No accounts, no personal data
There's no sign-up. We never ask for an email, phone number, or password, and we don't create a profile for you. To use zwip you pick a display name for a single room — that's it.
Ephemeral rooms that self-destruct
A room exists only while it's in use. After 60 minutes of inactivity it is destroyed automatically — and when it goes, its messages and every uploaded file are permanently deleted from the server, not just hidden.
There is no archive, no search history, and no "seen" trail left behind.
Private & hard to guess
Rooms aren't listed or discoverable anywhere — the only way in is the code. Codes are generated with a cryptographically secure random source, so they can't be predicted or enumerated.
Automation tokens (webhooks) are stored only as a one-way SHA-256 hash and shown to you once, like an API key.
Encrypted in transit
All traffic is served over HTTPS, and live messaging runs over secure WebSockets (wss://). Data between your browser and zwip is encrypted end to end of the network path.
Encrypted at rest
Your messages, sender names, room names and uploaded files are encrypted before they're written to disk (AES-256-GCM). Nothing is stored in plaintext, so a leaked database or stolen backup is unreadable ciphertext without the key.
This is not the same as end-to-end encryption — see the honest note below.
No ads, no tracking, no selling data
zwip doesn't run advertising, doesn't build behavioural profiles, and doesn't sell or share your data. Because we don't collect accounts or history, there's simply very little to monetise — and that's the point.
Where zwip is hosted
Hosted in Finland 🇫🇮
zwip runs on servers in Finland, a member state of the European Union. That means it operates under the EU's General Data Protection Regulation (GDPR) — one of the world's strictest privacy frameworks — as implemented nationally by Finland's Data Protection Act (Tietosuojalaki, 1050/2018), overseen by the Finnish Office of the Data Protection Ombudsman.
Finland also has a long tradition of strong privacy protection and press freedom, and consistently ranks among the world's leaders on digital rights.
Being honest about the limits
Privacy claims are only worth anything if they're honest, so:
Want to be fully in control? zwip is self-hostable — run your own instance and the data never leaves your hardware. See the API docs.