Frequently Asked Questions

What is ProtoWall?

ProtoWall is a review platform for confidential prototypes. You invite reviewers by email, they authenticate, and you see exactly what they engaged with — top routes, time on page, session-by-session event log, signed-identity feedback. Your prototype stays on your own infrastructure, no code changes needed.

An NDA gate is available for projects that need legal acceptance — off by default, one click to turn on.

Do I need to modify my prototype?

No. ProtoWall is a reverse proxy — it forwards authenticated traffic to your app. Optionally, you can verify requests using the origin secret header to ensure they come through ProtoWall.

Will ProtoWall add latency to my app?

ProtoWall adds one network hop between the user and your app. For most requests this adds only a few milliseconds. For slow endpoints — file uploads, heavy processing, AI calls — make sure your server timeout is set higher than the default. For example, use --timeout 120 with Gunicorn. ProtoWall's proxy enforces a 90-second upstream timeout.

How do reviewers access my prototype?

You invite them by email. They click the link in the invite email, accept the NDA if your project has the gate enabled, and access the prototype through the proxy. One click from the email straight in, no separate login needed. The entire flow takes under a minute.

Can I manage ProtoWall from the terminal?

Yes. Install the protowall CLI with pip install protowall. It covers projects, invites, audit logs, and secret rotation — all output is JSON, pipe-friendly. The same package includes an MCP server for coding agents like Claude Code and Cursor. See the CLI & MCP Server docs.

Can I revoke someone's access?

Yes, instantly. Click "Revoke" on the project page and their sessions are terminated immediately. They will not be able to access the prototype until re-invited.

Can access expire automatically?

Yes, on Pro. Set a TTL on each invite (24h / 7d / 30d / never) when sending it, or change it later from the reviewer detail page. A daily cron flips expired invites to revoked, kills active sessions, and records a distinct ACCESS_EXPIRED audit event so the legal trail shows the reason access ended (vs. a manual revoke). The same controls are exposed on the API (expires_in / expires_at) and the CLI.

Can I see what reviewers actually looked at?

Yes, on Pro. The reviewer detail page shows per-reviewer top routes, time on page, daily activity, first and last seen, and a session-by-session event log (sessions are clusters of requests with at least a 30-minute idle gap between them). Each session has a downloadable events CSV. Project-wide rollups live on the Engagement page.

You can also generate optional session stories — one-paragraph narrated walkthroughs of what the reviewer did. The cap is 50 per month and is shared across the dashboard, CLI, and MCP server.

How does the reviewer feedback widget work?

On Pro, ProtoWall can inject a small feedback widget directly into the proxied prototype. Reviewers leave signed-identity comments from inside the prototype — every comment is bound to an invite, so there are no anonymous comments. Three modes per project:

• Auto-inject (default): the proxy adds the widget to your prototype's HTML automatically
• Manual: paste a one-line <script> tag yourself (useful if your prototype has a strict CSP)
• Off: reviewers won't see a feedback option

Comments appear on the reviewer detail page paired with engagement, and on a project-wide "Recent feedback" card.

How do I share a new version of the prototype?

Click Promote new version on the project page and enter the new prototype URL. Existing reviewers stay on the same project — their next visit hits the new URL. Engagement and feedback get bucketed per version automatically, so v1 and v2 stats sit side-by-side. No re-inviting anyone.

Can I share multiple preview URLs at once for the same project?

Yes, on Pro. The Versions feature is sequential (one current URL at a time). Previews are parallel: spin up as many as you need — one per PR, branch, or experiment — each at {project-slug}-{suffix}.proxy.protowall.app with its own prototype URL. Reviewers' invites are project-level, so a single accepted invite covers every open preview automatically. Engagement and feedback bucket per preview. Closed previews stop resolving but their history stays in the audit log.

Can people who weren't invited request access?

Yes. When someone lands on a project URL they haven't been invited to, they see a Request access button on the no-access page. Clicking it sends you an email and adds the request to a "Pending requests" card on your project page. Approving creates a real invite (and sends them the standard invite email). Declining is silent — they aren't told whether the project even exists. Available on every plan; the Free tier's 5-invite-per-project cap surfaces an upgrade prompt at the moment of approval if you hit it.

How is authentication handled?

ProtoWall uses magic-link authentication — no passwords. Users receive a one-time login link via email that expires after 15 minutes. This eliminates credential stuffing, password reuse, and password management overhead.

How does the optional NDA gate work?

The NDA gate is off by default. Turn it on per project to require reviewers to accept a versioned document before accessing the prototype. When you publish a new version, existing reviewers must re-accept before regaining access; old versions are preserved in version history.

Each consent records the signer's name (e-signature), the exact document text with SHA-256 content hash, IP address, user agent, and timestamp — strong evidence of acceptance. Pro adds custom NDA text and full version history. Consult your legal counsel for jurisdiction-specific requirements.

Can I export the audit trail?

Yes. Every project has an "Export CSV" button that downloads the full audit trail with timestamps, event types (including ACCESS_EXPIRED for auto-revoked invites), IPs, signature names, NDA versions, and content hashes. On the Pro plan, you can also download a per-reviewer PDF evidence package that bundles consent records, the full NDA text, and forensic details into a single document, plus a per-session events CSV for any individual session cluster.

What data do you store?

Email addresses, NDA consent records (signature, IP, user agent, document hash), session data, and audit events. Payment data is handled by Stripe — we only store a customer ID. See our Privacy Policy for details.

Is the free plan really free?

Yes — 1 project, 5 invites, no credit card required. You can use the default NDA template and the full authentication + proxy flow at no cost.

What do I get with Pro?

5 projects, 25 invites per project, custom NDA text, full NDA version history, 90-day audit log, and PDF evidence export. Plus the analytics + workflow stack: reviewer engagement analytics, session stories (50/month), the reviewer feedback widget, project versions (engagement per version), and expiring access (TTL on invites). All of it is also exposed via the CLI and MCP server. See the Pricing page for the full list.

What's included in Free vs Pro?

Full feature matrix:

Can I cancel anytime?

Yes. Cancel from the billing portal and your subscription continues until the end of the billing period. After that, you're downgraded to the Free plan — your projects and data are preserved, but limits are enforced.

Do you offer annual billing?

Not yet — annual billing is on our roadmap. For now, all plans are billed monthly. Contact us if you'd like to be notified when it's available.