Terms of Service & Privacy Policy

1 Terms of Service

Welcome to ManyWhats. By accessing or using our service at https://web.manywhats.app, you agree to be bound by these Terms of Service. If you do not agree, please do not use the service.

1.1 Description of Service

ManyWhats is a web-based tool that allows you to access and manage multiple WhatsApp Web accounts within a single browser session. The service acts as a proxy layer to WhatsApp Web and does not independently store or process your WhatsApp messages.

1.2 Eligibility

You must be at least 13 years of age to use ManyWhats. By signing in, you represent that you meet this requirement.

1.3 Acceptable Use

You agree not to:

Use the service for any unlawful purpose or in violation of WhatsApp's own Terms of Service.
Attempt to bypass, hack, or reverse-engineer any security mechanisms of the service.
Use automated tools, bots, or scripts to abuse the service.
Share your session credentials or grant unauthorized access to your account.
Attempt to access another user's WhatsApp accounts.

1.4 Disclaimer

ManyWhats is an independent service and is not affiliated with, endorsed by, or officially associated with WhatsApp Inc. or Meta Platforms, Inc. "WhatsApp" is a trademark of WhatsApp LLC.

1.5 Limitation of Liability

The service is provided "as is" without warranties of any kind. We are not liable for any damages arising from use of the service, including but not limited to loss of data, interruption of service, or account suspension by WhatsApp.

1.6 Account Termination

We reserve the right to suspend or terminate your access to ManyWhats at any time, for any reason, including violation of these terms, without prior notice.

2 What Data We Collect

We collect the minimum amount of data necessary to provide the service. Below is a complete description of everything we collect:

Data	Source	Purpose	Stored?
Google Account ID	Google OAuth	Unique user identifier	Yes
Email address	Google OAuth	Account identification	Yes
Display name	Google OAuth	Shown in the app UI	Yes
Profile picture URL	Google OAuth	Shown in the app UI	Yes
WhatsApp phone numbers	You (manual entry)	Identify WhatsApp accounts	Yes
Account display names	You (manual entry)	Label accounts in the UI	Yes
Session tokens	Generated on sign-in	Keep you signed in	Yes (hashed)
WhatsApp messages / chats	—	Not collected	Never
IP address / device info	—	Not logged	Never

🔒 ManyWhats does not read, store, or process the content of your WhatsApp messages. All WhatsApp communication happens directly through the proxied connection to WhatsApp Web's servers.

3 How We Use Your Data

Authentication

Your Google account details are used solely to create and maintain your ManyWhats account and session.

Account Management

Phone numbers and display names you enter are stored to associate your WhatsApp accounts with your profile and render the tab interface.

Security

Session tokens are used to validate that only you can access your WhatsApp proxy sessions. The wildcard proxy verifies your token before serving any content.

No Marketing or Advertising

We do not use your data for advertising, analytics tracking, or share it with third parties for marketing purposes.

4 Google Sign-In

ManyWhats uses Google OAuth 2.0 as its sole authentication method. When you click "Continue with Google", you are redirected to Google's own sign-in page. We receive the following scopes from Google:

openid — Confirms your identity
email — Your Google email address
profile — Your name and profile picture URL

We do not request or have access to:

Your Google Drive, Gmail, Google Calendar, or any other Google service data
Your Google Contacts
The ability to send emails or act on your behalf in any Google service

Google's use of information received from ManyWhats is governed by the Google Privacy Policy.

You can revoke ManyWhats's access to your Google account at any time via Google Account Permissions.

5 Cookies & Sessions

We use a single first-party cookie named mw_session to maintain your authenticated session.

Cookie	Type	Duration	Purpose
`mw_session`	HttpOnly, Secure, SameSite=None	30 days	Maintains your authenticated session across subdomains

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

The SameSite=None flag is necessary because the WhatsApp proxy runs on *.web.manywhats.app subdomains and needs to verify your session across origins.

6 Data Retention

Your data is retained as follows:

Account data (email, name, picture): Retained while your account is active.
WhatsApp account records: Retained until you manually delete them via the app, or your account is deleted.
Session tokens: Expired sessions are automatically purged. Active sessions last 30 days.

You may request complete deletion of your data by contacting us at info@manywhats.app. We will process deletion requests within 30 days.

7 Third-Party Services

The following third-party services are used by ManyWhats:

Google Identity Platform

Used for authentication via Google OAuth 2.0. Governed by Google's Privacy Policy.

WhatsApp Web (Meta Platforms)

The service proxies web.whatsapp.com on your behalf. Your WhatsApp session, messages, and all related data remain governed by WhatsApp's Privacy Policy.

Google Fonts

We use the Inter font family loaded from Google Fonts. Google may log request metadata. See Google's Privacy Policy.

8 Security

We take reasonable measures to protect your data:

All connections are encrypted via HTTPS/TLS.
Session tokens are generated using a cryptographically secure random function and stored as hashed values.
Session cookies are flagged HttpOnly (inaccessible to JavaScript) and Secure (HTTPS only).
The wildcard proxy validates session ownership before serving any content — a user cannot access another user's WhatsApp session.
Direct browser access to *.web.manywhats.app subdomains is blocked; they are only accessible within the application's iframe.

No system is 100% secure. We cannot guarantee absolute security. If you discover a security vulnerability, please contact us responsibly at info@manywhats.app.

9 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you.
Correction: Request that we correct inaccurate data.
Deletion: Request that we delete your account and associated data.
Portability: Request your data in a machine-readable format.
Objection: Object to certain types of processing.
Revocation: Revoke Google OAuth access at any time via Google Account Permissions.

To exercise any of these rights, contact us at info@manywhats.app. We will respond within 30 days.

10 Changes to This Policy

We may update these Terms and Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users within the application.

Continued use of ManyWhats following any changes constitutes your acceptance of the updated policy.

11 Contact Us

If you have any questions about these Terms or our Privacy Policy, please reach out:

ManyWhats — MIK Services

Email: info@manywhats.app
Website: https://web.manywhats.app

Terms of Service &Privacy Policy