Offline — Some features may not work. Please check your internet connection.
Privacy Policy
Effective Date: March 2, 2026 · Last Updated: March 2, 2026 · Last Reviewed: March 2, 2026 · Version 3.0
1. Introduction & Definitions
Rythm (“we,” “us,” or “our”) operates the Rythm email paywall service at app.rythm.xyz. This Privacy Policy describes how we collect, use, store, share, and protect your information when you use our service.
Rythm is the data controller responsible for the personal information described in this policy. When we engage third-party service providers that process data on our behalf, they act as data processors under our instructions.
Rythm is designed to be privacy-preserving. We built our architecture so that we collect only the minimum data necessary to operate the service. We never read your email content, we never hold your funds, and we never sell your data.
By using Rythm, you agree to the practices described in this policy. If you do not agree, please do not use our service.
Key Definitions
“Personal Information” means information that identifies, relates to, or could reasonably be linked to you or your household, as defined by the California Consumer Privacy Act (CCPA) and applicable state privacy laws.
“Service” means the Rythm email paywall application, website, and related features available at app.rythm.xyz.
“User” or “you” means any individual who creates a Rythm account and connects an email provider.
“Email Delivery Credits” means the Cashu ecash payment proofs that senders include in emails to pass through your paywall. These credits are settled directly to your wallet and are never stored by Rythm.
“Sender” means any person who sends an email to your connected email account. Senders are not Rythm users and do not have accounts with us.
2. Information We Collect
2.1 Information You Provide Directly
When you create an account and configure Rythm, you provide:
Lightning address — Your payment wallet address for receiving email delivery credits. You enter this in your account settings.
Paywall configuration — Your paywall amount, approved sender whitelist entries, and service preferences.
Support requests — If you contact us for support, we store the subject, description, and messages you submit.
2.2 Waitlist & Beta Program Data
If you join our waitlist before receiving an account invitation, we collect your email address and signup date. Waitlist data is automatically deleted after 12 months if you do not activate an account.
2.3 Information We Receive Through Google APIs
When you connect your Google account, Rythm requests the following OAuth 2.0 scopes:
openid — Authenticate your identity using OpenID Connect.
userinfo.email — Retrieve your email address and verification status to create and identify your account.
gmail.modify — Read email metadata (sender address, message ID, labels), apply labels (such as “Paid” or “Held”), and move messages to enforce your paywall rules. We scan the email body in memory solely to detect the presence of email delivery credit proofs. We do not read, store, or index email body content for any other purpose.
contacts.readonly — Read your contacts one time during initial setup to pre-populate your approved sender whitelist. Contact data is processed in memory and is not stored beyond the resulting whitelist entries.
2.4 Information We Receive Through Microsoft APIs
When you connect your Microsoft account, Rythm requests the following scopes:
openid, email, profile — Authenticate your identity and retrieve your email address and display name for account creation.
User.Read — Read your basic Microsoft profile for account identification.
Mail.ReadWrite — Read email metadata and move or categorize messages to enforce your paywall rules. As with Gmail, we scan the email body in memory solely to detect email delivery credit proofs. We do not read, store, or index email body content for any other purpose.
offline_access — Maintain access while your account is active without requiring you to re-authenticate each time.
2.5 Information Collected Automatically
When you use Rythm, our systems automatically collect:
Email processing metadata — For each email processed by your paywall, we record the processing decision (delivered, held, or rejected), whether an email delivery credit was detected (yes/no), the credit amount if applicable, and processing duration. Sender email addresses are stored only as irreversible SHA-256 hashes.
Earnings records — Credit amounts, settlement status, and timestamps for your earnings dashboard. No email content is stored alongside these records.
Web server logs — Standard access logs including IP address, browser type, and pages visited. These are maintained by our hosting provider and retained for up to 90 days.
3. How We Use Your Information
We use the information we collect exclusively to provide, maintain, and improve the Rythm service:
Paywall enforcement — We read email metadata to determine whether incoming messages should be delivered, held, or rejected based on your whitelist and paywall rules. This is an automated process with no human review.
Email delivery credit verification — We scan incoming email bodies in memory to detect the presence of Cashu ecash proofs. If found, we verify their validity with the issuing mint and settle the payment to your Lightning wallet. The email body and credit proof are discarded from memory immediately after processing.
