1. Introduction
Xail ("we," "us," or "our") provides a lightweight email client with split-channel secure messaging. This Privacy Policy explains how we collect, use, and protect your information when you use the Xail web application, desktop app, or mobile applications (collectively, the "Service").
By using Xail, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
2. Our Zero-Knowledge Architecture
Xail is architecturally designed so that we never have access to the content of your messages:
- All email reading, composing, and message reconstruction happens locally on your device — in the web application, desktop app, or mobile app.
- Secure messages are split into cryptographic shares using XorIDA threshold secret sharing and sent across your independent email providers (e.g., Gmail, Outlook, Yahoo). No single share reveals any message content.
- All cryptographic operations — share splitting, reconstruction, HMAC verification — happen entirely on your device.
- Our backend server handles only OAuth token exchange (described below). It never sees, processes, or stores email content.
3. Information We Collect
3.1 Account Information
When you connect an email account via OAuth, we receive your email address and display name from your email provider. This information is stored locally on your device and used to identify your connected accounts within the Xail interface.
3.2 OAuth Tokens (Transient Server Processing)
Our backend server participates in the OAuth 2.0 token exchange process. During this exchange, the server temporarily receives an authorization code, exchanges it with your email provider (Google, Microsoft, or Yahoo) for access and refresh tokens, and returns those tokens to your device. The server does not persist or store tokens after the exchange completes. Tokens are stored encrypted on your device using AES-256-GCM via the Web Crypto API.
3.3 Email Content (Never Collected by Xail)
Xail accesses your email through your email provider's API (e.g., Gmail API) to:
- Display messages in the Xail inbox
- Read incoming share fragments for secure message reconstruction
- Send regular email and encrypted share fragments
- Create and manage a "Xail Shares" label to organize share fragments out of your primary inbox
All email API calls go directly from your device to your email provider's servers. Our servers never proxy, intercept, or store email content.
3.4 Local Metadata Index
Xail maintains an encrypted local database on your device containing message summaries and keywords (for search functionality), extracted entities (names, dates, amounts), contact information and security tier configurations, and delivery status information. This data is encrypted with AES-256-GCM and never leaves your device.
3.5 On-Device AI Processing
Xail's core AI features — summarization, entity extraction, natural language search, and intelligent threading — run entirely on your device using platform-native capabilities:
- iOS: Apple Foundation Models API (built into iOS, on-device only)
- Android: Gemini Nano (built into supported devices, on-device only)
- Browser/Desktop: Regex-based extraction and optional local WebLLM inference
No email message content is ever sent to any cloud AI service, Xail server, or third party for on-device AI processing.
3.6 AI Assistant Interactions (Ren and Kaia)
Xail provides two optional AI assistants — Ren (sales assistant on public pages) and Kaia (in-app support assistant). These assistants support both text chat and voice conversations. Unlike on-device AI (Section 3.5), assistant interactions involve third-party AI services:
3.6.1 Text Chat
When you type a message to Ren or Kaia, your message is sent to our server, which forwards it to Anthropic's Claude API for generating a response. Our server does not store conversation history — messages are held only in your browser's memory for the duration of the chat session.
3.6.2 Voice Conversations
When you enable voice mode, your browser establishes a direct WebRTC peer connection to OpenAI's Realtime API. During a voice session:
- Microphone audio is streamed directly from your browser to OpenAI for speech recognition and response generation. Audio does not pass through Xail's servers.
- An ephemeral session token is created through our server (which holds the API key) and provided to your browser. The token expires within 60 seconds.
- OpenAI's voice response audio is streamed back directly to your browser via WebRTC.
3.6.3 Account Context Shared with AI Assistants
To provide personalized guidance, Kaia's in-app assistant receives limited, non-identifying account metadata:
- Number of connected accounts (e.g., "2")
- Email provider names (e.g., "Gmail, Outlook") — not your email addresses
- Your security tier (e.g., "Blue")
- The current page you are viewing (e.g., "inbox" or "settings")
This context allows Kaia to give specific advice (e.g., "Add a third account to reach Green tier") rather than generic responses. No email addresses, message content, OAuth tokens, or contact information is ever shared with AI assistants.
3.6.4 AI Data Retention
Xail does not store AI assistant conversation history on its servers. Conversations exist only in your browser memory and are cleared when you close the chat or navigate away. For data retention by our AI providers, please refer to Anthropic's Privacy Policy and OpenAI's Privacy Policy.
3.7 Aggregate Usage Metrics
Xail collects anonymized, aggregate metrics to improve the Service. These include total messages sent per day, active user counts, and feature usage statistics. These metrics are aggregated across all users and contain no personal identifiers — we cannot tie any metric to a specific user or email.
We do not perform per-user per-email tracking. We do not record individual send timestamps, per-message locations, or behavioral sequences. We do not use third-party analytics services, advertising SDKs, or tracking pixels.
3.8 Country-Level Location
At signup and login, Xail derives your country-level location from your IP address. This is captured once per session — not per email or per action. No GPS, city-level, or precise geolocation data is collected. Country data is used solely for aggregate market analysis and is not tied to individual message activity.
