# pingwa — privacy (plain text) pingwa sends WhatsApp notifications to exactly one phone: the account owner's own. Base URL: https://pingwa.dev ## What we never do - Never log message text — logs carry only internal ids (user_id, message_id, billing_class), never the message body. - Never log API keys or phone numbers (not in request logs or error traces). - Never store the API key in plaintext — only its SHA-256 hash. - Never send data to third-party analytics/trackers/brokers. - Never message anyone but the account owner (there is no "to" field). ## What we store - Your phone number and account settings. - Passwords (if set) hashed with argon2id — never reversible. - Message content/metadata you send (for history + the free 24h reply window). - Monthly usage counters (billing/quota). ## Verification - A number is verified ONLY by a message actually sent from WhatsApp (join, or "verify "), never self-reported. Reply "stop" to hard-disable sending. ## Where data lives - On the operator's own homelab hardware — not a public cloud. The only outbound connections are to Meta's WhatsApp API (delivery) and Stripe (only if you upgrade). ## Deleting your data - Pause: reply "stop" on WhatsApp (account kept; re-enable with "join"). - Erase: DELETE /v1/me with your API key deletes the account and ALL its data (messages, usage, idempotency records). Irreversible. ## Open by design - The client (CLI + MCP server) is open-source (MIT), so these claims are auditable. - Who runs this + contact: https://pingwa.dev/about