Last updated: July 4, 2026

Privacy Policy

This policy covers all yeil products (mail, dns, team, and anything we ship later). It explains what yeil collects, why, who it goes to, and how to ask us to delete it.

The short version

  • No ads. No tracking. No selling your data. No AI training on your content.
  • We collect what we need to run the services and bill you, nothing else.
  • You can export your account data and delete your account at any time from account settings.

1. What we collect

Account information. Your yeil address, a hashed password (we can't read it), your display name, and any recovery info you give us (recovery email, the salt used to derive your recovery phrase, passkey credentials, TOTP secrets). Active sessions are tracked by an opaque token; you can see and revoke them from your account's Security page.

Your content. The actual stuff you put into yeil:

  • mail. Messages you send, receive, draft, and store, plus attachments, filters, signatures, and vacation responder text.
  • dns. Zones you own and the records on them.
  • team. Team name, domain ownership, member list, group/role assignments, billing arrangement.

Billing information. For paid plans we store a Stripe customer ID and subscription metadata (plan, status, period end). We don't see or store your card details; Stripe does.

Operational logs. We run standard service logs for the apps and infrastructure that help us operate yeil, debug issues, and investigate abuse. We avoid retaining anything we don't need.

2. How we use it

We use what we collect to:

  • deliver the services to you (the obvious one)
  • authenticate you and protect your account
  • charge you for paid plans
  • investigate abuse and respond to security issues
  • communicate with you about the services (transactional email)
  • comply with the law

We do not use your content for advertising, sell it, share it with data brokers, or use it to train AI models, ours or anyone else's.

3. Subprocessors

All yeil apps and storage run on hardware we own in our own datacenter. The only third party that sees any of your personal data is:

  • Stripe for payments. Stores your card and billing address; we never receive those.

A few other third parties handle network-level concerns that don't involve user content: TCP forwarding for the public mail edges, the two authoritative DNS nameservers, and Apple's push service (APNs), which delivers notifications to the yeil iOS app and receives an opaque device token and a ciphertext payload it cannot read. The full list with details is on our subprocessors page. When we add or change one we update that page; for material changes we'll also surface a notice next time you sign in.

4. How long we keep it

We retain different categories of data for different lengths of time:

  • Account data (your address, profile, security settings, recovery info): while your account is active. On account deletion, removed within 30 days, with backups aging out within an additional 60 days.
  • mail content: while your account is active. Messages you move to Trash are automatically purged after 30 days. On account deletion, removed within 30 days, with backups aging out within an additional 60 days.
  • DNS records: while you own the zone. Deleted zones are removed immediately; the dns-server cache may serve the old records for up to the configured TTL.
  • Billing records (invoices, payment history): retained for the period applicable US tax law requires (currently 7 years).
  • Operational logs (delivery, request, authentication): around 30 days, except where a specific investigation requires holding them longer.
  • Abuse signals (records associated with TOS or AUP violations): retained as long as needed to enforce against repeat offenders or comply with the law.

5. Your rights

Some of this you can do yourself; some needs us:

  • View and edit profile, recovery email, passkeys, and two-factor settings from your account settings at account.yeil.app. Mail filters, signature, and vacation reply live in mail settings.
  • Export your account data (addresses, profile, org memberships, security settings) as JSON from account.yeil.app/security/data. Message bodies are encrypted and decrypted only on your devices; a self-serve mail export is something we're building.
  • See everything we hold on you under account.yeil.app/security/data, with a JSON download for portability.
  • Account deletion is self-serve at account.yeil.app/security/delete-account. Cancels subscriptions, deletes personal data, and signs you out. If you'd rather we do it, email legal@yeil.org.

We aim to respond to verifiable requests within 30 days. If we need more time, we'll let you know.

If you're in the EU or UK, GDPR gives you rights of access, rectification, erasure, restriction, portability, and objection, plus the right to lodge a complaint with your local data protection authority. If you're a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or another US state with a comprehensive privacy law, you have similar rights under that law: broadly, you can ask us to show you what we hold, correct it, delete it, or stop processing it for certain purposes. We don't sell personal information.

6. Security

Passwords are hashed with a memory-hard password-hashing function. Sessions ride in httpOnly, same-site cookies. Recovery phrases are derived from user-supplied entropy and never stored; the salt we keep alone isn't enough to recover them.

Transport is TLS everywhere it's available, including inbound and outbound SMTP. Your message bodies, previews, and attachments are encrypted at rest with a per-message authenticated-encryption key, sealed to your mailbox's public key. That mailbox key is wrapped under a master key derived from your password, with a recovery-phrase path for password resets. Decryption happens on your own devices: your browser and the yeil app derive your keys locally when you sign in and unseal messages there. Our servers store only ciphertext and never receive your unwrapped keys, so we cannot read your message bodies.

Message headers (sender, recipient, subject, and dates) are stored in plaintext so we can sort, thread, and search your mail; keep sensitive information out of subject lines. When mail arrives, we process it briefly in plaintext at our edge to run spam and filtering checks before it is encrypted to your mailbox. We don't yet encrypt message headers, and encrypting them (so even metadata is sealed) is on our roadmap.

Breach notification. If we discover a security incident that affects your personal data, we'll notify you (and any required authority) without undue delay. Where applicable law sets a specific deadline (GDPR Article 33, for example, sets 72 hours), we'll meet it. The notice will include what we know about what happened, what data is involved, what we're doing about it, and what you can do to protect yourself.

No system is perfectly secure. If you discover a vulnerability, please email security@yeil.org.

7. Cookies and tracking

We use a small number of cookies for sign-in: a session token that keeps you signed in, and a short-lived cookie that carries state during the two-factor authentication step. Both are httpOnly, same-site, and expire when their purpose is over. We don't use analytics cookies, advertising pixels, or third-party trackers anywhere in the apps. In mail, we strip external tracking pixels from incoming messages by default.

8. Minimum age

You must be at least 18 to use yeil. We don't knowingly collect data from anyone younger. If you believe a minor has signed up, let us know and we'll delete the account.

9. Changes to this policy

We'll update this page when we change practices. The “last updated” date at the top tells you when it last changed. For material changes we'll surface a notice the next time you sign in.

10. Contact

Questions, requests, or complaints? legal@yeil.org.

yeil
2 Main St #1402
Sparta, NJ, USA