The service works within ProtonMail's email system, and includes both zero access encryption (which means that even ProtonMail won't know what's stored on their servers) and digital signature verification (which makes sure no one else has tampered with your data). You can encrypt specific fields of your contact data, including phone numbers and note fields. Email addresses are not protected this way, says the company, so that it can filter your emails and know where to deliver your message. ProtonMail notes the many benefits of this sort of protection. "For example, if you are a journalist with a confidential source," writes the company in a blog post, "it is very important to protect the phone number or address of that source."

How does it work, though? The company says that it creates a new private and public key pair for each email account; it's used only for contact encryption. The private key is made on the client side and uses a derivative of your own password so that ProtonMail won't have access. Contact fields that are encrypted use your contacts public key and can only be decrypted by your private key. The digital signature is verified with your private key, too, which ensures your privacy above and beyond ProtonMail itself.