Terms of Service

Plain language summary: Xail is a lightweight email client that adds split-channel security to your existing email accounts. You keep your email accounts. You own your data. We can't read your messages. These terms govern your use of the Service.

1. Agreement to Terms

By installing, accessing, or using Xail (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, do not use the Service. These Terms constitute a legally binding agreement between you and Xail ("we," "us," or "our").

If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms, and "you" refers to that organization.

2. Description of the Service

Xail is a lightweight email client that connects to your existing email accounts (Gmail, Outlook, Yahoo, and other providers) via OAuth 2.0. Xail provides:

A unified inbox for reading, composing, and replying to regular email
Split-channel secure messaging using XorIDA threshold secret sharing, where messages are cryptographically split into shares and sent across multiple independent email providers
A visual security border system indicating the security level of each conversation
On-device AI features including summarization, entity extraction, and natural language search
An invitation-based contact exchange for establishing secure communication channels
AI assistants — Ren (sales) and Kaia (in-app support) — available via text chat and voice, powered by third-party AI services. These assistants help with product questions, onboarding, and account guidance. They do not access your email content.

Important: Xail is not a replacement for Gmail, Outlook, or any other email service. Xail is a client that connects to your existing email accounts. You retain full access to your email through your provider's own interface at all times.

3. Eligibility

You must be at least 13 years old (or the minimum age in your jurisdiction) to use Xail. If you are under 18, you must have your parent's or guardian's consent. By using Xail, you represent that you meet these requirements.

4. Account and Security

4.1 Email Account Connection

Xail requires you to connect at least one email account via OAuth 2.0. You are responsible for maintaining the security of your email accounts. Xail does not store your email passwords — authentication is handled entirely by your email provider.

4.2 Split-Channel Security

Xail's split-channel security depends on you maintaining separate, independent email accounts with different email providers. The security guarantees of Xail's threshold sharing system are based on the assumption that these accounts are not controlled by the same party (other than you). Using multiple accounts at the same provider (e.g., two Gmail accounts) reduces the independence guarantee.

4.3 Your Responsibility

You are responsible for all activity that occurs through your connected email accounts within Xail, keeping your devices and email accounts secure, ensuring your connected email accounts remain active and accessible, and understanding that disconnecting email accounts may affect your ability to reconstruct previously received secure messages.

5. Service Tiers and Pricing

Current status: Xail is in early access. During this period, all features are available at no cost. Paid tiers and pricing will be announced in the future. We will provide at least 30 days' notice before any paid features are activated.

5.1 Security Tiers

Xail's security level depends on the number of independent email addresses you connect:

Tier	Addresses	Security Level
Gray	1	Unsecured — regular email only, no security tier
Blue	2	Secured — 2-of-2 threshold, no single provider can read your messages
Green	3	Secured + fault tolerant — 2-of-3 threshold, messages survive one provider outage

5.2 User Accounts and Cross-Device Sync

Your first connected email address serves as your Xail identity. Your account data — including connected account metadata, settings, contacts, and preferences — is synced across devices so that connecting the same email on a new device restores your profile. Only metadata is synced. Message content, shares, and plaintext are never stored on or transmitted through Xail servers.

5.3 Free Tier Terms

All private.me ACIs (Autonomous Conversational Interfaces) include a free tier:

Free tier limit: 100,000 operations per month per product
Hard cap: 120,000 operations (20% grace buffer to prevent accidental overages)
Monthly reset: Operations counter resets on the 1st of each month (UTC)
One free tier per email per product: Each email address can have one free tier account per ACI product (abuse prevention)
Overage: Once you exceed 100,000 operations, additional usage is billed at $5 per 100,000 operations (Pro tier)

The free tier is designed for evaluation, development, and light production use. If you consistently exceed the free tier, we encourage you to upgrade to Pro tier for better pricing and support.

5.4 Enterprise Agreements

Enterprise usage is governed by a separate Enterprise Agreement that supplements these Terms. Enterprise Agreements may include custom terms for compliance, SLA, data handling, and support. In the event of a conflict between these Terms and an Enterprise Agreement, the Enterprise Agreement controls.

6. Account Terms

6.1 Master Account Architecture

Your first email address connected to private.me serves as your master account identity. All subscriptions, API keys, and billing are linked to this master account. If you use multiple private.me ACIs, they share one unified account and one Stripe billing customer.

6.2 Email Verification

Email verification is required to access API keys and use private.me ACIs. Verification ensures account security and prevents abuse. You will receive a verification email when you first sign up. If you do not receive it, check your spam folder or request a new verification email from your dashboard.

