Privacy Policy

Effective: April 28, 2026

This Privacy Policy describes how etell.app (“Service”), operated by Alon Tsang as an independent project, collects, uses, and shares information when you use the Service. It supplements our Terms of Use.

1. Information We Collect

You provide

• Account data: your work email address (and any referral code) submitted at signup. Optional: display name.
• Persona data: identity fields you accept or edit during onboarding (name, age, generation, gender, style notes, shopping habits, focus areas).
• Brand selections: the email programs you choose to subscribe a persona inbox to.
• Chat messages: the prompts you send to your personas and the assistant’s replies.

Generated for you

• Persona inbox: a unique email address at etell.app provisioned when a persona is created.
• Audits: AI-generated reviews of brand emails (and eventually site experiences) that arrive at the persona inbox, including raw email content, parsed text, screenshots, embeddings, and review markdown.

Collected automatically

• Session cookies for authentication (HTTP-only, SameSite=Lax).
• Page views & sign-in events recorded server-side for product analytics (timestamp, route, user id; no third-party tracking pixels).
• Standard request logs from our hosting provider (IP address, user-agent, status codes) for short-term operational purposes.

Inbound brand mail

When a persona inbox is enrolled in a brand’s email program, emails sent by that brand to the persona inbox are received, parsed, archived in encrypted storage, and used to generate audits. We do not solicit personal communication to persona inboxes; if you receive such mail it is treated as inbound brand content for review.

2. How We Use Information

• To operate the Service: authenticate you, render the dashboard, generate audits, run chat.
• To send transactional email (magic-link sign-in, tier change notices).
• To improve the Service: aggregate usage analytics, debug, and prioritize features.
• To enforce our Terms of Use and protect against abuse or fraud.
• To meet legal obligations.

We do not sell your personal information. We do not use your account data, chat content, or audit content to train third-party AI models.

3. Sub-processors

We rely on the following third-party providers to operate the Service. Each receives only what they need:

• Vercel — application hosting and serverless functions.
• Neon — managed Postgres database (account data, personas, audits, chat threads).
• Cloudflare — DNS, Email Routing for persona inboxes, and R2 object storage for raw email archives and screenshots.
• Resend — delivery of transactional email (magic-link sign-in, plan notices).
• AgentMail — per-persona inbox provisioning where used (legacy and admin paths).
• Anthropic — AI model inference for onboarding research and audit generation.
• Self-hosted local LLM — persona chat runs against a model on hardware operated by us, not a third-party API.

Sub-processors handle data subject to their own privacy policies and the protections of our agreements with them.

4. Data Retention

• Account & persona data: retained while your account is active. Deleted within 30 days of account closure (subject to backup expiry, typically up to 35 additional days).
• Audits and persona “brain”: retained for the lifetime of the persona to ground future chat and benchmarking. Deleted with the persona.
• Raw email archives in R2: retained 12 months, then automatically expired.
• Server logs: retained 30 days.
• Analytics events (page views, sign-ins): retained 24 months.

5. Cookies

We use a single first-party cookie to keep you signed in (__Secure-authjs.session-token in production; authjs.session-token in development). It is HTTP-only, Secure (in production), SameSite=Lax, and expires after 30 days. We do not use third-party tracking cookies, advertising cookies, or analytics scripts loaded from third-party domains.

6. Your Rights

Depending on where you live, you may have the right to access, correct, port, or delete personal information we hold about you, and to restrict or object to certain processing. To exercise these rights, email alon@etell.app from the address associated with your account. We will respond within 30 days. We will not discriminate against you for exercising any of these rights.

EU/UK (GDPR)

Our legal bases for processing are: contractual necessity (to provide the Service to you), legitimate interests (operating, securing, and improving the Service), and consent (where required, e.g. optional marketing). You may lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

California residents may request disclosure of categories and specific pieces of personal information collected, request deletion, and opt out of any sale or sharing of personal information. We do not sell personal information.

7. International Transfers

Our sub-processors operate primarily in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses or equivalent mechanisms where required for cross-border transfers.

8. Security

We use encryption in transit (HTTPS/TLS) and at rest for stored records. Production secrets are scoped per environment. Access to the database is restricted by role. No system is perfectly secure; we encourage you to choose a strong, unique sign-in method and to notify us promptly of suspected unauthorized access.

9. Children

The Service is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. The current version is the one posted at this URL with an updated effective date. Material changes will be communicated to active users by email. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

11. Contact

Questions or privacy requests: alon@etell.app.

This Privacy Policy is a working draft and has not been reviewed by counsel. It will be updated before any commercial launch.