Privacy Policy

Last updated: February 2025

What we collect

When you create a wapin, we store the content you enter (titles, text, checklist items) and the password hash if you choose to set one. We do not collect personal information such as names, email addresses, or phone numbers.

Cookies

We use HttpOnly cookies solely for password-protected wapin authentication. These cookies contain only an authentication token scoped to the specific wapin. We do not use tracking cookies or analytics cookies.

Data storage

Your wapin content is stored in our database. Wapins that have not been accessed for an extended period may be automatically deleted to manage storage. We recommend keeping backups of important content.

Security

Wapins are accessible via their unique short URL. If you add a password, it is stored as a bcrypt hash and never in plain text. We recommend using password protection for any sensitive content.

Third parties

We do not sell or share your data with third parties. We use Vercel for hosting and MongoDB Atlas for database storage.

Deletion

You can delete any wapin you have access to via the settings menu. Deletion is permanent and cannot be undone.

Contact

For any privacy concerns, please reach out via the contact information on our website.

Signable Text Block — Casual Use Only

The Wapins signable text block is a casual co-signing tool. It lets you paste an agreement, generate a SHA-256 hash of the document text, share a wapin link, and have multiple people co-sign by typing their names. It is intended for casual, friendship-grade, household-grade, or informal-team agreements — roommate cleaning rotas, kids chore contracts, trip splitting agreements, study group commitments, household pacts, and other low-stakes co-signed documents.

The signable text block is not a legally binding e-signature service. It is not certified for any regulated industry (healthcare, finance, real estate, employment). It is not admissible in court as a substitute for a wet signature or a certified e-signature audit trail. We do not guarantee enforceability, admissibility, or legal effect of any document signed via the Wapins signable text block. For legally binding agreements, use a certified e-signature provider such as DocuSign, Adobe Sign, SignNow, or HelloSign.

When the signable block is locked, a SHA-256 cryptographic hash of the document text is generated and stored alongside each signature. Subsequent signatures are bound to that same hash. If the document text is later edited, the recomputed hash diverges and the prior signatures are visibly invalidated in the user interface. This is best-effort tamper protection — it makes silent edits visible — but it is not court-grade tamper-evidence, does not include a certified audit trail (no IP logging, no biometric capture, no notarized timestamp), and should not be relied on for any agreement where courtroom-grade tamper-evidence is required.

Before signing any document via the Wapins signable text block, you are responsible for: (a) reading the full document text, (b) verifying that the displayed SHA-256 hash matches what you intend to sign, (c) confirming that the agreement is appropriate for casual co-signing rather than legally binding signature, and (d) not relying on Wapins for any agreement where the legal effect, enforceability, or regulatory status matters to you.

Wapins provides the signable text block as a free tool with no warranty of any kind. To the maximum extent permitted by law, Wapins, its operators, and its contributors are not liable for any damages, losses, claims, or disputes arising from the use, misuse, or reliance on the signable text block — including but not limited to disputes over the enforceability of signed documents, claims of fraud or tampering, claims of unauthorized signature, or any indirect or consequential damages. You use the signable text block at your own discretion and at your own risk.

If your agreement needs to be legally binding, court-admissible, or compliant with regulatory standards (eIDAS, ESIGN Act, UETA, HIPAA, FINRA), do not use the Wapins signable text block. Use a licensed e-signature provider — DocuSign, Adobe Sign, SignNow, or HelloSign — which offer certified audit trails, identity verification, regulated- industry certifications, and legal enforceability. Wapins is for the agreements that live in your group chat. Those other tools are for the agreements that live in court.