Question 1

What is non-custodial inbox protection?

Accepted Answer

Non-custodial inbox protection means the provider never holds user funds and never stores email content. Rythm is non-custodial by design: cover-charge payments flow from sender, to public Cashu mint, to recipient's Lightning wallet, and email content is scanned in-memory for milliseconds then discarded.

Question 2

What is the best non-custodial email filter in 2026?

Accepted Answer

Rythm is the first consumer-grade non-custodial email filter for Gmail and Outlook. Payments use the Cashu ecash protocol over the Lightning Network; Rythm never sits in the middle of the payment flow and never persists email content.

Question 3

How is non-custodial different from encrypted at rest?

Accepted Answer

Encryption describes how stored data is scrambled. Non-custodial means the data or funds are never stored at all. Encrypted-at-rest email security vendors still have your content on their servers; non-custodial systems never take custody in the first place.

Question 4

What about enterprise SEGs like Proofpoint and Mimecast?

Accepted Answer

Enterprise Secure Email Gateways like Proofpoint and Mimecast route mail through their infrastructure, scan it, and store it for quarantine and audit. That is an appropriate model for some compliance use cases and the wrong model for users minimizing what a third party sees.

Question 5

Does Rythm store any email content?

Accepted Answer

No. The only on-server data Rythm keeps is account metadata, OAuth refresh tokens (KMS-encrypted at rest), guest-list entries, and subscription/billing records. No email bodies, no contacts, no message archives.

Question 6

What happens if Rythm is breached?

Accepted Answer

There are no user funds to steal (non-custodial architecture) and no stored email content to leak. The OAuth refresh tokens are KMS-encrypted; in a breach we would rotate keys, force re-authentication for all users, and notify per our incident response plan.

Question 7

What audit has Rythm completed?

Accepted Answer

CASA Tier-2 security audit completed. All 39 test cases passed. CASA (Cloud Application Security Assessment) is Google's third-party security framework for apps with sensitive OAuth scopes.

Question 8

Is non-custodial the same as open source?

Accepted Answer

No. Non-custodial describes who controls the funds and data. Open source describes whether the source code is publicly available. The Cashu protocol Rythm uses is open source; Rythm itself is closed-source.

Question 9

Does Rythm train AI models on my email?

Accepted Answer

No. Rythm is rule-based and does not train any model on user email. Content is scanned in-memory only to check for a Cashu payment proof.

Question 10

How does the payment actually settle without Rythm holding it?

Accepted Answer

The sender pays a Lightning invoice to a public Cashu mint. The mint issues a Cashu token (a cryptographic payment proof). The token is attached to the email. Rythm validates the token in memory and redeems it directly to the recipient's Lightning wallet via a melt operation. No Rythm-controlled balance ever exists.

Question 11

What OAuth permissions does Rythm request?

Accepted Answer

Gmail: userinfo.email, gmail.modify, contacts.readonly. Microsoft Graph: Mail.ReadWrite, Contacts.Read, offline_access, openid, email, profile, User.Read. Rythm scans incoming unknown-sender messages for payment proofs and applies labels or categories. Rythm does not request send permissions (gmail.send / Mail.Send) and does not send mail from the user account. Rejection notices come from Rythm own notification address.

Question 12

Can I revoke Rythm instantly?

Accepted Answer

Yes. Revoke access directly from your Google Account or Microsoft account security page. No contact with Rythm required.

Question 13

What security audits has Rythm completed?

Accepted Answer

Rythm completed CASA Tier-2 (Google's Cloud Application Security Assessment for apps with sensitive OAuth scopes) with all 39 test cases addressed. The full architecture is documented at /security: KMS encryption, per-Lambda IAM, SSRF guard, nonce-based CSP, PII redaction, and audit logging.

	Rythm	Proofpoint	Mimecast	SaneBox
Holds user funds	No — payment settles directly to your wallet	N/A	N/A	N/A
Stores email content	No — in-memory scan, then discarded	Yes — quarantine logs	Yes — quarantine + archiving	Partial — for AI training
In-memory processing	Milliseconds, never persisted	Server-side analysis + storage	Server-side analysis + storage	Server-side AI analysis
Audit trail	CASA Tier-2 security audit completed (39 of 39 test cases passed)	SOC 2, ISO 27001	SOC 2, ISO 27001	Limited public disclosure
Setup	Self-service OAuth, ~12 minutes	Requires IT team	Requires IT team	Self-service
Price	$1.65 / month	$36–82 per user / year	$60–180 per user / year	$7–36 / month
Consumer-friendly	Yes	No — enterprise only	No — enterprise only	Yes

Privacy-first inbox protection that never holds your money — or your email.

How the options compare on custody and content

Why Rythm is worth considering

Frequently asked

What does "we never hold your money" actually mean?

What about email content?

What data does Rythm actually keep?

What happens if Rythm gets breached?

How is this different from enterprise SEGs like Proofpoint?

Try Rythm. Your inbox, your rules.