About ForthWrite

Who's behind this, why it exists, and how we handle your inbox.

Curtis Boortz, founder of ForthWrite

Curtis Boortz

Founder, ForthWrite· San Diego, CA

I'm not an engineer by training. My background is finance: a BBA in Finance from Cal State East Bay, and a few years underwriting SBA loans, private credit, and asset-backed deals as a Senior Associate at a lending firm. I taught myself to build software because the problem I needed solved didn't have a good tool yet.

That problem was email. Underwriting is a volume business: every deal generates a long back-and-forth with brokers, borrowers, and lenders, and most of it is the same handful of updates written slightly differently each time. Before ForthWrite, I built a small internal tool, originally called FinalDraft, that automated the contextual parts of that writing for my team. It worked well enough that it roughly doubled our outbound email capacity without adding headcount.

That result is the entire reason ForthWrite exists. I rebuilt the idea from scratch as a real product: a Chrome extension and Outlook add-in that draft replies inline, in Gmail and Outlook, that actually sound like the person sending them, because the model learns from your own sent mail instead of a generic house style. I built the whole thing solo, JavaScript, Next.js, Supabase, Vercel, largely self-taught along the way. I'm not going to pretend that makes me a career software engineer. What I can tell you is that I've used this exact workflow problem from the inside, at a company that lives and dies by how fast and how well it writes email, and I built ForthWrite to solve it for people in the same position.

ForthWrite is currently in launch stage, built and run by one person, with early users finding it organically through the Chrome Web Store. If you have feedback, a bug, or just want to tell me what's not working, email me directly at curtis@forthwrite.ai. I read every message.

Security & trust

ForthWrite reads your email to draft replies, so I take the security review process seriously rather than treating it as a box to check.

What CASA Tier 2 actually verifies

CASA (Cloud Application Security Assessment) is Google's required security review for any app requesting sensitive or restricted Gmail scopes, in ForthWrite's case, the restricted gmail.readonlyscope the extension uses to read the thread you're replying to. Tier 2 is a self-assessment audited against Google's minimum security controls by an independent, Google-approved assessor, not something we get to grade ourselves on.ForthWrite has passed it.

Why it matters for a tool that touches your inbox: passing CASA Tier 2 means an outside reviewer independently confirmed things like dependency vulnerability scanning, encrypted storage of any tokens we hold, and hardened web security headers, rather than taking our word for it. Concretely, as part of that assessment we have:

  • Zero known vulnerabilities across production dependencies
  • Strong HTTP security headers (HSTS preload, restrictive CSP, X-Frame-Options DENY)
  • OAuth tokens encrypted at rest, with row-level security restricting access to service-side code only
  • A Chrome extension manifest locked to forthwrite.ai only, no preview URLs, no localhost, in the shipped build

Full detail lives on the Security page, including our vulnerability disclosure program.

Beyond the CASA review: thread content is never stored on our servers after a draft is returned, and the writing-style data we use to learn your voice is scoped to your account only, never combined with anyone else's data, never used to train a shared or third-party model. The full breakdown is in the Privacy Policy. If you find a real security issue, please report it to curtis@forthwrite.ai rather than filing it publicly, details on our disclosure program are on the Security page.