I'm building an AI tool to auto-generate GDPR complaints when companies leak my email. Too aggressive?
Why I’m Building an "Email Condom" over the weekend?
The problem: I sign up for B2B services, and weeks later I get spam. I never know who leaked my email.
The solution:
-
I generate a unique alias for every service (zoom@sentry... , notion@sentry... ).
-
If that alias receives email from a different domain, the system flags a Data Breach.
-
(Here is the fun part) It offers to auto-generate a GDPR Article 33 complaint against the original service provider.
Tech Stack: CF Email Routing -> Workers -> Gemini 2.0 Flash (to analyze spam) -> My Inbox.
Discussion: Is the "GDPR Complaint Generator" too aggressive as a feature? I feel like accountability is zero right now. Companies sell data because they can. If we automate the "fighting back" part, maybe they'll stop?
I'm launching the MVP Monday. Would you use this?
Not too aggressive — exactly the right friction.
Companies leak data because there's no cost. The "fight back" button changes the economics.
A few thoughts:
On the concept:
On positioning:
Questions:
I'd try this. The "who leaked my email" question is something I've wondered about for years.
Thanks, man. Correct, the goal is to change the "cost" of leaking data for vendors.
To answer your questions:
Legitimate Services (FP): This is solved via Context-Aware AI. If you create user+stripe@..., the AI lowers the spam threshold for transactional content (receipts, codes). We also use a "Quarantine Digest" approach -- nothing is silently deleted. You get a daily summary of blocked emails with 1-click release/whitelist.
Complaint Workflow: Strictly Review-then-File. Automating legal complaints is too risky (liability/errors). Sentry auto-generates the evidence package (PDF with headers/timestamps), but the human must press the trigger.
Pricing: Definite Flat Subscription ($19/mo Personal / $99/mo Team). We specifically avoided "per-alias" pricing because we want users to generate thousands of aliases. Volume = Security. We shouldn't tax the very behavior that protects you.
Naming: Agreed. "Condom" is just the viral hook for X/Twitter. The official B2B positioning is "Cloudflare for Email" or "Corporate Email Shield".
This is great. A few things that stand out:
"Volume = Security" — this reframes pricing brilliantly. Per-alias billing would disincentivize the exact behavior that makes the product work. Smart.
Quarantine Digest — the "nothing silently deleted" approach is key for trust. Users need to feel in control, not paranoid about false positives eating important emails.
Review-then-File — exactly right for MVP. You're selling accountability, not legal automation. The auto-generated evidence package is the 90% of work that matters; the final click keeps you out of liability territory.
"Cloudflare for Email" lands better than "Email Shield" imo — it implies infrastructure-level protection, not just another inbox tool.
Watching the Monday launch. Good luck!