Label management — We apply labels or categories to your emails (such as “Paid,” “Held,” or “Scan Failed”) to help you identify the status of messages. These labels are visible only to you and can be removed at any time.
Sender whitelist — We maintain your list of approved senders so that messages from known contacts bypass your paywall automatically.
Earnings dashboard — We record email delivery credit amounts and settlement status to display your earnings history.
Account management — We use your email address to identify your account, send service-related notifications (such as rejection emails to senders via your own email account), and provide support.
Service reliability — We use processing logs and error data to diagnose issues, prevent abuse, and ensure the service operates correctly. All logs are automatically redacted of personally identifiable information before storage.
Legal Basis for Processing
Processing Purpose
Legal Basis
Account creation and authentication
Performance of our contract with you (Terms of Service)
Paywall enforcement and email processing
Performance of our contract with you
Email delivery credit verification and settlement
Performance of our contract with you
Subscription billing
Performance of our contract with you
Service reliability and error diagnosis
Legitimate interest in maintaining a functional service
Security monitoring and abuse prevention
Legitimate interest in protecting users and infrastructure
Waitlist management
Your consent (provided at signup)
We do not use your information for advertising, profiling, behavioral analytics, AI or machine learning model training, creditworthiness assessments, or any purpose unrelated to providing the Rythm service.
4. Information We Do NOT Collect or Store
Rythm is built on a principle of data minimization. We have architected our systems so that the following data is never written to any database, log file, or persistent storage:
Email body content — Email bodies are loaded into temporary server memory solely to detect email delivery credit proofs, then immediately discarded. Processing takes approximately 1–10 seconds per message. Server memory is destroyed after each invocation.
Email subject lines — Processed transiently, never persisted.
Email attachments — Never accessed, read, or stored.
Email delivery credit proofs — Payment proofs are verified in-memory and immediately discarded. We reference payment events by email message ID only, never by proof content.
Contact lists — Your contacts are read once during initial whitelist setup, processed in memory, and discarded. Only the resulting whitelist entries are stored.
Raw sender email addresses in logs — Sender addresses are stored only as irreversible one-way SHA-256 cryptographic hashes. Even in the unlikely event of a data breach, original sender email addresses cannot be recovered from our systems.
Payment card numbers — Subscription payments are tokenized client-side by Square before reaching our servers. We never see or store your card number.
IP addresses in application logs — IP addresses are automatically redacted from all structured application logs.
User behavioral profiles — We do not build profiles, models, or scores based on your email data or usage patterns.
Biometric data — We do not collect fingerprints, facial geometry, voiceprints, or any other biometric identifiers.
Cross-device tracking data — We do not track your activity across devices, browsers, or websites. We do not use device fingerprinting.
5. Non-Custodial Payment Architecture
Rythm operates a non-custodial payment verification model. We never hold, store, custody, or have the ability to spend your funds. Here is how email delivery credit processing works:
A sender includes an email delivery credit proof in their email to you.
Rythm detects the proof in the email body using automated pattern matching. The email body is held in temporary server memory only.
Rythm verifies the proof’s validity by querying the issuing Cashu mint. No user-identifying information is sent to the mint.
Rythm instructs the mint to settle the proof’s value directly to your Lightning wallet via a standard Lightning Network payment.
The email delivery credit proof is discarded from memory. It is never stored in any database.
At no point during this process does Rythm receive, hold, or control any monetary value. The Cashu mint settles the payment directly to your wallet. If the process fails after multiple retries, the original proof is returned to you via email so you can settle it manually using a compatible wallet application.
Service Revenue Model
Lightning Network routing fees are inherently variable. Rythm includes a small safety buffer in Lightning settlement requests to ensure reliable payment delivery. Any difference between the buffer and actual routing fees is retained by Rythm as service revenue. This model means Rythm charges no explicit fees to users. These small overpayment amounts (typically a few satoshis per transaction) are stored temporarily as new proofs created by the mint and are separate from your original payment.
What External Parties Learn During Payment Processing
Cashu mints learn that a redemption request was made for a specific amount. They do not learn your identity, email address, or the context of the email. All mint interactions originate from Rythm’s server infrastructure, not from your device.
Your Lightning wallet provider receives the settlement amount and a partially masked sender email address (for example, “jo...n@example.com”) as a payment note. Your wallet provider does not receive any email content or credit proof data.
