Does using the AI integration mean my data goes to OpenAI / Anthropic?

Only if you choose to use one of those tools as your agent. The MCP server is the bridge - the data goes wherever you point the bridge. We never proxy through a model ourselves, and we don't have a hidden "AI features" layer that sends data anywhere.

Can the AI write back to my contacts?

Yes, with the same write tokens you'd use yourself. We recommend keeping write actions reviewed-by-human for the first month - agents are excellent at drafting and only mediocre at deciding. Long term it's your call.

Do you train models on my data?

No. We don't have an internal model and we don't ship telemetry to a third-party model provider for training. The privacy notice is the binding version of this answer.

Contact Book

Topics

AI agents as relationship copilots: useful, careful, ours

What an LLM can usefully do with a personal CRM, what it shouldn't, and how Contact Book makes both sides safe by default.

Agents

Privacy

Finn GlasCo-Founder + Engineering

·April 25, 2026·

2 min read

What agents are good at, with a personal CRM

An LLM with read access to your contact log is genuinely useful for narrow tasks. Find me everyone overdue I haven't talked to in three months. Draft a message for Sara's birthday tomorrow. Group the people I met at the conference last November. These are queries you could answer manually - the agent just makes them ten seconds long.

Contact Book ships an MCP server (Model Context Protocol) that exposes the data-model side of the product to any compatible client - Claude Desktop, ChatGPT-with-MCP, your own scripts. The MCP surface is intentionally narrow: read + write rows, no auth or billing tools. We treat that boundary as load-bearing.

Try it with Claude Desktop

We ship an MCP server you can wire into Claude Desktop in five lines of config. The setup walkthrough is in /docs.

What agents are bad at, with a personal CRM

Three things to be wary of. First, autonomous outreach. An agent sending messages on your behalf sounds great until the first awkward draft lands in someone's inbox at 2am. Keep the human in the loop on send. Second, summarising relationships. Asking an LLM to "summarise my friendship with X" produces fluent prose that's also subtly wrong, and you won't notice until you greet someone with a fact you fabricated. Third, learning patterns across users. We don't train on your data, period.

How we keep the boundary safe

The agent surface uses the same auth + access gates as the regular API. There's no special "agent" token that bypasses anything. Rate limits, audit logs, soft-delete, and the WebSocket fan-out invariants all hold. If your agent does something destructive, it shows up in the audit log just like any other action you took.

If you stop using the agent, you revoke the personal access token. The data is unchanged. We don't keep agent traces, we don't profile your behaviour, we don't create a model fingerprint of you. The agent is a tool that uses the API; it doesn't get a separate identity.

FAQ

Frequently asked

Share this article

Try Contact Book

Free plan, no credit card. We host in Germany. You can export and delete everything self-serve.

Written by

Finn Glas

Co-Founder + Engineering

Finn is one of the Co-Founders. He owns the engineering side, the infrastructure, and most of the late-night fixes that ship before anyone notices.

finn.glas at aicuflow dot comLinkedIn Website