Your messages stay yours.

We treat your WhatsApp like medical records: read-only access, isolated workspaces, deletable on demand.

Three guarantees

๐Ÿ”

We literally cannot send messages

Our codebase contains zero send/pin/archive/delete WhatsApp calls. The only methods we ever invoke are getChats and fetchMessages. Auditable on request.

๐Ÿงฑ

One isolated worker per user

Your WhatsApp session lives in its own Linux container with its own memory, disk, and network namespace. Other users cannot see or touch it โ€” physically separated.

๐Ÿ—„๏ธ

Encrypted at rest, TLS-only transport

Every message and digest is stored in Supabase Postgres, encrypted at rest by AWS KMS. Transport is TLS 1.3 only. Service-role keys never leave the server.

What we store

Group chats & messages

Cached in Supabase to enable incremental syncs and the message-thread reader. Never shared with third parties.

Daily digests

The AI-generated summary of each group's activity, plus the action items and their state (pending/done).

Settings

Your schedule, muted groups, account email. That's it. No payment data โ€” Stripe holds that.

What we don't do

How "delete my data" works

From your dashboard โ†’ Settings โ†’ Delete account: every row in WhatsApp Wizzard_* tied to your user_id is deleted, your worker is shut down and its disk wiped, and your WhatsApp linked-device session is unlinked. Takes < 60 seconds. We keep nothing.

The risk you should know about โ€” please read

โš ๏ธ WhatsApp may temporarily restrict your linked Web access

WhatsApp Wizzard connects to your account via the same linked-device protocol WhatsApp Web uses. This is technically not allowed by WhatsApp's terms of service โ€” they don't sanction third-party automation. There is no official API for reading your personal groups and DMs, anywhere.

WhatsApp's automated systems sometimes detect the connection patterns of a third-party Web client and respond with one of:

  • Temporary Web restriction (most common) โ€” your linked device is unlinked. Your phone keeps working normally. Re-scan QR after 24-72 hours and you're back in business.
  • Full account suspension (rare) โ€” usually only happens when an account is brand-new, rarely-used, or repeatedly relinked. Recoverable via WhatsApp's in-app "Request a review" flow. Established accounts with months of organic usage almost never see this.

What we do to minimise risk:

  • On-demand connection only. Our worker is online ~3 minutes a day for the morning digest, plus when you click "Sync now". The rest of the time, Chromium is shut down. This dramatically reduces the "always-online from datacenter IP" signal that triggers most restrictions.
  • Region-matched workers. Indian users get Singapore-based workers (closest available); US users get US workers, etc. Reduces the "foreign-link" signal.
  • Persistent session storage. We don't repeatedly relink โ€” your QR scan is preserved across deploys, which avoids "rapid relink attempts" patterns.
  • No automated sending. Our codebase literally has no send/forward/delete capability. Whatever ban-pattern WhatsApp watches for spam, we don't trigger.

What we cannot guarantee:

  • We cannot promise WhatsApp will never restrict your account โ€” they decide that, not us.
  • Brand-new or rarely-used WhatsApp accounts are higher-risk regardless of our mitigations. Use an established number where possible.
  • If WhatsApp restricts your account, we are not liable. See Terms ยง 5.

Our honest recommendation: use WhatsApp Wizzard with a number that's been actively used for 3+ months on WhatsApp. If a temporary restriction (24-72h) on that number's Web access only would significantly disrupt you, this isn't the right tool. For most business operators with established numbers, the risk is small and worth it. For brand-new or critical-only personal numbers, it isn't.