Skip to content
PromptForge

Terms

_Last updated 2026-05-18. Questions? Email hello@promptforge.uk, that's me._

The short version

  • PromptForge is free. No card, no paid tier.
  • Don't use it to build things that hurt people (full list in §1).
  • The output is a starting point, a software plan, not a guarantee.
  • What you build is yours. Your projects stay private unless you actively share them.
  • Leave any time. One click in Settings → Delete account wipes your data within 24 hours.

I'm Abdalla, a UK sole trader running PromptForge on my own. The legal sections below are real (liability, governing law, disputes) but I've written them as one person to another, not as a wall of legalese.

Section 1, Acceptable Use Policy (AUP)

This section is binding. It's what the in-product content-policy block message points at if you ever hit it. The point is to make the line between legitimate use and abuse explicit, so if you hit the block and think it's wrong, you know what to read and where to appeal (§1.6).

1.1 What PromptForge is for

PromptForge generates production-ready AI development prompts, step-by-step build plans for legitimate software projects. Examples of fully-supported use:

  • A personal project, side project, or learning exercise.
  • A startup MVP or commercial product.
  • Freelance work for a paying client (where the user has

authorisation to scope and deliver the project).

  • University coursework.
  • Internal tooling at the user's own employer.
  • Open-source contributions.
  • Security research, penetration testing, or CTF practice on

systems the user owns or has explicit written authorisation to test.

1.2 What PromptForge is NOT for, prohibited categories

PromptForge will refuse to generate (and may suspend or terminate accounts that repeatedly attempt to generate) content that materially advances:

1.2.a, Malicious software

Tooling whose primary purpose is to compromise systems the user does not own or have authorisation to test. Including, but not limited to:

  • Ransomware, wipers, and extortion-class payloads.
  • Keyloggers, screen-grabbers, and other surveillance malware.
  • Remote access trojans, botnet clients, and command-and-control

infrastructure.

  • Cryptojackers, hidden crypto miners, or other unauthorised

resource-consumption tooling.

  • Malware specifically designed to evade detection by antivirus,

EDR, or SOC tooling.

  • Fileless malware techniques without an authorised research

context.

1.2.b, Account and credential theft

  • Phishing kits, fake login pages designed to harvest

credentials, or impersonation infrastructure.

  • Credential-stuffing tooling, password crackers aimed at live

services the user does not own.

  • Multi-factor authentication bypass tools.
  • Session-token / cookie stealers.
  • Account-takeover toolkits.

1.2.c, Targeted harm against individuals

  • Stalkerware and any application designed to monitor a person

without their knowledge or consent.

  • Doxing tools, mass-PII scrapers aimed at named individuals,

or tooling that automates harassment.

  • Deepfake generation aimed at named individuals (especially

non-consensual intimate imagery, of which see §1.2.d).

  • Tools designed to spy on a partner, ex-partner, or other

specific person without their consent.

1.2.d, Regulated and illegal categories

  • Child sexual abuse material (CSAM), generation, hosting,

detection-bypass, distribution, or any related tooling.

  • Marketplaces for illegal arms, drugs, stolen data, or other

contraband.

  • Tools to facilitate violations of UK / EU sanctions or

anti-money-laundering law.

1.3 Dual-use categories

Some categories sit between §1.1 and §1.2, security research, pentesting, network scanning, packet capture, CTF tooling. These have legitimate uses on systems the user owns or is authorised to test, and unauthorised uses against third-party systems.

When PromptForge's intent classifier detects a dual-use signal, it does not refuse, instead, it surfaces a one-time confirmation asking the user to attest the project is for:

  • Their own systems, or
  • An engagement they are explicitly authorised to perform, or
  • An educational CTF / training exercise.

By clicking through the confirmation, the user attests this is true. False attestations are a material breach of these Terms and may result in account termination and (in serious cases) referral to relevant authorities.

1.4 How we detect violations

The abuse-prevention system has three passes. Users have a right to know which is which:

  1. Keyword pre-filter (pure-Python, runs first). Hard-rejects

inputs containing tokens listed in §1.2 above. Never names the matched token in the user-facing message (so the policy can't be probed for bypass).

  1. Intent classifier (a small AI model with deterministic

settings, runs second). Reads the project description and returns allow / warn / block. Default-allow when in doubt, the classifier deliberately leans toward letting users proceed unless a malicious framing is explicit.

  1. Sanity-check pass (post-generation safety review).

Reviews the generated plan for sections that veered into prohibited territory the upstream passes missed. (This pass ships post-launch.)

