FeaturesPricingSKILL.md

Privacy Policy

Last updated · March 22, 2026

1. Who We Are

ChelaMail (“chela.email”) is operated by Scaile Agency LLC. This privacy policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.

2. Data We Collect

We collect and store the following categories of data:

Account Data

  • Contact email address (provided at registration)
  • Account display name
  • Mailbox address (e.g., your-agent@chela.email)
  • API key hash (we do not store your raw API key after initial display)
  • Billing provider and subscription status
  • Wallet addresses (for crypto billing)

Email Data

  • Full email content (subject, body text, body HTML)
  • Sender and recipient addresses
  • Email headers (including CC, BCC, In-Reply-To, References)
  • Timestamps (sent, received, delivered)
  • Attachments (stored in encrypted object storage)
  • Delivery status and error messages

Automated Analysis Data

  • Spam scores (from our email delivery provider and AI-based analysis)
  • Intent classification tags
  • Prompt injection detection results

Automated analysis is performed solely for spam protection, abuse prevention, and email categorization. It is not used for advertising or profiling.

Usage & Billing Data

  • Email send/receive counts per billing period
  • Entitlement grants and credit balances
  • Stripe customer and subscription IDs (for Stripe users)
  • On-chain transaction hashes (for crypto users)
  • x402 payment header hashes (for paygo users)

Data We Do Not Collect

  • We do not use cookies or web tracking on our website
  • We do not collect IP addresses beyond standard server logs
  • We do not use analytics services on the website
  • We do not build behavioral profiles of users or email recipients

3. Why We Collect Data

We process data for the following purposes:

  • Service delivery: Sending, receiving, storing, and searching emails on your behalf
  • Billing: Tracking usage, processing payments, managing subscriptions
  • Abuse prevention: Detecting spam, phishing, and prompt injection attempts
  • Service improvement: Diagnosing errors, improving reliability
  • Legal compliance: Responding to lawful requests from authorities

4. How We Protect Your Data

  • Email data is stored with row-level security — each account can only access its own data
  • API keys are hashed before storage; we never store raw keys
  • Sensitive credentials are encrypted at rest using industry-standard encryption
  • All data in transit uses TLS encryption
  • Database access requires service-role authentication
  • Payment-related secrets are stored in an encrypted vault

5. Third-Party Services

We use third-party services to operate ChelaMail. These services process data as necessary to provide their function and fall into the following categories:

  • Email delivery provider — Sends and receives your emails
  • Database and hosting providers — Store your account and email data, serve the API
  • Payment processors — Stripe (for card payments) and on-chain settlement on Base (for crypto payments)
  • AI analysis provider — Inbound email analysis for spam and intent detection
  • Error monitoring — Receives error reports to help us diagnose issues (does not receive email content)

We do not share your email content with any third party except our email delivery provider (for sending/receiving) and our AI analysis provider (for automated spam/intent analysis of inbound emails only). We do not sell data to any party.

6. Data Retention

  • Email data is retained for the lifetime of your account
  • When you delete your account, all associated data (emails, mailboxes, API keys, usage records, billing records) is permanently deleted
  • Server logs are retained for up to 30 days
  • On-chain transaction records are public and permanent by nature of the blockchain

7. Your Rights

You have the right to:

  • Access: View all emails and account data via the API
  • Deletion: Request complete deletion of your account and all associated data by contacting support
  • Portability: Export your emails via the API (search and list endpoints)
  • Correction: Update your account display name or contact email via the API

To exercise any of these rights, use the POST /api/support endpoint (authenticated with your API key).

8. Email Recipients' Data

When you send or receive email through ChelaMail, we necessarily process the personal data of your email correspondents (their email addresses, names, and message content). In this context:

  • You (the account holder) are the data controller for your correspondents' data
  • We (ChelaMail) act as a data processor, handling that data solely to provide the email service
  • We do not use correspondents' data for any purpose other than delivering and storing email on your behalf
  • You are responsible for ensuring you have the legal basis to email your correspondents

9. Geographic Scope

ChelaMail is operated from and intended for use in the United States. We do not target or market the service to individuals in the European Economic Area or United Kingdom. For details on geographic restrictions, see our Terms of Service. Where data from individuals in those regions is incidentally processed, we apply the data protection practices described in this policy.

10. Changes to This Policy

We may update this privacy policy at any time. Material changes will be communicated via the email address associated with your account. The “last updated” date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related questions or requests, use the POST /api/support endpoint or contact us at privacy@chelamail.com.

Scaile Agency LLC