4. How We Use Your Information
| Information | Purpose | Stored Where |
|---|---|---|
| Email address | Account identification in UI | Your device only |
| OAuth tokens | Authorize email API access | Your device (AES-256-GCM encrypted) |
| Email content | Display inbox, send/receive messages | Your email provider + device memory (not persisted) |
| Local metadata | Search, threading, summaries | Your device (AES-256-GCM encrypted) |
| AI outputs | Summaries, entities, search index | Your device (AES-256-GCM encrypted) |
| AI assistant conversations | Text/voice support, personalized guidance | Browser memory only (not persisted); processed by Anthropic (text) and OpenAI (voice) |
| Account context for AI | Personalized assistant responses | Sent per-session to AI providers; not stored by Xail |
| Aggregate metrics | Service improvement, capacity planning | Our servers (anonymized, no personal identifiers) |
| Country (at signup/login) | Aggregate market analysis | Our servers (not tied to individual activity) |
5. Information We Do NOT Collect
For clarity, Xail does not collect or have access to:
- Email message bodies, subjects, or attachments on our servers
- Browsing history or activity outside Xail
- Precise location or GPS data (only country-level at signup/login — see Section 3.8)
- Device advertising identifiers
- Phone contact lists
- Biometric data
- Keystroke or input data
6. Data Sharing and Disclosure
Xail does not sell, rent, trade, or share your personal information with any third party. We do not monetize user data in any form. The only external data transmissions that occur are:
- OAuth token exchange: Your device communicates with our backend server to exchange OAuth authorization codes for tokens (Section 3.2).
- Email provider APIs: Your device communicates directly with Gmail, Outlook, and/or Yahoo APIs to read and send email.
- AI assistant text chat: When you use Ren or Kaia's text chat, your messages are processed by Anthropic (Claude API) via our server. No email content is included — only your chat messages and limited account context (Section 3.6).
- AI assistant voice: When you use voice mode, your microphone audio is streamed directly to OpenAI (Realtime API via WebRTC). Xail's server provides only an ephemeral session token — audio does not pass through our infrastructure.
We may disclose information if required by law, regulation, legal process, or governmental request. We will attempt to notify you before such disclosure unless prohibited by law.
7. Enterprise Tier
Organizations using Xail's Enterprise tier may deploy a Corporate Xail Server that provides compliance features including eDiscovery, data loss prevention (DLP), key escrow, delegation, and audit logging. In the Enterprise context:
- Compliance copies of messages are encrypted and stored on the organization's own infrastructure — never on Xail's servers.
- The organization's designated compliance officer controls the compliance encryption keys.
- Xail (the company) cannot read or decrypt enterprise compliance copies.
- Enterprise data handling is governed by the organization's own policies and your employment agreement.
When sending a secure message to a recipient whose account is managed by an Enterprise organization, the sender is notified before sending that the message may be subject to the recipient organization's compliance policies.
8. Data Retention
- Email messages reside in your own email accounts (Gmail, Outlook, Yahoo). Xail does not maintain a separate server-side copy.
- Local metadata index persists on your device until you clear it from Settings or uninstall Xail.
- OAuth tokens are stored encrypted on your device until you disconnect an account or they are revoked.
- Reconstructed secure messages are held in device memory only during viewing and are discarded when you navigate away. They are never written to disk in plaintext.
9. Your Rights and Choices
You have full control over your data at all times:
- Disconnect accounts: Remove any connected email account from Settings. This revokes Xail's OAuth access and deletes stored tokens.
- Clear local data: Delete the encrypted metadata index, contact database, and security log from Settings.
- Uninstall: Removing the Xail extension or app deletes all local data including encrypted IndexedDB stores.
- Revoke access at the provider: You can revoke Xail's access directly from your email provider's security settings (e.g., Google Account → Security → Third-party apps with account access).
- Export: Your emails remain in your email provider accounts. There is no Xail-specific data export needed since we don't hold your data.
If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. Because Xail's architecture means we do not hold your personal data on our servers, most data subject rights are fulfilled automatically by our zero-knowledge design. Contact us at contact@xail.io for any data rights requests.
10. Security Measures
Xail protects your data through architectural design and the following measures:
- All local storage encrypted with AES-256-GCM via the Web Crypto API
- OAuth 2.0 with PKCE (Proof Key for Code Exchange) for all provider authentication
- HMAC-SHA256 integrity verification on every message share before reconstruction
- No plaintext message content ever transmitted to any Xail server
- Content Security Policy headers preventing script injection
- Cryptographic library based on peer-reviewed academic algorithm for independent verification
- Encrypted security event logging for audit purposes (stored locally)
11. Google API Services User Data Policy
Xail's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Xail uses access to Google user data solely to provide and improve the email client features described in this policy.
- Xail does not transfer Google user data to third parties except as necessary to provide the Service, as required by law, or with explicit user consent.
- Xail does not use Google user data for serving advertisements.
- Xail does not allow humans to read Google user data unless: (a) the user has given explicit consent for support purposes, (b) it is necessary for security investigation, or (c) it is required by applicable law.
12. Children's Privacy
Xail is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child under 13 has provided us with personal information, please contact us at contact@xail.io and we will take steps to delete it.
13. International Considerations
Because Xail processes data locally on your device, your data generally does not cross international borders through our infrastructure. The OAuth token exchange (Section 3.2) is processed by servers located in the United States. Your email provider may process your data in accordance with their own privacy policies and applicable data transfer mechanisms.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at this URL and revising the "Last Updated" date. For significant changes, we will provide notification within the Xail application. Your continued use of Xail after changes are posted constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Xail
Email: contact@xail.io
Web: https://xail.io
Los Angeles, California, United States
This privacy policy was last reviewed on March 2, 2026.