1.5 What happens when a violation is detected

  • Block: the request is refused with a neutral message

pointing at this AUP. The user can edit their description and re-try. No account-level action for a single block.

  • Warn (dual-use): the wizard surfaces a one-time

confirmation. The user attests legitimate use to proceed.

  • Repeated blocks on different framings of the same

prohibited project: account flagged for review. Continued attempts may result in temporary or permanent suspension.

  • Egregious violations (CSAM, targeted harassment of a

named individual, similar): account terminated immediately. Where appropriate, referrals to the National Crime Agency, IWF, or other relevant authorities.

1.6 Appeals and false positives

The classifier defaults to allow when in doubt, but false positives happen, security researchers in particular sometimes hit the dual-use warn flow. If you believe the system blocked your project incorrectly:

  • Contact: hello@promptforge.uk with the project description

and (if comfortable) context about your authorisation.

  • Response time: within 5 working days.
  • Outcome: if the block was a false positive, the rule is

refined and you're invited back. We don't share which keyword / pattern fired (that would teach the bypass) but we do confirm whether the block was the keyword pre-filter, the intent classifier, or the sanity-check pass.

1.7 Provenance and provider terms

Use of PromptForge is also subject to the terms of the AI providers we route to (currently Anthropic's Acceptable Use Policy applies to every Claude call we make on your behalf). Generating content that violates Anthropic's AUP is also a violation of this AUP.

Section 2, Your account

Sign in is via Google or GitHub, please use a real account you control. PromptForge isn't aimed at under-16s, so I don't knowingly collect their data; if you think a child has signed up, email me and I'll delete the account.

I aim for high availability but don't guarantee it. The site is free, run by one person; outages happen.

I'd only suspend or close your account if you break the Acceptable Use Policy or keep repeating the same prohibited request after a clear refusal, a one-off block on an ambiguous description is the system being cautious, not a strike. You can close your own account any time from Settings → Delete account; that wipes your data within 24 hours.

Section 3, Free, with limits

PromptForge is free. There's no paid tier and no card to enter. The fair-use limits are:

  • 2 generations a month per account.
  • 1 extra generation a month if you share PromptForge (optional).
  • 30-day retention on saved outputs.
  • Email me at hello@promptforge.uk if you hit the cap and

still want to try it, I can send a top-up link.

If the project ever moves to a paid model, this section gets a proper rewrite and 14 days' notice goes out by email first.

Section 4, Your work and mine

You own what you put in and get out, your description, your answers, the generated plans, and anything you build from them. You give me a temporary licence to host and process that content so I can deliver the service to you. Nothing more.

I own PromptForge itself, the wizard, the recommendation engine, the YAML catalogues, and the output templates. You're welcome to use everything PromptForge generates for any purpose, personal or commercial. Please don't scrape the recommendations to build a competing service, reverse-engineer the engine, or resell access to the wizard itself.

Generation happens through Anthropic's Claude. Their commercial terms say inputs aren't used to train models. AI output is a starting point, not a guarantee, see liability below.

4.4 Sharing is opt-in

Your projects are private by default. If you click Share on a specific output, I mint a random unguessable URL, anyone with that exact URL can read that one output and nothing else. Don't click Share if you'd rather keep the idea to yourself. You can revoke a share link any time from your library.

Section 5, Privacy

The Privacy policy covers everything I hold on you and why. Short version: I'm the controller, the processors are listed there, you can export or delete everything from Settings, and I don't sell your data.

Section 6, Limits on what I'm responsible for

PromptForge is "as is", I run it on my own and can't promise it'll always be up or always produce perfect output. AI tools can get things wrong even with the structural checks in place, so treat the generated plan as a thoughtful starting point and review it before you act on it, especially anything about security or compliance.

Under UK law, my total liability for anything that goes wrong is capped at the greater of £100 or what you paid me in the past 12 months. That cap doesn't apply to death or personal injury caused by negligence, fraud, or anything else UK law won't let me exclude, the Consumer Rights Act 2015 still applies.

Section 7, UK law

These terms are governed by the laws of England and Wales, and the courts of England and Wales handle any disputes. Your consumer rights still apply on top of that.

If something's wrong, please email hello@promptforge.uk first and give me 30 days to sort it out before any formal step.

Section 8, Changes to these terms

We may revise these terms. For material changes (anything affecting your rights, fees, or data handling) we'll give you at least 14 days' notice by email and an in-app banner before the change takes effect.

If you keep using PromptForge after a change takes effect, that counts as acceptance. If you'd rather not, close your account before the change date.

Small edits (typos, clarifications) update in place with the date at the top of this page.