6.3 Account Linking

If you sign up for multiple private.me products using the same email address, they will automatically link to your master account. This provides unified billing and a single dashboard for all your subscriptions.

6.4 Multiple Email Addresses

You may use different email addresses for different private.me products. Each email address is treated as a separate master account with separate subscriptions and billing.

7. Authentication Terms

7.1 Magic Link Authentication

Private.me uses passwordless authentication via magic links. When you sign in, we send a secure one-time link to your email address. Clicking the link logs you into your dashboard. Magic links expire after 15 minutes for security.

7.2 Session Expiry

Dashboard sessions expire after 30 days of inactivity. You will need to request a new magic link to sign back in. This protects your account if you forget to sign out on a shared device.

7.3 Email Account Security

You are responsible for maintaining the security of your email account. Private.me authentication depends on your email provider's security. We strongly recommend:

Enabling two-factor authentication (2FA) on your email account
Using a strong, unique password for your email
Not sharing your email account credentials
Signing out of shared devices

7.4 No Liability for Compromised Email

Private.me is not liable for unauthorized access to your account resulting from a compromised email account. If you believe your email has been compromised, change your email password immediately and contact us at contact@private.me to secure your private.me account.

8. Billing Terms

8.1 Pro Tier Billing

Pro tier billing is usage-based and charged monthly:

Base rate: $5 per 100,000 operations beyond the free tier
Billing cycle: Monthly (billed on the 1st of each month for previous month's usage)
Payment method: Credit card via Stripe (stored securely, never seen by private.me)
No minimum commitment: Pay only for what you use

8.2 Spending Limits (Optional)

You may set optional spending limits to prevent unexpected charges. If you reach your spending limit, your API access will be paused until:

You increase your spending limit, OR
The next monthly reset (1st of the month)

Spending limits are available in your dashboard under Billing settings. We recommend setting a spending limit if you are evaluating the service or have budget constraints.

8.3 No Refunds for Usage-Based Charges

All usage-based charges (Pro tier overages) are non-refundable except as required by applicable law. You are responsible for monitoring your usage and setting spending limits if needed.

9. Account Deletion

9.1 User-Initiated Deletion

You may delete your private.me account at any time via your dashboard. Account deletion triggers a 30-day grace period during which your account is deactivated but recoverable.

9.2 Grace Period (30 Days)

During the 30-day grace period:

Your API keys are immediately revoked
Your account data is marked for deletion but not yet deleted
You can reverse the deletion by signing back in and reactivating your account
No charges are incurred during this period

9.3 Permanent Deletion (After 30 Days)

After 30 days, your account data is permanently anonymized:

All personally identifiable information (email, name, API keys) is deleted
Usage logs are anonymized (IP addresses removed, email replaced with hash)
Billing records are retained for 7 years (legal requirement for audit/tax compliance)
This action cannot be reversed

9.4 Audit and Billing Retention

California law requires businesses to retain billing records for 7 years for audit and tax purposes. After account deletion, we retain only:

Anonymized usage logs (no email, no IP)
Billing transaction records (amount, date, anonymized account ID)

These records cannot be linked back to you and are used solely for legal compliance.

10. Acceptable Use

You agree not to:

Use Xail to send spam, phishing, or unsolicited bulk messages
Attempt to circumvent the split-channel security mechanism for malicious purposes
Reverse-engineer, decompile, or disassemble any part of the Service (except any open-source components, which are provided under their own licenses)
Use the Service to violate any applicable law or regulation
Impersonate another person or entity through the Service
Interfere with or disrupt the Service or servers connected to the Service
Use automated systems to access the Service in a manner that exceeds reasonable use
Use the Service to transmit malware, viruses, or other harmful code
Create multiple accounts to circumvent free tier limits (one free tier per email per product)
Use automated systems to abuse the free tier (e.g., creating hundreds of accounts for free API access)
Share API keys across multiple users or organizations (API keys are single-user/single-organization only)

10.1 Abuse Prevention and Enforcement

To protect the sustainability of the free tier for legitimate users, we enforce technical and policy-based abuse prevention:

Database constraint: Each email address can have only one free tier account per product (enforced via UNIQUE constraint)
Rate limiting: API requests are rate-limited to prevent automated abuse
Monitoring: We monitor for patterns of abuse (e.g., mass account creation, API key sharing)

10.2 Consequences of Violation

If you violate these acceptable use terms, we may:

Suspend your account immediately (with or without notice, depending on severity)
Terminate your account permanently for repeat violations
Revoke API keys associated with abusive activity
Report illegal activity to law enforcement if required

Account suspensions for abuse violations are not eligible for refunds.

