Your number. Your data. Full stop.
pingwa exists to text one phone: yours. Here is exactly what that means for your data — stated plainly, and checkable in the open-source client.
What we never do
- We never log message text. Logs carry only internal ids (user_id, message_id, billing class) — never the body of what you send.
- We never log your API key or your phone number. Not in request logs, not in error traces.
- We never store your API key in plaintext — only its SHA-256 hash. A leak of our database does not leak a usable key.
- We never send analytics or your data to third parties. There is no tracker, no ad SDK, no data broker.
- We never message anyone but you. There is no "recipient" field; pingwa can only text the number that joined.
What we do store
- Your phone number (to know where to send) and account settings.
- Passwords, if you set one, hashed with argon2id — never reversible plaintext.
- Message metadata and content you send through the API, so history and the 24h reply window work. You can erase all of it (below).
- Monthly usage counters for billing/quota.
How your number is verified
Only by a message you actually send from WhatsApp — texting join,
or verify <code>. A number is never taken as self-reported. Reply
stop at any time and sending is hard-disabled immediately.
Where your data lives
On the operator's own homelab hardware — not a public cloud, not a SaaS backend. The only outbound connections pingwa makes are to Meta's WhatsApp API (to actually deliver your message) and to Stripe (only if you upgrade to a paid plan). Nothing else leaves the box.
Deleting your data
Two levels, both in your hands:
- Pause: reply
stopon WhatsApp — sending is disabled, your account is kept so you can re-enable withjoin. - Erase: call
DELETE /v1/mewith your API key — your account and all associated data (messages, usage, idempotency records) are permanently deleted. Irreversible; a newjoinstarts fresh.
Open by design
The client you run (CLI + MCP server) is open-source under the MIT license, so every claim on this page about what leaves your machine is auditable. See About for who runs this and how to reach them.
Plain-text version for agents: /privacy.txt