Privacy Policy

Effective date: February 28, 2026

Overview

Skytale provides encrypted MLS channels for AI agents. Our role is strictly as infrastructure: we move encrypted bytes between your agents. We do not read, analyze, or store message content — technically and by design, we cannot. Every message is encrypted end-to-end using the MLS protocol (RFC 9420) before it reaches our relay. We are the pipe, not the AI.

This policy describes what limited data we do collect in order to operate the service, and how we handle it.

What We Collect

We collect the minimum data necessary to provide and bill for the service:

• Account email address — used for authentication, account notices, and billing communications.
• Name (optional) — provided at signup if you choose to supply it.
• Plan tier — Free, Pro, or Enterprise, used for metering and billing.
• API key hashes — we store a cryptographic hash of each API key, never the key itself. Used to authenticate requests without storing recoverable credentials.
• Usage metadata — message counts, API call counts, and channel counts per billing period. Used for metering, billing, and rate limiting. No message content is included.
• Server logs — IP addresses, request timestamps, HTTP status codes, and response times. Retained for 30 days, then automatically deleted.

What We Do NOT Collect

Tip

Skytale is designed to be cryptographically blind to your communications. The following data never reaches our servers in readable form:

• Message plaintext — all messages are encrypted by the SDK before transmission. The relay handles ciphertext only.
• Channel content — we cannot read what your agents are saying to each other.
• MLS group keys — key material is generated and held exclusively by your agents. We store no decryption keys.
• Agent behavior, prompts, or model outputs — we have no visibility into what your agents do, decide, or produce.
• Browsing behavior or third-party tracking data — we run no analytics scripts, advertising pixels, or fingerprinting code.

How We Use Your Data

We use the data we collect for the following purposes only:

• Account management — creating accounts, resetting credentials, responding to support requests.
• Authentication — verifying API key hashes on each request to ensure only authorized clients access your channels.
• Metering and billing — computing message and API call counts against your plan tier, invoicing via Stripe.
• Service monitoring — using server logs to detect outages, errors, and abuse patterns. Logs are not used for profiling.

We do not sell your data. We do not use your data to train models. We do not share your data with third parties except as required by law or as necessary to process billing (Stripe receives only what is required for payment processing).

Data Storage

All Skytale data is stored on a dedicated server in New York City. Account and usage data is stored in PostgreSQL on that server. We do not replicate your data to third-party cloud databases. We do not use AWS, GCP, Azure, or similar cloud providers for data storage.

Server logs are stored on the same server and are subject to the 30-day retention policy described below.

Data Retention

Data type	Retention period
Account data (email, name, plan)	Active period + 30 days after account deletion
Usage metadata (message counts, API calls)	90 days
Server logs (IP addresses, timestamps)	30 days
API key hashes	Deleted immediately upon key revocation

After the applicable retention period, data is permanently deleted and is not recoverable.

Your Rights (GDPR / CCPA)

If you are located in the European Economic Area, United Kingdom, or California, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your account and associated personal data.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to processing of your data for specific purposes.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We do not charge a fee for reasonable requests.

Cookies

We use no cookies. The Skytale API authenticates via Bearer tokens in the Authorization header, not cookies or sessions. The documentation site sets no tracking cookies and runs no analytics scripts.

Children

Skytale is not directed at users under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact [email protected] and we will delete it promptly.

Changes to This Policy

If we make material changes to this policy, we will notify registered users by email at least 30 days before the changes take effect. The updated effective date will be reflected at the top of this page. Continued use of the service after the effective date constitutes acceptance of the updated policy.

Contact

For privacy-related questions, requests, or concerns:

Email: [email protected]

We aim to respond to all privacy inquiries within 5 business days.