Legal

Acceptable Use Policy

Last updated 2026-05-06 — questions and appeals to hello@promptforge.uk.

The short version

Use PromptForge for real software projects — your own apps, freelance work, learning, security research on systems you're authorised to test.
Don't use it to build things that hurt people: malware, account-takeover kits, stalkerware, anything illegal. Full list in §1.2.
Security tooling is a grey area — I ask you to confirm you're authorised before generating. See §1.3.
Hit a block you think was wrong? Email me at hello@promptforge.uk with the project description and I'll review (§1.6).

The rest is the binding detail. I'm Abdalla, the one person running PromptForge — these rules exist so the product stays useful instead of becoming someone else's attack toolkit.

§1.1What PromptForge is for

PromptForge generates production-ready AI development prompts, step-by-step build plans, and architecture overviews for legitimate software projects. Examples of fully-supported use:

A personal project, side project, or learning exercise.
A startup MVP or commercial product.
Freelance work for a paying client (where you have authorisation to scope and deliver the project).
University coursework.
Internal tooling at your own employer.
Open-source contributions.
Security research, penetration testing, or CTF practice on systems you own or have explicit written authorisation to test.

§1.2What PromptForge is NOT for — prohibited categories

PromptForge will refuse to generate (and may suspend or terminate accounts that repeatedly attempt to generate) content that materially advances:

§1.2.aMalicious software

Tooling whose primary purpose is to compromise systems you do not own or have authorisation to test. Including, but not limited to:

Ransomware, wipers, and extortion-class payloads.
Keyloggers, screen-grabbers, and other surveillance malware.
Remote access trojans, botnet clients, and command- and-control infrastructure.
Cryptojackers, hidden crypto miners, or other unauthorised resource-consumption tooling.
Malware specifically designed to evade detection by antivirus, EDR, or SOC tooling.
Fileless malware techniques without an authorised research context.

§1.2.bAccount and credential theft

Phishing kits, fake login pages designed to harvest credentials, or impersonation infrastructure.
Credential-stuffing tooling, password crackers aimed at live services you do not own.
Multi-factor authentication bypass tools.
Session-token / cookie stealers.
Account-takeover toolkits.

§1.2.cTargeted harm against individuals

Stalkerware and any application designed to monitor a person without their knowledge or consent.
Doxing tools, mass-PII scrapers aimed at named individuals, or tooling that automates harassment.
Deepfake generation aimed at named individuals (especially non-consensual intimate imagery — see §1.2.d).
Tools designed to spy on a partner, ex-partner, or other specific person without their consent.

§1.2.dRegulated and illegal categories

Child sexual abuse material (CSAM) — generation, hosting, detection-bypass, distribution, or any related tooling.
Marketplaces for illegal arms, drugs, stolen data, or other contraband.
Tools to facilitate violations of UK / EU sanctions or anti-money-laundering law.

§1.3Dual-use categories

Some categories sit between §1.1 and §1.2 — security research, pentesting, network scanning, packet capture, CTF tooling. These have legitimate uses on systems you own or are authorised to test, and unauthorised uses against third-party systems.

When PromptForge's content classifier (Layer 2) detects a dual-use signal, it does not refuse— instead, it surfaces a one-time confirmation asking you to attest the project is for:

Your own systems, or
An engagement you are explicitly authorised to perform, or
An educational CTF / training exercise.

By clicking through the confirmation, you attest this is true. False attestations are a material breach of these Terms and may result in account termination and (in serious cases) referral to relevant authorities.

§1.4How we review submissions

PromptForge runs a multi-stage review on every submission. We look for prohibited content at the input stage and at the generated-output stage. Our review defaults to allow when intent is ambiguous — the bar for refusal is explicit malicious framing, not unusual subject matter.

We don't publish the specifics of the review pipeline because doing so just teaches the bypass. If you've been blocked and believe it's a false positive, see §1.6.

§1.5What happens when a violation is detected

Block: the request is refused with a neutral message pointing at this AUP. You can edit your description and re-try. No account-level action for a single block.
Warn (dual-use): the wizard surfaces a one-time confirmation. You attest legitimate use to proceed.
Repeated blocks on different framings of the same prohibited project: account flagged for review. Continued attempts may result in temporary or permanent suspension.
Egregious violations (CSAM, targeted harassment of a named individual, similar): account terminated immediately. Where appropriate, referrals to the National Crime Agency, IWF, or other relevant authorities.

§1.6Appeals and false positives

The classifier defaults to allow when in doubt, but false positives happen — security researchers in particular sometimes hit the dual-use warn flow. If you believe the system blocked your project incorrectly:

Contact: hello@promptforge.uk with the project description and (if comfortable) context about your authorisation.
Response time: within 5 working days.
Outcome:if it was a false positive, we refine the rule and invite you back. We don't share specifics of why a particular submission flagged — that would teach the bypass.

§1.7Provenance and provider terms

Use of PromptForge is also subject to the terms of the AI providers we route to (currently Anthropic's Acceptable Use Policy applies to every Claude call we make on your behalf). Generating content that violates Anthropic's AUP is also a violation of this AUP.