diff --git a/src/channels/whatsapp.ts b/src/channels/whatsapp.ts
index 96cea30..87a633a 100644
--- a/src/channels/whatsapp.ts
+++ b/src/channels/whatsapp.ts
@@ -266,6 +266,12 @@ Ask the bot owner to approve with:
         
         // Check access control (for DMs only, groups are open, self-chat always allowed)
         if (!isGroup && !isSelfChat) {
+          // CRITICAL: If selfChatMode is enabled, ONLY respond to self-chat messages
+          // Silently ignore all non-self messages to prevent bot from messaging other people
+          if (this.config.selfChatMode) {
+            continue;
+          }
+          
           const access = await this.checkAccess(userId, pushName);
           
           if (access === 'blocked') {
diff --git a/src/config/io.ts b/src/config/io.ts
index a2cf916..9c357f5 100644
--- a/src/config/io.ts
+++ b/src/config/io.ts
@@ -123,8 +123,9 @@ export function configToEnv(config: LettaBotConfig): Record<string, string> {
   }
   if (config.channels.whatsapp?.enabled) {
     env.WHATSAPP_ENABLED = 'true';
-    // WhatsApp selfChat defaults to true, so only set env if explicitly false
-    if (config.channels.whatsapp.selfChat === false) {
+    if (config.channels.whatsapp.selfChat) {
+      env.WHATSAPP_SELF_CHAT_MODE = 'true';
+    } else {
       env.WHATSAPP_SELF_CHAT_MODE = 'false';
     }
   }
diff --git a/src/main.ts b/src/main.ts
index 288979b..fb20920 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -161,7 +161,7 @@ const config = {
     sessionPath: process.env.WHATSAPP_SESSION_PATH || './data/whatsapp-session',
     dmPolicy: (process.env.WHATSAPP_DM_POLICY || 'pairing') as 'pairing' | 'allowlist' | 'open',
     allowedUsers: process.env.WHATSAPP_ALLOWED_USERS?.split(',').filter(Boolean) || [],
-    selfChatMode: process.env.WHATSAPP_SELF_CHAT_MODE !== 'false', // Default true
+    selfChatMode: process.env.WHATSAPP_SELF_CHAT_MODE !== 'false', // Default true (safe - only self-chat)
   },
   signal: {
     enabled: !!process.env.SIGNAL_PHONE_NUMBER,