Add an NDA Wall to Any Web App in 5 Minutes

You have a web app running somewhere. Render, Vercel, Railway, your own server. You want specific people to see it, but only after they agree to keep it confidential.

Here's how to set that up without touching your app's code.

Create an account

Go to protowall.app and enter your email. You'll get a magic link, no password needed. Click it, accept the platform Terms of Service, and you're in.

Create a project

Click New Project. You need three things:

A name for the project. This is what reviewers will see.

The destination URL where your prototype is running. Something like https://my-app.onrender.com.

The NDA text. There's a default template that covers confidentiality, no-recording, and duration terms. On the Pro plan you can customize it. For most cases the default works fine.

Hit Create. ProtoWall generates a proxy URL and an origin secret for your project.

Lock down direct access (optional)

Your prototype is still accessible at its original URL. If you want to make sure all traffic goes through ProtoWall, add a quick middleware that checks for the origin secret header.

In Express:

const PROTOWALL_SECRET = process.env.PROTOWALL_SECRET;

app.use((req, res, next) => {
  if (req.headers['x-protowall-secret'] !== PROTOWALL_SECRET)
    return res.status(403).send('Forbidden');
  next();
});

In FastAPI:

import os
PROTOWALL_SECRET = os.environ["PROTOWALL_SECRET"]

@app.middleware("http")
async def verify_secret(request, call_next):
    if request.headers.get("x-protowall-secret") != PROTOWALL_SECRET:
        return JSONResponse(status_code=403, content={"error": "Forbidden"})
    return await call_next(request)

Copy the origin secret from your project dashboard and set it as an environment variable on your server. Now direct access returns a 403. The only way in is through ProtoWall.

This step is optional but recommended. Without it, someone who discovers your original URL can bypass the NDA gate.

Send invites

On the project page, type in each reviewer's email and click Send. They get a notification.

What reviewers see

When they click the link in the invite email, they land directly on your NDA. Full-screen page with a signature field. They type their name, check the box, and they're in. The prototype loads through the proxy.

The whole thing takes under a minute from their side. One click from the email, one signature. No account creation, no password, no app to install.

Updating the NDA

If you change the NDA text and publish a new version, every reviewer who already accepted has to re-accept before they can access the prototype again. The old version stays in the history with all its consent records. You don't lose the paper trail.

Revoking access

Click Revoke next to any reviewer on the project page. Their sessions terminate right then, not at the next token refresh. If they try to open the prototype, they're blocked.

What the free plan includes

One project, five invites, the default NDA template, magic-link authentication, and a seven-day audit trail. No credit card.

Pro is $19/month and gets you five projects, 25 invites per project, custom NDA text, full version history, 90-day audit retention, and PDF evidence packages you can hand to legal counsel.

That's it

Five minutes, no code changes, and your prototype is behind an authenticated NDA wall. Reviewers get a clean experience. You get an audit trail and legal protection.