11. Intellectual Property

11.1 Xail's Intellectual Property

The Service, including its design, interface, code, and documentation, is owned by Xail and protected by intellectual property laws. The split-channel secure messaging method is the subject of a pending patent application. The Xail name, logo, and brand elements are trademarks of Xail.

11.2 Open-Source Components

Xail's cryptographic library implements the XorIDA threshold sharing algorithm over GF(2). The cryptographic implementation is tested with known-answer test vectors and 100% line coverage. When published, open-source components will be provided under their respective licenses.

11.3 Your Content

You retain all rights to your email content. Xail does not claim ownership of any messages, attachments, or data you create, send, or receive through the Service. Because Xail processes content only on your device, we never have access to your content on our servers.

12. Anti-Competitive Use Restrictions

IMPORTANT — THIS IS NOT A NON-COMPETE CLAUSE

California law (Business and Professions Code § 16600) prohibits employment non-compete agreements. This section does NOT restrict employment. It restricts how business customers may use private.me technology.

Prohibited Use

You may NOT use private.me ACIs to build, train, improve, or operate competing products in any of the following categories:

Managed credential platforms (DID-based identity, verifiable credentials, agent authentication)
Threshold secret sharing libraries (XorIDA, polynomial secret sharing, SSSS, MPC)
Agent-to-agent messaging protocols (bilateral authentication, envelope signing, trust registries)
Payment orchestration ACIs (xchange, xopenbank, payment initiation)
Document processing ACIs (xformat, xparse, xrender)
Email security platforms (split-channel messaging, share reconstruction)
No-code/low-code agent frameworks (equivalent to flowise, autogen, @private.me/sdk)
Ephemeral algorithm execution systems (xGhost pattern, memory-safe IP protection)
Trust registry services (DID verification, scope graphs, policy enforcement)
Full Control IP protection systems (split-algorithm distribution, payment-gated shares)

Permitted Use

You MAY:

Build products that consume ACIs as infrastructure (e.g., SaaS app using xBind for auth)
Integrate ACIs into unrelated products (e.g., CRM using xformat for document export)
Use ACIs internally for operations (e.g., DevOps using @private.me/flowise)

Enterprise Carve-Out

Enterprise customers with written permission may use ACIs for competitive products under custom licensing terms.

California Enforceability Note

This section restricts B2B customer product use, not individual employment. California courts have consistently upheld B2B use restrictions in software licensing agreements.

13. Privacy

Your use of the Service is also governed by our Privacy Policy, which is incorporated into these Terms by reference. The Privacy Policy describes our zero-knowledge architecture and explains how your data is handled.

14. No Guarantee of Delivery

Xail relies on third-party email providers (Gmail, Outlook, Yahoo, etc.) to deliver messages. We do not guarantee message delivery, delivery timing, or delivery order. Delivery depends on the uptime and performance of your email providers, your internet connectivity, and the recipient having an active Xail installation with sufficient shares available for reconstruction.

For secure messages using a 2-of-3 threshold (Green tier), the message can be reconstructed even if one email provider experiences downtime.

Deferred delivery: When you send a secure message to a recipient who does not yet use Xail, one share is delivered to their existing email with an invitation to join. The remaining share is held on your device indefinitely until the recipient joins Xail. There is no expiry on held shares — they remain available for delivery as long as your Xail client retains them.

15. Disclaimer of Warranties and Limitation of Liability

16. Refund Policy

16.1 Pro Tier

All fees for Pro Tier usage are non-refundable except as required by applicable law. Pro Tier overage charges are calculated at the end of each billing cycle based on actual usage. You may terminate your account at any time to stop future charges.

16.2 Enterprise Tier

Pro-rata refunds are available within 30 days of contract start if:

Usage is less than 10% of contracted capacity, AND
No Enterprise-exclusive features have been accessed

After 30 days, all Enterprise Tier fees are non-refundable except as required by applicable law.

17. Price Changes

17.1 Pro Tier Price Changes

We may change Pro Tier pricing (free tier threshold or per-100k interaction rate) with 60 days' written notice. Notice will be delivered via:

Email to the account owner
Dashboard banner notification
Announcement on private.me/changelog

Grandfathering: Current Pro customers retain existing pricing for 6 months after notice. After 6 months, new pricing applies automatically.

Objection: You may terminate your account before the change effective date with no penalty.