6. How We Share Your Information
We use the following third-party services to operate Rythm:
Service
Purpose
Data Shared
Google (Gmail API)
Email paywall enforcement
OAuth credentials to access your email metadata and apply labels. Email body content is read through the Gmail API, scanned for credit proofs in memory, and immediately discarded.
Microsoft (Graph API)
Email paywall enforcement (Outlook)
OAuth credentials to access your email metadata and apply categories. Same processing model as Gmail.
Cashu Mints (public, third-party)
Email delivery credit verification and settlement
Cryptographic proof data and a Lightning invoice addressed to your wallet. No user-identifying information is sent.
Resend
Rejection notification emails
Sender email address (to notify them their message was held). In rare failure cases, Resend may also transmit email delivery credit proof data back to you for manual recovery. No other email content is shared.
Square
Subscription billing
Your email address and name for customer creation. Card payment data is tokenized client-side by the Square SDK before reaching our servers. On account deletion, your Square customer record is deleted. No email data is shared with Square.
Strike
Lightning payment processing for subscriptions and service revenue settlement
Subscription payment amounts and service revenue sweep amounts. No user-identifying information is sent to Strike.
Amazon Web Services (AWS)
Cloud infrastructure
All stored data resides in AWS. Data is encrypted at rest using AWS Key Management Service (KMS) and in transit using HTTPS/TLS 1.2+. AWS processes data as a sub-processor under its Data Processing Addendum.
Vercel
Web application hosting
Standard web server access logs (IP address, browser type, page path). No email data or account information is shared.
A current list of our sub-processors, including their purposes and data processing locations, is available at app.rythm.xyz/sub-processors.
We do NOT sell, share, or transfer your personal information to any third party for advertising, marketing, data brokerage, or any purpose unrelated to providing the Rythm service.
We may disclose your information if required to do so by applicable law, regulation, legal process, or enforceable governmental request.
7. Google API Services — Limited Use Disclosure
Rythm's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In addition to the disclosures throughout this policy:
Rythm accesses Google user data solely to provide the email paywall features visible in the Rythm application interface.
Rythm does not use Google Workspace API data to develop, improve, or train generalized AI or machine learning models.
Rythm does not use Google user data for serving advertisements, retargeting, personalized advertising, or interest-based advertising.
Rythm does not transfer or sell Google user data to advertising platforms, data brokers, or information resellers.
Rythm does not use Google user data to determine creditworthiness or for lending purposes.
No Rythm employee, contractor, or automated system reads the content of your emails. Our systems access email metadata and scan for email delivery credit proofs through fully automated processes. Human access to any Google user data is prohibited except: (a) with your explicit, documented consent for a specific support request; (b) for security investigations; or (c) to comply with applicable law.
8. Data Retention & Deletion
We retain your data for the minimum period necessary to provide the service and comply with legal obligations. Specific retention periods:
Data Type
Retention Period
Deletion Method
User profile and settings
Until account deletion
Deleted within 24 hours of account deletion request
Approved sender whitelist
Until account deletion
Deleted with account
OAuth tokens (encrypted)
Until account deletion
Revoked at provider and deleted from database
Email processing logs
90 days
Automatically expired via database TTL
Earnings records
90 days
Automatically expired via database TTL
Authentication sessions
24 hours
Automatically expired; also cleared on sign-out
Application logs (PII-redacted)
90 days (active), up to 1 year (archive)
Automatically expired via retention policies
Infrastructure audit logs
1 year
Automatically expired via lifecycle policies
Waitlist data
12 months
Automatically expired via database TTL
What Happens When You Delete Your Account
When you delete your account from Account Settings, we perform the following within 24 hours:
Cancel email provider webhook subscriptions
Revoke OAuth access tokens with Google and/or Microsoft
Cancel any active subscription and delete your payment processor customer record
Delete all data associated with your account from our database (profile, whitelist, earnings, processing logs, paywall configuration, support tickets, and sessions)
Log a deletion audit event for compliance verification
Residual data in PII-redacted application logs and infrastructure audit logs will expire automatically per the retention schedules above. These logs do not contain reversible personal information.
