80x: WhatsApp-to-CRM capture for funds
80x is a Mac app that turns WhatsApp Web into a capture surface for your CRM: open a chat, click, and the conversation is pulled in, matched to the right company or person, and kept as a clean transcript in Attio or Affinity. It matters to a fund because a large share of founder communication happens on WhatsApp, where it normally never reaches the CRM at all.
80x is the product these docs sit alongside, and it is the one page in the projects section that is not open source: the app and its backend are a commercial product. This page exists because the same editorial rule applies to it as to everything else here: describe the architecture honestly, including what runs where and what is stored where. The task-level walkthrough is in the WhatsApp to CRM guide; where to find the product is at the end of this page.
What it is, mechanically
Section titled “What it is, mechanically”The app is a native Mac shell around a webview, which is a browser window embedded inside an app. The webview uses Apple’s WKWebView, the same engine that powers Safari, and it loads the real web.whatsapp.com, identifying itself to WhatsApp exactly as desktop Safari would. Around that webview sits a set of native conveniences (keyboard shortcuts, find-in-page, Do Not Disturb, a privacy lock, proper Mac notifications) and a CRM sidebar that talks to the 80x backend.
The load-bearing fact: 80x uses no unofficial WhatsApp API. No whatsapp-web.js, no Baileys, no reverse-engineered protocol access, no WhatsApp Business API (these are the toolkits automated WhatsApp bots are usually built on). Under the hood it is the official web client running in a webview, so to WhatsApp the traffic looks like a person using Safari. Automated, protocol-level access is the behavior that gets phone numbers banned. 80x’s design premise is that ban risk comes from behavior, not from which app you use, so every interaction stays human-shaped:
- Human-initiated. Nothing happens until you click. No background jobs, no scheduled scraping.
- On-screen only. Capture reads only the chat you currently have open, when you ask. It never walks through your chat list or scrolls back through history on its own.
- You always send. Saved snippets place text into the message box; you press enter. The app never sends a message on your behalf.
This is the same boundary-based safety thinking as read-only agents: the safe behavior is enforced by what the code is able to do, not by a policy promise. The honest caveat, stated in the product’s own docs: any third-party app wrapping WhatsApp Web sits in a gray area of WhatsApp’s terms of service. The human-shaped design keeps the risk low, not zero.
How capture works
Section titled “How capture works”- An injected script reads the open chat. A small script runs inside the webview, on demand, and reads the visible conversation from the page’s underlying structure (the DOM). It is a port of the 80x browser extension’s reader, it runs only when you trigger a capture, and it sees only the conversation on screen. Because WhatsApp Web’s page structure is deliberately obscured and changes over time, this layer needs occasional upkeep; that is a known maintenance cost, not a surprise.
- A thin native client sends the capture to the backend. The captured conversation goes to the 80x backend over the same authenticated
/api/ext/*endpoints the browser extension uses, so there is one backend contract with two front-ends. The API token (the code that proves the app is you) is created in the 80x web app and stored in the macOS Keychain, the Mac’s built-in encrypted credential store, never in a plain file. - The backend files it into your CRM. It ingests the conversation, suggests matching CRM records, and, once you link the chat to a record, maintains the transcript as a note in Attio or Affinity. From the sidebar you can link or unlink records, create a contact inline, share individual messages, pull the linked record’s key fields into the app, edit them, and log interactions. Every CRM write is explicit: you click Save or Log.
Privacy is enforced where it cannot be bypassed. Each conversation has a private/shared toggle, and the check happens on the server, so even a bug in the app could not leak a private chat into the shared CRM.
What is stored where
Section titled “What is stored where”| Data | Where it lives |
|---|---|
| Your WhatsApp session | In the local webview on your Mac; 80x never holds your WhatsApp credentials |
| Message content | On your Mac, inside the official web client, until you explicitly sync a chat |
| The 80x API token | macOS Keychain |
| Synced conversations | The 80x backend, which writes them into your CRM (Attio or Affinity) as transcripts/notes, subject to the per-chat privacy gate |
| Chats you never sync | Nowhere but your WhatsApp account; unsynced chats are never transmitted |
Client-side hardening
Section titled “Client-side hardening”The app treats the embedded web page as untrusted, and the patterns are worth describing because they apply to any app that embeds someone else’s website:
- Strict navigation guard. Only
whatsapp.comand its subdomains are allowed to load inside the app. The matching is exact-host or dotted-suffix, never “contains”, because a contains check would accept a hostile lookalike such asevil-whatsapp.com.attacker.io. External links open in your default browser instead, and only for safe link types (http/https/mailto/tel/sms); a hostile page crafting afile:or custom-scheme link gets refused. - Origin-gated capabilities. Camera and microphone (used for calls), the file picker, and pop-up dialogs are each granted only to whatsapp.com pages, as a second layer on top of the navigation guard.
- App Sandbox. Apple’s sandbox, which limits what an app can touch on your Mac, is enabled, with permissions limited to network access, camera, microphone, and files you explicitly pick.
Availability
Section titled “Availability”80x is a commercial product, distributed as a signed and notarized DMG you download directly (a DMG is the standard Mac installer; signed and notarized means Apple has verified the developer and scanned the app). Apple’s Mac App Store rules effectively exclude apps that wrap another company’s web service, so direct download is the channel. It is unofficial and not affiliated with WhatsApp or Meta. Details and access are at 80x.ai, which is the one product link on this page, per this site’s editorial rules.
See also
Section titled “See also”- WhatsApp to CRM guide — the workflow this product implements, including the manual and extension-based variants
- Read-only agents — the capability-boundary safety model the capture design shares
- CRM as database — why clean, attributed transcripts in the CRM matter downstream