Email content is not stored.
Scanning happens in memory in milliseconds, only on unknown-sender messages, only to verify a payment token. The body is discarded immediately.
The standard play.
The conventional email-security architecture is custodial by design. The vendor sits between the sender and the inbox. Mail-flow proxies route every message through a vendor-controlled gateway. The vendor scans, scores, quarantines, and stores. Payment processing for any bolted-on features is custodial: the vendor holds the funds, the user has a balance. The model is fine for organizations that want full audit trails and centralized control. It is not the right shape for users who want the protection layer to take custody of as little as possible.
Where it falls short.
- Custodial systems concentrate risk: a breach exposes content from every customer who routed mail through the vendor.
- Quarantine portals require the vendor to retain message bodies indefinitely. That changes the threat model for the user.
- Payment custody adds a regulatory perimeter (money transmission, KYC, AML) that has nothing to do with email protection.
- Centralized scanning means the vendor reads everything. Even with strong access controls, the data exists.
- Audit-log retention runs years in regulated industries. The vendor becomes a long-term repository of mail content.
Rythm’s approach.
Three things change when the protection is economic instead of probabilistic.
No funds held.
The cover charge moves from sender to recipient on its own rails. Rythm verifies it in memory and lands it in your own wallet. We never sit on the money in between.
Minimal data footprint.
Only what is needed to run the service: your account, the encrypted connection token to your inbox, your guest list, and billing records. No message bodies, no contacts, no message archive.
What Rythm doesn’t do here.
Non-custodial does not mean private from your provider. Gmail still has access to your Gmail. Microsoft still has access to your Microsoft 365 mailbox. Rythm is a layer that minimizes what the layer itself takes custody of; it does not change what your underlying provider does. Non-custodial also does not mean encrypted at rest only. End-to-end encrypted email (Proton Mail, Tutanota) takes a different approach: the provider cannot read content because it is encrypted before it reaches them. Rythm is not end-to-end encrypted; it is non-custodial in the sense that it does not retain content or hold funds. If your threat model requires that no provider can read your mail, end-to-end encrypted email is the right shape.
One plan. One price.
Keep your existing Gmail or Outlook. Cancel anytime.
$1.65
per month
Annual on Lightning includes one bonus month. See full pricing.
Frequently asked
Keep reading.
Email security for HNWI and family offices
For users whose threat model includes minimizing what the protection layer holds.
Email security for journalists
For users whose work depends on a third-party not retaining their inbound source mail.
Non-custodial architecture
A founder note on what it took to build the protection layer this way.
What is a non-custodial email service
A plain-English explainer on the term and what it does and does not promise.
Rythm is not a cryptocurrency service
On the difference between using open payment rails and being a payment provider.