17.2 Enterprise Tier Price Changes

Enterprise pricing is locked for the contract term (typically 12 months). Pricing cannot be changed mid-contract unless you request additional capacity or features. New pricing may apply at renewal.

18. Data Retention

18.1 Active Accounts

Data Type	Pro Tier	Enterprise Tier
Account metadata	Indefinite	Indefinite
Usage logs	90 days	7 years
Interaction metadata	90 days	7 years
Vault Store shares	Until termination	Until termination

18.2 Terminated Accounts

Tier	Grace Period	Deletion Timeline
Pro	30 days	All data deleted 90 days post-termination
Enterprise	30 days	Usage logs retained 7 years (compliance), other data deleted

Grace Period: You have 30 days post-termination to export data via the dashboard before deletion begins.

18.3 Data We Never Retain

Regardless of tier, we NEVER retain:

Plaintext message content (Xail ACIs)
Decrypted customer data (any ACI)
Reconstructed secrets (XorIDA algorithm output)

18.4 Enterprise Compliance Retention

Extended retention is available for Enterprise customers (up to 10 years for audit logs, 7 years for compliance copies) per Enterprise Agreement with additional fees. Required for HIPAA, SOC 2, GDPR, and similar regulatory frameworks.

IMPORTANT LEGAL NOTICE — PLEASE READ CAREFULLY

This section limits private.me's liability and disclaims warranties. California law requires these limitations to be conspicuous (visually distinct) and that you affirmatively acknowledge understanding them before accepting this Agreement.

15.1 Disclaimer of Warranties

THE PRIVATE.ME SDK IS PROVIDED "AS IS," WITHOUT WARRANTIES OF ANY KIND, AND PRIVATE.ME EXPRESSLY DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT TO THE PRIVATE.ME SDK AND ALL ACIS, INCLUDING WITHOUT LIMITATION:

Merchantability — private.me does not warrant ACIs are fit for any particular purpose
Fitness for a Particular Purpose — Subscriber assumes all risk of suitability for Subscriber's use case
Non-Infringement — private.me does not warrant ACIs do not infringe third-party IP rights (though private.me indemnifies Enterprise customers per custom agreements)
Accuracy or Reliability — private.me does not warrant ACI outputs are error-free, accurate, or reliable
Availability — private.me does not warrant uninterrupted or error-free operation

Some jurisdictions do not allow disclaimer of implied warranties, so the above may not apply to Subscriber.

15.2 Limitation of Liability

PRIVATE.ME'S TOTAL LIABILITY TO SUBSCRIBER FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT OR SUBSCRIBER'S USE OF ACIS SHALL NOT EXCEED:

Tier	Liability Cap
Pro Tier	The lesser of (a) fees paid in the 1 month immediately preceding the claim, or (b) $100
Enterprise Tier	As specified in Enterprise Agreement (default: 12 months of fees)

IN NO EVENT SHALL PRIVATE.ME BE LIABLE FOR:

Indirect, incidental, special, consequential, or punitive damages
Loss of profits, revenue, data, use, goodwill, or other intangible losses
Damages arising from third-party claims against Subscriber
Damages arising from unauthorized access to or alteration of Subscriber's data

THESE LIMITATIONS APPLY EVEN IF:

private.me has been advised of the possibility of such damages
A remedy fails of its essential purpose
The damages were foreseeable

California Enforceability. This section complies with California Civil Code § 1668 (no exculpation for gross negligence) by NOT disclaiming liability for willful misconduct or gross negligence.

15.3 Conspicuousness Acknowledgment

By accepting this Agreement, Subscriber acknowledges that:

Subscriber has read and understood this section (Disclaimer of Warranties and Limitation of Liability)
Subscriber understands these provisions limit private.me's liability and disclaim warranties
Subscriber had a reasonable opportunity to review this Agreement before accepting

CALIFORNIA CONSUMER NOTICE
If you are a California resident using the free tier for personal, family, or household purposes, certain consumer protection laws may give you additional rights. Contact the California Department of Consumer Affairs at www.dca.ca.gov or 1-800-952-5210 for assistance.

19. Indemnification

You agree to indemnify, defend, and hold harmless Xail and its officers, directors, employees, and agents from any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising from your use of the Service, your violation of these Terms, or your violation of any applicable law or the rights of any third party.

20. Modifications to the Service

We reserve the right to modify, suspend, or discontinue any part of the Service at any time. We will provide reasonable notice for material changes. If we discontinue the Service entirely, we will provide at least 90 days' notice and guidance for exporting your local data.

