Fineprint: Find out what really changed in the ToS

Business Attire — Fri, 06 Jun 2025 15:44:46 +0000

This is a submission for the Postmark Challenge: Inbox Innovators.

What I Built

I built Fineprint, a service for figuring out how a Terms of Service, Privacy Policy, User Agreement, or other company legal document has changed.

The idea is that companies are always sending "Upcoming changes to our legal agreements" emails, but often don't tell you what has changed.

That's where Fineprint comes in!

Just forward one of those "Our Terms of Service has changed" emails to app@fineprint.help. It'll load the policy, find a previous version (from the Internet Archive), calculate a diff, and summarize the changes for you.

Why I Built Fineprint

[note: you can skip on down to the Demo section below if you just want to see it in action]

When I saw the contest idea, I asked myself "what is unique to email?". What properties and what communications make the most sense over email? After all, there's a dozen or so different form factors for communication these days: social media, SMS, phone calls, websites, apps, WhatsApp/Signal/Discord/etc, snail mail, carrier pigeon, smoke signals, etc.

I threw down a few random thoughts:

Forwarding stuff is a quintessentially "email" thing to do
Email is a common mechanism for receiving notifications

And from there, the question was "what notifications are specific to email?". There are many notifications that we receive through email that are redundant -- updates from LinkedIn, GitHub, Discord, social media, etc -- but those all have some other source of truth we can query directly. What notifications would we not receive anywhere else?

And the answer, at least for me, was policy updates.

Policy updates are perfect because it's frequently a legal requirement for companies to notify you when they change, and the main medium for doing that is email.

While a select few companies will go the extra mile to say what they've changed, the vast majority just say "here's the new policy, go read it or something".

And of course, basically nobody reads the Terms of Service, and similarly few people are going to go to the effort to diff two versions of a 10+ page document. But these things are also important! Is the company now collecting information I would consider invasive? Are they sharing my information with new partners that I think are shady? Are they selling access to the information I've given them?

It turns out computers can make quick work of this task. And that's what Fineprint is for -- lowering the activation energy to answering these questions so you can make informed decisions about which companies you interact with and entrust your information to.

Demo

The best demo is just to try it! Search your inbox for subjects like "Changes to [...]" or "[...] Agreement Update" or "Update to [...]", and forward one of those emails to app@fineprint.help.

The response you'll get will look something like:

In this case, we couldn't find an older version of the policy because the Internet Archive is down this morning 🙃

And an example with functional diffing, now that Internet Archive is back up:

More details are available at fineprint.help. There are heavy rate limits in place as a cost control, as I'm using several APIs to generate the policy summaries.

Instructions for running the application locally are included in the GitHub repo.

Code Repository

bcspragu / fineprint

A tool for determining what has changed in a company's legal agreement (ToS, Privacy Policy, etc), built for Postmark's Inbox Innovators challenge

Fineprint

A tool for determining what has changed in a company's legal agreement (ToS, Privacy Policy, etc), built for Postmark's Inbox Innovators challenge

More usage details at Fineprint.help

Local Testing

Dependencies

To run the service locally, you'll need all of the following:

A Go compiler (likely 1.24.x)
A Node environment (I'm using Node 22)
- mjml needs to be installed in this env, for formatting emails
Postmark credentials
Internet Archive keys
An Anthropic API key

Running

./scripts/run.sh is a helper for running the service, but it assumes you have your credentials stored in pass under specific names.

curl -v \
  -u $(pass show postmark/webhook-username):$(pass show postmark/webhook-password) \
  --data @json-body.json \
  -H 'X-Forwarded-For: 127.0.0.1' \
  localhost:8080/webhook

Limitations

If the legal document has changed a lot, the diff may be very large and overflow our LLM context, so we trim it down to size
- This…

View on GitHub

For testing locally, follow the instructions in the README.md file in the root of the repo. It will require a functioning Go environment, as well as an Anthropic API key, Postmark credentials, and Internet Archive keys. You'll also need a Node environment with mjml installed.

How I Built It

The first ~50-60% of this project were written entirely with Claude Code, and then I came in and cleaned up the API calls, added the diffing support, tuned the prompts, added the MJML templates, and generally built out the rest of the project.

The trickiest part was handling the different possible cases: e.g. ToS;DR results available or not, older versions of the policy available or not, etc. There are also lots of heuristics required to get the correct URLs + policies and correlate them across services.

The server that receives the Postmark Inbound Email Processing webhook is written in Go. It uses Claude for classifying the email and generating summaries. The ToS;DR API is used to get curated write-ups of policy information and other metadata. Postmark is used for both the inbound (i.e. forwarded policy) emails, as well as for sending the reply emails, which are sent via the API.

Working with Postmark

Working with Postmark was very straightforward: the APIs are clearly documented, use a standard HTTP/JSON interface, and are well-structured. The console itself is easy to navigate to help with testing and debugging, and adding basic auth support to the webhook was a breeze.

DEV Community: Business Attire

Fineprint: Find out what really changed in the ToS

What I Built

Why I Built Fineprint

Demo

Code Repository

bcspragu / fineprint

A tool for determining what has changed in a company's legal agreement (ToS, Privacy Policy, etc), built for Postmark's Inbox Innovators challenge

Fineprint

Local Testing

Dependencies

Running

Limitations

How I Built It

Working with Postmark