Licensing Transparency

Exactly how licensing works. No ambiguity.

How Licensing Works

Melia is free for one email account, forever. Full functionality, no trial, no countdown, no missing features. If you need unlimited accounts, a one-time $10 payment unlocks them for life.

After purchasing through Stripe, your license key is delivered via email. To activate, enter the key in Settings > License. Your machine registers with Locksmith (locksmith.buxjr.com), our lightweight licensing service. Activation returns an Ed25519-signed token, which Melia stores on disk at ~/.config/melia/license-token.json (mode 0600) encrypted with a master key held in your OS keyring. From that point forward, license verification happens locally on each launch using a public key embedded in the application. The token has no expiration date. No network connection is required after activation.

Free users transmit no license data to Locksmith. The only network call the free tier makes to the service is the periodic update check, which sends just the product name and your running version — no license key, no machine ID, no user information.

Why Melia Isn’t Open Source

Melia is built on open source. It depends on a great deal of it, and we contribute back where we can. But Melia itself is not open source, and we’d rather say why plainly than let you wonder.

A polished email client is not a weekend project. It takes sustained, funded work to keep it secure, fast, and current with every provider’s quirks. The one-time $10 license is what pays for that work. No subscription, no ads, no selling your data, no investors to answer to. Just a product people are willing to pay for, funding the next version of itself.

We know what closed source costs you. You can’t read every line, fork it, or hand it to an auditor. That’s a real trade-off, and we won’t pretend otherwise.

So we answer it a different way. Instead of asking you to trust the source, we let you verify the behavior.

  • The Connection Monitor shows every outbound connection in real time, on your own screen. You can confirm Melia only talks to your mail servers.
  • Releases are GPG-signed, so you can verify every build end to end.
  • Telemetry is zero, and zero is verifiable. Watch the network and see for yourself.

You don’t have to take our word for what Melia does. You can watch it. For the full picture, see Trust & Transparency.

Machine Activation

Each license allows activation on up to 5 machines. A machine is identified by /etc/machine-id, an OS-provided identifier that is stable across reboots and non-invasive. It reveals nothing about your hardware or identity.

  • Machines can be deactivated from within the app at any time.
  • Stale machines are automatically deactivated after 90 days of inactivity.

You can view and manage all your activated machines directly from within Melia at Settings > License. If a machine you no longer use is taking up a slot, you can deactivate it remotely without needing physical access to that device.

Offline Behavior

After activation, Melia verifies your license locally using Ed25519 signature verification on each launch. No server connection is required. The app works offline indefinitely.

Every couple of weeks, Melia performs a brief check-in with Locksmith. This updates the "last seen" timestamp and serves two purposes: catching user-requested license revocations, and detecting stale machines so that lost, stolen, damaged, or reinstalled devices are automatically freed up for you. If Locksmith is unreachable, the check is silently skipped and Melia continues working normally with all your accounts.

Privacy Protections

Locksmith receives only the minimum data needed to enforce fair usage limits:

  • Product identifier
  • License key
  • Machine ID
  • Device hostname (used to label your machines in the activation list)

Locksmith does not receive:

  • Email content
  • Account credentials
  • IP addresses (not logged by Locksmith)
  • Hardware serial numbers
  • Usage data

The licensing service exists solely to enforce fair usage limits. Nothing more.

Edge Cases

  • OS reinstall: A fresh install generates a new machine ID, which uses a new activation slot. The old slot is automatically freed after 90 days.
  • Machine limit reached: The app shows your active machines and lets you deactivate any of them to free a slot.
  • User-requested revocation: The local token is deleted and the app restricts to 1 account. Only you can revoke your license.
  • Server outage: Existing activations continue working indefinitely. Local tokens are self-contained.

Refund Policy

Refund requests may be submitted within 30 days of purchase. Refunds are evaluated reasonably at the Developer’s discretion. If a refund is issued, the associated license will be revoked. To request a refund, contact us.

This page explains how licensing works in plain language. For the full legal text, see the End User License Agreement.

For the engineering details — exact request payloads, the embedded Ed25519 public key, network-verification commands — see Trust & Transparency. See also our FAQ.