21. Modifications to These Terms

We may update these Terms from time to time. Material changes will be communicated through in-app notification and by updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance. If you disagree with changes, your remedy is to stop using the Service.

22. Termination

Term

This Agreement commences upon the Effective Date and continues until terminated as set forth herein (the "Term").

Termination For Cause

Either Party may terminate this Agreement in the event that the other Party fails to cure a material breach hereof within seven (7) calendar days of receiving written notice thereof from the non-breaching Party (or immediately if the breach is not capable of being cured).

Termination For Insolvency

If either Party (i) files for bankruptcy; (ii) becomes or is declared insolvent, or is the subject of any bona fide proceedings related to its liquidation, administration, provisional liquidation, insolvency, or the appointment of a receiver or similar officer for it; (iii) passes a resolution for its voluntary liquidation; (iv) has a receiver or manager appointed over all or substantially all of its assets; (v) makes an assignment for the benefit of all or substantially all of its creditors; (vi) enters into an agreement or arrangement for the composition, extension, or readjustment of substantially all of its obligations or any class of such obligations; or (vii) experiences an event analogous to any of the foregoing in any jurisdiction in which any of its assets are situated, then the other Party may terminate this Agreement as of a date specified in a termination notice.

Termination For Convenience

Either Party may terminate this Agreement:

Subscriber: At any time via account dashboard (effective immediately for Pro Tier, 90 days' notice for Enterprise Tier)
private.me: With 90 days' written notice for any reason or no reason

Effect of Termination

Upon termination of this Agreement for any reason, the licenses granted herein shall automatically and immediately terminate, and Subscriber shall promptly (i) uninstall and permanently delete all copies (full and partial) of the private.me SDK (including the Software Components) from any and all computers, systems, and servers in Subscriber's possession or control; (ii) disable and remove the Permitted Functionality from the Authorized Applications; (iii) return to private.me or destroy all private.me Confidential Information, together with all copies, extracts, summaries, and portions thereof, that are in Subscriber's possession or control; and (iv) provide private.me with written certification regarding the foregoing requirements specified in (i) - (iii) hereof.

Data Retention Upon Termination

After termination:

Tier	Grace Period	Data Retention
Pro	30 days	All data deleted 90 days post-termination
Enterprise	30 days	Usage logs retained 7 years (compliance), other data deleted

Grace Period: Subscriber has 30 days to export data via dashboard before deletion begins.

Survival

The rights, obligations, and provisions set forth in the Restrictions, Compliance with Laws, Usage Audit, Commercial Use Boundary, Proprietary Rights, Confidentiality, Effect of Termination, Subscription and Fees, Disclaimer of Warranties, Indemnification, Limitation of Liability, Non-Compete, Governing Law, Dispute Resolution, and General Provisions sections will survive the termination of this Agreement to the maximum extent allowed by law.

23. Third-Party Services

Xail integrates with third-party services through their APIs:

Email providers (Gmail, Outlook, Yahoo): Your email content is accessed directly from your device to these providers. Your use of those providers is governed by their own terms and privacy policies.
AI service providers: Text chat and voice conversations with Ren and Kaia AI assistants are processed by third-party AI providers. Chat messages (not email content) are sent to these providers. Voice audio is streamed directly from your browser to the voice provider via WebRTC. Your use of these features is subject to the respective provider's terms and privacy policies.

Xail is not responsible for the practices, availability, or data handling of third-party services. By using AI assistant features, you acknowledge that your interactions are also subject to the respective provider's terms and policies.

24. Governing Law and Disputes

These Terms are governed by the laws of the State of California, United States, without regard to conflict of law principles. Any disputes arising from these Terms or the Service shall be resolved in the state or federal courts located in Los Angeles County, California. You consent to the personal jurisdiction of these courts.

For Enterprise customers, alternative dispute resolution mechanisms may be specified in the Enterprise Agreement.

25. General Provisions

Entire Agreement: These Terms (together with the Privacy Policy and, if applicable, your Enterprise Agreement) constitute the entire agreement between you and Xail.
Severability: If any provision of these Terms is found unenforceable, the remaining provisions remain in effect.
Waiver: Failure to enforce any provision does not constitute a waiver of that provision.
Assignment: You may not assign these Terms without our consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.
Force Majeure: Xail is not liable for failure to perform due to causes beyond our reasonable control, including natural disasters, war, government actions, or internet outages.

26. Contact

For questions about these Terms, contact us at:

Xail
Email: contact@xail.io
Web: https://xail.io
Los Angeles, California, United States

These Terms of Service were last reviewed on May 18, 2026.