diff --git a/apps/OpenSignServer/cloud/parsefunction/getTenant.js b/apps/OpenSignServer/cloud/parsefunction/getTenant.js
index e0f33d473..4b0e328a4 100644
--- a/apps/OpenSignServer/cloud/parsefunction/getTenant.js
+++ b/apps/OpenSignServer/cloud/parsefunction/getTenant.js
@@ -8,16 +8,16 @@ async function getTenantByUserId(userId, contactId) {
       contactquery.equalTo('objectId', contactId);
       const contactuser = await contactquery.first({ useMasterKey: true });
       if (contactuser) {
-        const user = contactuser?.get('CreatedBy')?.id || userId;
-        const tenantCreditsQuery = new Parse.Query('partners_Tenant');
-        tenantCreditsQuery.equalTo('UserId', {
-          __type: 'Pointer',
-          className: '_User',
-          objectId: user,
-        });
-        tenantCreditsQuery.exclude('FileAdapters,PfxFile,ContactNumber');
-        const res = await tenantCreditsQuery.first({ useMasterKey: true });
-        return res;
+        const tenantId = contactuser?.get('TenantId')?.id;
+        if (tenantId) {
+          const tenantCreditsQuery = new Parse.Query('partners_Tenant');
+          tenantCreditsQuery.equalTo('objectId', tenantId);
+          tenantCreditsQuery.exclude('FileAdapters,PfxFile,ContactNumber');
+          const res = await tenantCreditsQuery.first({ useMasterKey: true });
+          return res;
+        } else {
+          return {};
+        }
       } else {
         return {};
       }
diff --git a/apps/OpenSignServer/cloud/parsefunction/isUserInContactBook.js b/apps/OpenSignServer/cloud/parsefunction/isUserInContactBook.js
index f9bcfe849..87d6fe723 100644
--- a/apps/OpenSignServer/cloud/parsefunction/isUserInContactBook.js
+++ b/apps/OpenSignServer/cloud/parsefunction/isUserInContactBook.js
@@ -37,7 +37,7 @@ export default async function isUserInContactBook(request) {
       query.equalTo('CreatedBy', userPtr);
       query.notEqualTo('IsDeleted', true);
       query.equalTo('Email', email);
-      const res = await query.first();
+      const res = await query.first({ sessionToken: request.user.getSessionToken() });
       return res;
     }
   } catch (err) {
diff --git a/apps/OpenSignServer/cloud/parsefunction/savecontact.js b/apps/OpenSignServer/cloud/parsefunction/savecontact.js
index 6cf16b5b2..0c9a13903 100644
--- a/apps/OpenSignServer/cloud/parsefunction/savecontact.js
+++ b/apps/OpenSignServer/cloud/parsefunction/savecontact.js
@@ -15,7 +15,7 @@ export default async function savecontact(request) {
     query.equalTo('CreatedBy', currentUserPtr);
     query.notEqualTo('IsDeleted', true);
     query.equalTo('Email', email);
-    const res = await query.first();
+    const res = await query.first({ sessionToken: request.user.getSessionToken() });
     if (!res) {
       const contactQuery = new Parse.Object('contracts_Contactbook');
       contactQuery.set('Name', name);
@@ -24,7 +24,7 @@ export default async function savecontact(request) {
       }
       contactQuery.set('Email', email);
       contactQuery.set('UserRole', 'contracts_Guest');
-
+      contactQuery.set('IsDeleted', false);
       if (tenantId) {
         contactQuery.set('TenantId', {
           __type: 'Pointer',
@@ -49,8 +49,8 @@ export default async function savecontact(request) {
           contactQuery.set('CreatedBy', currentUserPtr);
           contactQuery.set('UserId', user);
           const acl = new Parse.ACL();
-          acl.setPublicReadAccess(true);
-          acl.setPublicWriteAccess(true);
+          acl.setReadAccess(user.id, true);
+          acl.setWriteAccess(user.id, true);
           acl.setReadAccess(currentUser.id, true);
           acl.setWriteAccess(currentUser.id, true);
           contactQuery.setACL(acl);
@@ -71,8 +71,8 @@ export default async function savecontact(request) {
             objectId: userRes.id,
           });
           const acl = new Parse.ACL();
-          acl.setPublicReadAccess(true);
-          acl.setPublicWriteAccess(true);
+          acl.setReadAccess(userRes.id, true);
+          acl.setWriteAccess(userRes.id, true);
           acl.setReadAccess(currentUser.id, true);
           acl.setWriteAccess(currentUser.id, true);
           contactQuery.setACL(acl);
@@ -105,7 +105,7 @@ export default async function savecontact(request) {
       query.equalTo('CreatedBy', currentUserPtr);
       query.notEqualTo('IsDeleted', true);
       query.equalTo('Email', email);
-      const res = await query.first();
+      const res = await query.first({ useMasterKey: true });
       if (!res) {
         const contactQuery = new Parse.Object('contracts_Contactbook');
         contactQuery.set('Name', name);
@@ -114,7 +114,7 @@ export default async function savecontact(request) {
         }
         contactQuery.set('Email', email);
         contactQuery.set('UserRole', 'contracts_Guest');
-
+        contactQuery.set('IsDeleted', false);
         if (tenantId) {
           contactQuery.set('TenantId', {
             __type: 'Pointer',
@@ -138,8 +138,8 @@ export default async function savecontact(request) {
             contactQuery.set('CreatedBy', currentUserPtr);
             contactQuery.set('UserId', user);
             const acl = new Parse.ACL();
-            acl.setPublicReadAccess(true);
-            acl.setPublicWriteAccess(true);
+            acl.setReadAccess(user.id, true);
+            acl.setWriteAccess(user.id, true);
             acl.setReadAccess(currentUser.id, true);
             acl.setWriteAccess(currentUser.id, true);
             contactQuery.setACL(acl);
@@ -160,8 +160,8 @@ export default async function savecontact(request) {
               objectId: userRes.id,
             });
             const acl = new Parse.ACL();
-            acl.setPublicReadAccess(true);
-            acl.setPublicWriteAccess(true);
+            acl.setReadAccess(userRes.id, true);
+            acl.setWriteAccess(userRes.id, true);
             acl.setReadAccess(currentUser.id, true);
             acl.setWriteAccess(currentUser.id, true);
             contactQuery.setACL(acl);