy — Enterprise Contacts

This privacy policy describes how Enterprise Contacts ("the app", "we") handles data when you use the iOS application.

Contact data

Enterprise Contacts reads contact information (names, email addresses, phone numbers, photos) from your organisation's Microsoft 365 tenant via the Microsoft Graph API. This data is:

Stored locally on your device, encrypted using iOS Data Protection
Never transmitted to any server operated by us
Never shared with third parties
Only accessible to the iOS Contacts app via Apple's ContactProvider framework

The contact data you sync remains entirely within your device and your organisation's Microsoft 365 environment.

Anonymous usage data

With your consent, the app collects anonymous usage data to help improve reliability and diagnose issues. You are asked during onboarding whether you wish to share this data, and you can change your choice at any time in Settings → Privacy → Share anonymous usage data.

The following events may be collected:

Event	Data collected
App launch	App version, build number, iOS version, demo mode on/off
Sign-in failure	Numeric error code only (no account details)
Sync started / completed / failed	Database type, sync duration, total contact count, error code on failure
Database added / removed	Database type, whether added manually or automatically
ContactProvider signalled	Success or failure indicator
Onboarding completed	Demo mode on/off
Background sync completed	Total databases synced, number of successful syncs
Sync schedule changed	Selected interval, selected days (for weekly), hour and minute
Sync all pressed	Number of databases queued

No personal data is ever collected. No names, email addresses, phone numbers, contact photos, or any content from your contacts or Microsoft 365 account is included in usage data. No data is linked to your identity.

Each installation is identified by a randomly generated ID that is not linked to your Apple ID, Microsoft account, or any personal information. This ID is used only to count unique installations for aggregate statistics.

Usage data is sent to Microsoft Azure Application Insights, hosted in Sweden (EU). Data is processed in accordance with Microsoft's data processing terms.

Authentication

The app uses Microsoft Authentication Library (MSAL) to authenticate with your organisation's Microsoft 365 tenant. Authentication tokens are stored in the iOS Keychain and are only used to make requests to the Microsoft Graph API on your behalf. We do not have access to your credentials or authentication tokens.

Data retention

Contact data is stored locally on your device and is removed when you sign out via My Profile → sign out, or when you uninstall the app. Anonymous usage data retained in Azure Application Insights is automatically purged after 90 days.

Third-party services

Microsoft Graph API — used to read contact data from your organisation's Microsoft 365 tenant. Subject to your organisation's Microsoft 365 terms.
Microsoft MSAL — used for authentication. No data is shared with Microsoft beyond what is required for authentication.
Microsoft Azure Application Insights — used to collect anonymous usage data (only if opted in). Microsoft Privacy Statement.

Your rights

You can opt out of anonymous usage data collection at any time in Settings → Privacy → Share anonymous usage data. You can remove all locally stored contact data at any time by signing out via My Profile → sign out, or by deleting the app.

Contact

If you have questions about this privacy policy, please contact us at privacy@enterprisecontacts.eu.