RiposteMail is a personal AI tool that analyzes forwarded emails for factual accuracy and helps you draft thoughtful replies. This policy describes what information RiposteMail collects, how it is used, which third parties process it, and what choices you have.
RiposteMail is operated as a small-scale personal tool, not a commercial service. It is provided free of charge to invited users.
The short version: RiposteMail collects the email addresses of registered users, the content of emails you choose to forward, and basic security data (login times, IP addresses). Before forwarded email content is sent to any AI service, identifying information — email addresses, phone numbers, postal addresses, and header metadata — is automatically stripped. Notification emails are sent via Resend. Inbound forwarding passes through Cloudflare and CloudMailin. Each user's analyses are private to them.
1. Information RiposteMail collects
From registered users
- Login email address. Used to send magic-link sign-in links and analysis notifications.
- Display name (optional). Shown in the dashboard and in administrative audit records.
- Additional email addresses (optional). If you forward from multiple addresses, you can register them so RiposteMail routes forwards to your account correctly.
- IP address and browser user-agent. Captured at login and during sessions for security monitoring.
- Login timestamps and session metadata. When you signed in, when your session expires.
From people requesting access
If you submit an access request via the request form:
- Email address you provided
- Optional note (limited to 200 characters; HTML and URLs are sanitized)
- IP address and timestamp (used to prevent spam submissions)
If your request is denied, this information is retained as a record but used for no other purpose.
From email content you forward
When you forward an email to forward@ripostemail.com, Riposte processes:
- Email subject and body
- Sender name and address (as they appear in the forwarded email's headers)
- Attachments (if present and of supported types: .docx, .pdf, .txt, .md, .rtf, .html)
- Any commentary you added when forwarding
Before this content is sent to any AI analysis service, RiposteMail automatically strips identifying information from the body. See Section 3 for details.
That you create within RiposteMail
- Sender profiles you create (display names, notes, default reply tones)
- Edits you make to draft replies
- Manual re-attribution of analyses to different sender profiles
2. How RiposteMail uses this information
- Authentication. Your email is used to send sign-in links. Sessions are managed via secure HttpOnly cookies.
- Analysis. Forwarded email content (after identifier stripping) is sent to Anthropic for fact-checking and reply drafting.
- Notifications. When analysis completes, RiposteMail sends you a notification email with the verdict summary and a link to the full analysis.
- Security and accountability. Login events, IP addresses, and access requests are recorded in an audit log.
- Spam protection. Access requests are rate-limited per IP address and per email address.
3. How RiposteMail protects the privacy of forwarded email content
When you forward an email to Riposte, the original sender did not consent to having their email analyzed by an AI service. RiposteMail addresses this by automatically stripping identifying information from the email body before sending any content to Anthropic or Brave.
What is stripped from the body before AI processing:
- All email addresses
- Phone numbers
- Postal/street addresses
- "From:", "To:", "Cc:", and "Bcc:" header lines inside forwarded chains
- "On [date], [name] wrote:" forwarding brackets
- Forwarded message delimiters (e.g., "--- Forwarded message ---")
- Email signature blocks
What is kept (necessary for fact-checking to work):
- The substantive claims and statements in the email body
- Names of public figures mentioned in the content (politicians, journalists, scientists)
- Organization names, places, dates, and statistics
- URLs (public links used for source evaluation)
The stripped version is what gets stored in RiposteMail's database as the email body. The original (unstripped) content is discarded immediately after stripping and is never stored or transmitted.
Note: emails analyzed before this privacy feature was introduced (prior to April 29, 2026) were stored in full. Those analyses are visible only to the user who submitted them.
4. Third parties that process your data
RiposteMail uses the following third-party services. Each receives only the data necessary for its function. None receive data for advertising or marketing purposes.
Anthropic (Claude API)
The stripped email body — with identifying information already removed — is sent to Anthropic's API for analysis. Anthropic also receives the sender's display name as you set it in your sender profile (e.g., "Uncle Richard"), but not the sender's actual email address. Per Anthropic's API terms in effect at the time of processing, content submitted via the API is not used to train AI models by default. See Anthropic's Privacy Policy for current details.
Brave Search
Short factual claim phrases extracted from the email (typically 5–20 words) are sent to Brave's Search API for web search. Full email content is not sent. See Brave's Privacy Policy.
Resend
Outbound notification emails are sent via Resend. These contain the analysis verdict, a brief summary (2–4 sentences), and a link to the analysis. They do not contain the forwarded email body. See Resend's Privacy Policy.
CloudMailin
Emails forwarded to forward@ripostemail.com are received and parsed by CloudMailin before delivery to Riposte. CloudMailin briefly processes and stores the email while delivering it to the Riposte webhook, after which Riposte immediately applies identifier stripping. See CloudMailin's Privacy Policy.
Cloudflare
The ripostemail.com domain uses Cloudflare for DNS and Email Routing. Emails sent to forward@ripostemail.com pass through Cloudflare's infrastructure on their way to CloudMailin. See Cloudflare's Privacy Policy.
Railway
RiposteMail is hosted on Railway, which provides the server and database storage. Railway has access to the underlying infrastructure as the hosting provider. See Railway's Privacy Policy.
5. Data retention
- Analyses — retained indefinitely until you delete them via the dashboard
- Sign-in tokens — expire 15 minutes after issuance; single-use and deleted after use
- Sessions — expire after 30 days of inactivity
- Audit log entries — retained indefinitely for accountability
- Access request records — retained indefinitely for spam prevention
- Rate-limit records — cleaned up after 7 days
6. What RiposteMail does not do
- Use tracking pixels, third-party analytics, or behavioral profiling
- Sell, rent, or share your data with marketing or advertising companies
- Access your inbox or any messaging account — only content you explicitly forward
- Store passwords (authentication is magic-link only)
- Allow any user (including the administrator) to view another user's analyses or sender profiles
7. Your rights and choices
- Delete analyses. Any analysis can be deleted from your dashboard at any time.
- Delete your account. Contact privacy@ripostemail.com to request account deletion. Your user record and all associated analyses and sender profiles will be deleted. Audit log entries will be anonymized (your email replaced with "[deleted user]"). Account deletion is permanent and cannot be reversed.
- Data export. Contact privacy@ripostemail.com to request a copy of your data.
8. Changes to this policy
If this policy changes in a material way, registered users will be notified via email at least 14 days before the change takes effect.