9. Security Measures
We implement the following security measures to protect your data:
Encryption at rest — All sensitive data, including OAuth tokens, is encrypted using AWS Key Management Service (KMS) with AES-256 encryption. KMS keys are automatically rotated annually.
Encryption in transit — All communication between your browser, our servers, and third-party APIs uses HTTPS with TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) is enabled with preload.
OAuth 2.0 with PKCE — We use the industry-standard Authorization Code flow with Proof Key for Code Exchange (PKCE). We never use the implicit grant flow and never have access to your email password.
Server-side sessions — Sessions are stored server-side with automatic expiration (24-hour maximum lifetime). Session cookies are HttpOnly, Secure, and SameSite=Lax. You can terminate all active sessions at any time.
PII redaction — All application logs are automatically processed through a redaction pipeline that replaces over 30 categories of personally identifiable information with irreversible hashes before storage.
Content Security Policy — We enforce a strict, nonce-based Content Security Policy to protect against cross-site scripting (XSS) attacks.
Input validation — All API endpoints validate input using schema-based validation. Webhook signatures are cryptographically verified.
Rate limiting — All endpoints are rate-limited to prevent abuse.
Non-custodial design — Rythm does not hold or store email delivery credits or funds on your behalf. This eliminates an entire category of financial data breach risk.
Principle of least privilege — Each server-side function operates with the minimum permissions necessary to perform its specific task.
Security assessments — We undergo security assessments as required for our Google Cloud Application Security Assessment (CASA) Tier certification for restricted Gmail API scope access.
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you via the email address associated with your account within 72 hours of becoming aware of the breach, in accordance with applicable state notification laws. We will also notify relevant regulatory authorities as required by law.
10. Your Rights
You have the following rights regarding your personal information. These rights apply to all Rythm users regardless of location. Additional rights for residents of specific states are described below.
10.1 Rights Available to All Users
Access and export your data — You can export all data we store about you as a downloadable file at any time from Account Settings.
Delete your account — You can permanently delete your account and all associated data from Account Settings. Deletion is processed within 24 hours. This action is irreversible.
Correct your information — You can update your Lightning address, paywall configuration, and whitelist directly in Account Settings. For corrections to other data, contact us at privacy@rythm.xyz.
Revoke email provider access — You can revoke Rythm's access to your email at any time:
Sign out of all devices — You can terminate all active sessions across all devices from Account Settings.
Modify your whitelist — You can add, edit, or remove approved senders from your whitelist at any time.
10.2 US State Privacy Rights
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Indiana, Kentucky, Rhode Island, or another US state with a comprehensive privacy law, you have the following additional rights:
Right to know — You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
Right to delete — You may request the deletion of your personal information. You can exercise this right directly from Account Settings, or by contacting us at privacy@rythm.xyz.
Right to correct — You may request correction of inaccurate personal information. Most information can be corrected directly in your Account Settings.
Right to opt out of sale or sharing — Rythm does not sell your personal information. Rythm does not share your personal information for cross-context behavioral advertising. Because we do not sell or share personal information, no opt-out mechanism is necessary.
Right to non-discrimination — We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Service, charge you different prices, or provide a different quality of service because you exercised a privacy right.
10.3 Right to Appeal
If we deny or are unable to fully fulfill a privacy request, you may appeal our decision by emailing privacy@rythm.xyz with “Privacy Appeal” in the subject line. Include a description of the original request and the reason you believe it was improperly denied. We will review your appeal and respond within 45 calendar days. If your appeal is denied, we will provide you with information on how to contact your state attorney general to submit a complaint.
10.4 State-Specific Rights Summary
Right
CA
VA
CO
CT
TX
OR
MT
UT
IN
KY
RI
Access / know
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
Delete
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
Correct
✓
✓
✓
✓
✓
✓
✓
—
✓
✓
✓
Opt out of sale
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
Opt out of profiling
✓
✓
✓
✓
✓
✓
✓
—
✓
✓
✓
Data portability
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
Appeal
—
✓
✓
✓
✓
✓
✓
—
✓
✓
—
Note: Rythm does not sell personal information, engage in targeted advertising, or use profiling. These opt-out rights are listed for completeness. A dash (—) indicates the state law does not include that specific right or uses a different mechanism.
10.5 California “Shine the Light” (Civil Code § 1798.83)
Rythm does not disclose personal information to third parties for their direct marketing purposes. If you are a California resident and wish to confirm this, you may contact us at privacy@rythm.xyz.
