Shipped · paying customers · never auto-sends
A shipped, paying-customers SaaS that drafts every email reply but never sends without your sign-off — from IMAP ingestion to Stripe billing, built to production solo.
This is the founder proof point: a real company, a live domain, Stripe subscriptions, and the full unglamorous operations surface owned end to end — with a deliberate product line in the sand at approval-first.
The problem
Autonomous email agents optimize for the wrong thing. Sending on their own is impressive in a demo and dangerous in production — one wrong reply to a real customer costs more than any time it saved. The bet here is that the trustworthy product is approval-first: the AI does the drafting, a human keeps the send button. That only pays off if the machinery underneath — ingestion, queues, rate limits, security — is genuinely production-grade.
Solution & demo
The product watches an inbox over IMAP, produces a thread-aware summary and a draft reply, and puts every draft in front of a human to approve, edit, or reject before anything goes out. Plans run from free to business with usage tracking and burst limits that protect deliverability, and the privacy stance — no training on user data — is part of the pitch, not an afterthought.
Recorded walkthrough coming soon.
In the meantime, the architecture and tradeoffs below tell the full story — or start a conversation and I'll walk you through it.
Live “Try it” demo lands in a later release. For now, the recorded walkthrough above is the demo.
How it works
An IMAP poller drops new messages onto a Redis and Bull queue, and separate email and scheduler workers process them off the request path. Generation is streamed, thread-aware, and tone-matched, with the model tier chosen by the customer's plan (nano / mini / full) so cost tracks revenue.
The production surface is the real exhibit. Rate limiting is database-backed and works across multiple instances instead of trusting per-process memory. Tokens are hashed with SHA-256, there is an API-key rotation endpoint, security-event logging and audit trails, sanitized error output, CSRF protection, and credentials encrypted at rest. Health checks, migrations, monitoring, and an incident-response runbook round it out — and Stripe handles subscriptions and usage. The company (Peak Logic LLC) carries a real compliance posture: GDPR and CCPA, with SOC 2 Type I in progress.
Tradeoffs & lessons
Links
The live product is linked below. A deeper write-up of the operations and security surface is in progress; how much to surface publicly versus keep at diagram level is a deliberate call.