Announcing ANFA: The Free, Self-Hosted, Open-Source WhatsApp CRM
Taking Back Your Customer Data: Announcing the 10-Day Launch of ANFA The Completely Free, Self-Hosted WhatsApp CRM
Every day, thousands of businesses make a dangerous compromise. They hand over their most intimate customer conversations, transaction histories, and contact lists to third-party SaaS giants. In an era where data leaks are common and privacy regulations are tightening globally, relying on external servers to route your customer communication is an unnecessary risk.
To make matters worse, these platforms charge high monthly subscriptions and add hefty per-message markups on top of Meta’s standard rate cards.
At ANFA Technology, we believe there is a better way. We believe in Data Sovereignty. Your infrastructure, your credentials, your rules.
Today, we are thrilled to announce that in exactly 10 days, we are releasing ANFA WhatsApp Platform
a 100% open-source, local-first, and completely free WhatsApp CRM & API Management Platform designed to run entirely on your own servers.
What is ANFA?
ANFA is a production-grade, self-hosted alternative to commercial platforms like Wati, Twilio, and ManyChat. Instead of routing your messages through a middleman's cloud, ANFA deploys as a lightweight, secure stack directly on your own infrastructure. By inputting your own Meta Cloud API credentials, you communicate directly with Meta's official gateways.
No central servers. No third-party data tracking. Zero platform markups.
Why ANFA is Built Differently: The Technical Advantage
Many open-source tools compromise on performance or security to achieve a "free" model. We didn't. We built ANFA using a modern, high-performance Python backend and a secure, isolated container architecture.
1. Hardened, Privacy-First Ingress Security
Standard webhook receivers are highly vulnerable to spoofing attacks, allowing bad actors to forge incoming messages or tamper with delivery logs. ANFA secures your gateway by enforcing strict HMAC-SHA256 signature verification on the raw incoming request bytes. Using a constant-time comparison algorithm (hmac.compare_digest), we eliminate timing side-channel attacks entirely.
Furthermore, we resolved a critical security flaw found in many self-hosted setups: zero host-level socket exposure. Webhook verification tokens are looked up dynamically from an encrypted Redis cache, meaning you never have to expose your server’s Docker daemon to dynamically reload configurations.
2. High-Throughput Queueing & Dynamic Rate Limiting
Meta’s Cloud API supports throughput speeds up to 80 messages per second (MPS) for standard setups. Synchronous servers easily crash under this load.
ANFA leverages arq (a Redis-backed asynchronous task queue in Python) to handle massive broadcast campaigns smoothly. When Meta responds with an HTTP 429 Too Many Requests status, our workers extract the Retry-After header and dynamically pause queue processing in Redis. This prevents memory leaks and worker crashes, keeping your system stable.
3. Scalable Database Partitioning (pg_partman)
Storing millions of chat messages in a single relational table inevitably slows down queries and index updates. ANFA utilizes PostgreSQL 16 native declarative range-partitioning managed by the pg_partman extension.
Messages are cleanly partitioned month-by-month.
Old partitions are automatically detached or archived based on your data retention policies.
Your active chat dashboard queries execute with sub-second latency, scanning only the relevant monthly partition.
4. True Real-Time Updates via Server-Sent Events (SSE)
We rejected WebSockets for our dashboard. Why? Because WebSockets require complex connection handshakes, crash behind strict corporate firewalls, and place heavy CPU loads on servers for unidirectional updates.
ANFA implements Server-Sent Events (SSE) over standard HTTP/2. Real-time chat events are streamed directly to your Next.js dashboard as a continuous, lightweight chunked stream. We have configured our Nginx reverse proxy to disable response buffering globally, ensuring that you see new customer messages instantly without delay.
Completely Free. Completely Secure. Launching in 10 Days.
We believe that high-quality, secure communication tools shouldn't be locked behind expensive paywalls. Customer engagement is a fundamental necessity for business growth, and privacy is a fundamental human right.
In 10 days, the entire repository will be made public on GitHub under the permissive MIT license.
What is included in the launch:
The Complete FastAPI Backend & arq Workers: Pre-configured for Postgres schema migrations and Redis cache coordination.
The Next.js 14 Shared Inbox Dashboard: A gorgeous, multi-agent live chat interface.
The Production-Ready Docker Compose Manifest: A single command (
docker compose up -d) boots your entire private ecosystem.Encrypted Onboarding Setup Wizard: Step-by-step guidance to link your permanent Meta System User tokens securely.
Join the Sovereign Communication Movement
The countdown has officially begun. Over the next 10 days, we will be sharing deep-dives into our encryption models, database performance metrics, and guides on how you can host ANFA for under $10/month on your own cloud servers.
Let’s end the era of middleman markups, data leaks, and platform lock-in.
👉 Star our repository on GitHub and sign up on our website to receive the 1-click installation script the second we go live!
ANFA Technology: Complete Data Sovereignty. Your Infrastructure. Your Rules.
Mohsin Raza
Co-Founder & Global Strategy Lead, ANFA Technology | International Relations Scholar, Eötvös Loránd University (ELTE), Budapest, Hungary
Mohsin Raza is an International Relations scholar at Eötvös Loránd University (ELTE) in Budapest, Hungary one of Europe's oldest, largest, and most prestigious public research universities. At ANFA, Mohsin leads global strategy, localization, and compliance. Leveraging his background in international systems and European digital policy, Mohsin ensures that ANFA's local-first architecture aligns with global data privacy frameworks (such as EU GDPR regulations). His work bridges the gap between complex software architecture and international scalability, guiding ANFA's mission to make data sovereignty accessible to organizations across different continents and regulatory environments.