10.6 How to Exercise Your Rights
You may exercise your rights by using the self-service tools in Account Settings, or by contacting us at privacy@rythm.xyz. We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension and the reason within the initial 45-day period. The maximum extension is an additional 45 days.
An authorized agent may submit a request on your behalf by providing written authorization signed by you, along with proof of identity. We may contact you directly to verify the request.
10.7 Categories of Personal Information (CCPA Disclosure)
In the preceding 12 months, we have collected the following categories of personal information as defined by the California Consumer Privacy Act:
Identifiers — Email address, display name, account ID. Collected from Google/Microsoft OAuth at sign-up.
Internet or electronic network activity — Email processing decisions (delivered/held/rejected), web server access logs. Collected automatically during service use.
Commercial information — Subscription status, email delivery credit earnings amounts. Collected during service use and payment processing.
We do not collect sensitive personal information, biometric data, geolocation data, or professional/employment information.
11. Automated Decision-Making
Rythm uses automated processing to make paywall enforcement decisions about incoming emails. Specifically:
Emails from senders on your approved whitelist are automatically delivered to your inbox.
Emails from senders on the global greenlist (such as system notifications from well-known services) are automatically delivered.
Emails containing a valid email delivery credit proof are automatically delivered after the credit is verified and settled to your wallet.
Emails that do not match the above criteria are held behind your paywall. A rejection notification with payment instructions is sent to the sender via your own email account.
These decisions are made by rules-based automated systems, not by artificial intelligence or machine learning. You control the rules by configuring your whitelist and paywall settings. No human reviews the content of your emails during this process.
12. Cookies & Tracking Technologies
Rythm uses minimal cookies and tracking technologies:
Name
Type
Purpose
Duration
rythm-session
Essential (HttpOnly)
Authenticates your session. Cannot be used for tracking.
24 hours
We do not use advertising cookies, analytics cookies, or any third-party tracking pixels. We do not use localStorage for persistent data storage. One sessionStorage item (a boolean for UI state) is used and cleared when you close your browser tab.
Global Privacy Control (GPC)
We recognize and honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request under applicable state privacy laws, including the California Consumer Privacy Act and Colorado Privacy Act. Because Rythm does not sell or share personal information for targeted advertising, honoring a GPC signal requires no change to how we process your data — your data is already protected.
We do not engage in cross-device tracking, browser fingerprinting, or any form of surveillance advertising.
13. Transactional Email Compliance
When a sender’s email is held behind your paywall, Rythm sends a rejection notification to the sender explaining how they can include an email delivery credit to reach your inbox. These transactional notification emails comply with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.):
Each notification includes accurate header information and identifies Rythm as the sender of the notification.
Notifications are transactional in nature (related to an existing email exchange) and do not contain commercial advertising.
Senders are not added to any marketing list. We do not send follow-up emails, newsletters, or promotional content to senders.
14. Data Processing Location
Rythm is currently available to users in the United States only. Your data is processed and stored in AWS data centers located in the United States. Our frontend is hosted on Vercel, which may route traffic through edge locations in the United States.
15. Children's Privacy
Rythm is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us at privacy@rythm.xyz so we can delete it promptly.
16. Changes to This Policy
We will notify you of material changes to this Privacy Policy at least 30 days before they take effect by sending a notification to the email address associated with your account and updating the “Last Updated” date at the top of this page. Material changes include new categories of personal information collected, new third-party data recipients, or changes to your rights.
If we make material changes that affect how we access or use Google user data, we will prompt you to re-consent before accessing your data under the updated terms, in accordance with the Google API Services User Data Policy.
Non-material changes (such as formatting, clarification, or typographical corrections) will be reflected in an updated “Last Updated” date without advance notice.
We maintain archived versions of previous privacy policies. You may request a copy of any previous version by contacting privacy@rythm.xyz.
17. Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your data is handled, please contact us:
We aim to respond to all privacy inquiries within 10 business days. For formal rights requests under state privacy laws, we will respond within 45 calendar days as required by law.
We strive to make this privacy policy accessible to all users, including those using assistive technologies. If you have difficulty accessing any part of this policy, please contact us at privacy@rythm.xyz and we will provide the information in an alternative format.