Encrypted address book
Browse contacts with online / recent / all filters. View full profiles (avatar, bio, status). Each contact’s profile data is encrypted to your key — only you can read it.
Use case
Contacts fits naturally into this flow.
People and groups
Browse contacts with online / recent / all filters. View full profiles (avatar, bio, status). Each contact’s profile data is encrypted to your key — only you can read it.
Contacts fits naturally into this flow.
Create named groups and address them as one in uChat and uMail. Group membership updates propagate encrypted across every member.
Contacts fits naturally into this flow.
Generate invite links for new people. Each link is single-use and expires. Invites do not leak the inviter’s address book to the invitee.
Contacts fits naturally into this flow.
Every UltimaOS app shares the same post-quantum cryptographic stack, so the security properties below apply uniformly. App-specific considerations are noted where they apply.
All authentication and key exchange uses NIST-standardized ML-DSA-65 (FIPS 204) signatures and ML-KEM-768 (FIPS 203) key encapsulation. There is zero RSA, zero elliptic-curve, zero classical-only crypto in the authentication path. Defeats store-now-decrypt-later attacks.
Every payload is encrypted in your browser using XChaCha20-Poly1305 (RFC 8439) with a 192-bit nonce and a Poly1305 authentication tag. The plaintext exists only in your tab's memory. When you close the tab, the plaintext is gone.
The UltimaOS server only ever stores ciphertext and public keys. We cannot read your data — by design, not by promise. There is no encryption backdoor, no master key, no key escrow.
Your private key is derived from your passphrase using Argon2id with high parameters. New devices derive the same key locally and can decrypt your entire history. The passphrase is never sent to the server — it is verified by an ML-DSA-65 signature on a server-issued challenge.
UltimaOS runs in any modern browser — Chrome, Firefox, Safari, Edge. Nothing to install. Sign in with your passphrase-derived key, or restore from a 3-of-5 social recovery if you are on a new device.
Every action — sending a message, uploading a file, creating a task, scheduling an event — is encrypted with XChaCha20-Poly1305 and authenticated with an ML-DSA-65 signature before any byte crosses the network boundary.
The UltimaOS server keeps an opaque blob per account and per conversation. When you open Contacts, the encrypted blobs are streamed to your device, decrypted locally, and rendered. The server never sees plaintext.
Any change you make is encrypted and uploaded; every other device you are signed in on pulls the new ciphertext and decrypts it. Live multi-device sync, with the cryptography guarantee that only your devices can read it.
Start chats with one click from a contact's profile. Presence status syncs across both apps.
Compose to a contact without typing the address. Mail benefits from Contacts' type-ahead everywhere.
Share free/busy, propose-meeting or full-manage scopes with specific contacts. Calendar respects the scope.
Contacts are encrypted to your private key. Only you can read them. Recovery via Account covers Contacts too.
UltimaOS runs in Chrome, Firefox, Safari and Edge. Nothing to install. Sign in with your passphrase to derive your private key locally.
The launcher shows every app. Contacts is right there with its capsule video preview. Click to open.
Contacts works alone, but it shines when combined with the rest of the UltimaOS apps. Same private key, same encryption, one workspace.
Yes. All content in Contacts is encrypted in your browser using XChaCha20-Poly1305 with a fresh key per item. The UltimaOS server only ever stores ciphertext and public keys — it cannot decrypt your data, no matter who asks.
Contacts uses the same post-quantum stack as every other UltimaOS app: ML-DSA-65 (FIPS 204) for authentication, ML-KEM-768 (FIPS 203) for key encapsulation, XChaCha20-Poly1305 (RFC 8439) for symmetric encryption, HKDF-SHA256 for key derivation, and Argon2id for passphrase hashing.
Yes. Sign in on any device with your passphrase and the same private key is derived locally. All your Contacts content is then decrypted from the encrypted blobs the server returns. Changes sync live across all signed-in devices.
Yes. UltimaOS is built and operated in the European Union by an EU company. The architecture is GDPR-compliant by design — encrypted data, EU-only infrastructure, no US CLOUD Act exposure, no advertising, no third-party trackers. See the GDPR page for the full breakdown.
During early access, UltimaOS is free for individuals and organizations. After early access, pricing will be per-seat with accessible family tiers and per-organization plans for businesses. There is no per-app add-on.
Yes. UltimaOS supports encrypted export of all your content for backup and portability. The export is encrypted to a key you control; you can store it on your own infrastructure or in a personal encrypted backup.
Yes. Contacts can be imported from a vCard file or from another address book. Each imported contact is encrypted before being added to your Personal Storage layer.