Terms

_Last updated 2026-05-14. Questions? Email hello@promptforge.uk — that's me._

The short version

• PromptForge is free. No card, no paid tier.
• Don't use it to build things that hurt people (full list in §1).
• The output is a starting point — a software plan, not a guarantee.
• What you build is yours. Your projects stay private unless you actively share them.
• Leave any time. One click in Settings → Delete account wipes your data within 24 hours.

I'm Abdalla, a UK sole trader running PromptForge on my own. The legal sections below are real (liability, governing law, disputes) but I've written them as one person to another, not as a wall of legalese.

Section 1 — Acceptable Use Policy (AUP)

This section is binding. It's what the in-product content-policy block message points at if you ever hit it. The point is to make the line between legitimate use and abuse explicit, so if you hit the block and think it's wrong, you know what to read and where to appeal (§1.6).

1.1 What PromptForge is for

PromptForge generates production-ready AI development prompts, step-by-step build plans, and architecture overviews for legitimate software projects. Examples of fully-supported use:

• A personal project, side project, or learning exercise.
• A startup MVP or commercial product.
• Freelance work for a paying client (where the user has

authorisation to scope and deliver the project).

• University coursework.
• Internal tooling at the user's own employer.
• Open-source contributions.
• Security research, penetration testing, or CTF practice on

systems the user owns or has explicit written authorisation to test.

1.2 What PromptForge is NOT for — prohibited categories

PromptForge will refuse to generate (and may suspend or terminate accounts that repeatedly attempt to generate) content that materially advances:

1.2.a — Malicious software

Tooling whose primary purpose is to compromise systems the user does not own or have authorisation to test. Including, but not limited to:

• Ransomware, wipers, and extortion-class payloads.
• Keyloggers, screen-grabbers, and other surveillance malware.
• Remote access trojans, botnet clients, and command-and-control

infrastructure.

• Cryptojackers, hidden crypto miners, or other unauthorised

resource-consumption tooling.

• Malware specifically designed to evade detection by antivirus,

EDR, or SOC tooling.

• Fileless malware techniques without an authorised research

context.

1.2.b — Account and credential theft

• Phishing kits, fake login pages designed to harvest

credentials, or impersonation infrastructure.

• Credential-stuffing tooling, password crackers aimed at live

services the user does not own.

• Multi-factor authentication bypass tools.
• Session-token / cookie stealers.
• Account-takeover toolkits.

1.2.c — Targeted harm against individuals

• Stalkerware and any application designed to monitor a person

without their knowledge or consent.

• Doxing tools, mass-PII scrapers aimed at named individuals,

or tooling that automates harassment.

• Deepfake generation aimed at named individuals (especially

non-consensual intimate imagery, of which see §1.2.d).

• Tools designed to spy on a partner, ex-partner, or other

specific person without their consent.

1.2.d — Regulated and illegal categories

• Child sexual abuse material (CSAM) — generation, hosting,

detection-bypass, distribution, or any related tooling.

• Marketplaces for illegal arms, drugs, stolen data, or other

contraband.

• Tools to facilitate violations of UK / EU sanctions or

anti-money-laundering law.

1.3 Dual-use categories

Some categories sit between §1.1 and §1.2 — security research, pentesting, network scanning, packet capture, CTF tooling. These have legitimate uses on systems the user owns or is authorised to test, and unauthorised uses against third-party systems.

When PromptForge's content classifier (Layer 2) detects a dual-use signal, it does not refuse — instead, it surfaces a one-time confirmation asking the user to attest the project is for:

• Their own systems, or
• An engagement they are explicitly authorised to perform, or
• An educational CTF / training exercise.

By clicking through the confirmation, the user attests this is true. False attestations are a material breach of these Terms and may result in account termination and (in serious cases) referral to relevant authorities.

1.4 How we detect violations

The §33.17 abuse-prevention stack has three layers. Users have a right to know which is which:

1. Keyword pre-filter (Layer 1, pure-Python). Hard-rejects

inputs containing tokens listed in §1.2 above. Never names the matched token in the user-facing message (so the policy can't be probed for bypass).

1. Intent classifier (Layer 2, single Claude Haiku call,

T=0). Reads the project description and returns allow / warn / block. Default-allow when in doubt — the classifier deliberately leans toward letting users proceed unless a malicious framing is explicit.

1. Sanity-check pass (Layer 3, post-generation Haiku pass).

Reviews the generated plan for sections that veered into prohibited territory the upstream layers missed. (Layer 3 ships post-launch — see §33.17.)

1.5 What happens when a violation is detected

• Block: the request is refused with a neutral message

pointing at this AUP. The user can edit their description and re-try. No account-level action for a single block.

• Warn (dual-use): the wizard surfaces a one-time

confirmation. The user attests legitimate use to proceed.

• Repeated blocks on different framings of the same

prohibited project: account flagged for review. Continued attempts may result in temporary or permanent suspension.

• Egregious violations (CSAM, targeted harassment of a

named individual, similar): account terminated immediately. Where appropriate, referrals to the National Crime Agency, IWF, or other relevant authorities.

1.6 Appeals and false positives

The classifier defaults to allow when in doubt, but false positives happen — security researchers in particular sometimes hit the dual-use warn flow. If you believe the system blocked your project incorrectly:

• Contact: hello@promptforge.uk with the project description

and (if comfortable) context about your authorisation.

• Response time: within 5 working days.
• Outcome: if the block was a false positive, the rule is

refined and you're invited back. We don't share which keyword / pattern fired (that would teach the bypass) but we do confirm whether the block was Layer 1 / Layer 2 / sanity check.

1.7 Provenance and provider terms

Use of PromptForge is also subject to the terms of the AI providers we route to (currently Anthropic's Acceptable Use Policy applies to every Claude call we make on your behalf). Generating content that violates Anthropic's AUP is also a violation of this AUP.

Section 2 — Account and service terms

2.1 Eligibility

You must be at least 18 years old to register a billable account or enter into these terms. Under-18 use is permitted only with a parent or guardian's consent and is restricted to the Free tier. PromptForge is not directed at children under 16; per PRIVACY.md §9 we don't knowingly collect their data.

2.2 Accurate information

You agree to provide accurate, current information when registering (via Google or GitHub OAuth) and to keep it up to date. You're responsible for safeguarding access to the third-party account you use to sign in.

2.3 Service availability

We aim for high availability but don't guarantee uninterrupted service. Planned maintenance and outages happen. For the Free tier we make no service-level commitment; for paid tiers we use commercially reasonable efforts to maintain availability.

2.4 If I suspend or close your account

I'd only do this if you:

• Break the Acceptable Use Policy (§1).
• Keep triggering the abuse-prevention checks after a clear refusal —

not from getting an occasional block on an ambiguous description (that's the system being cautious, not strict).

• Use the service in a way that creates real legal risk for me.

You can close your own account any time via the Delete account button in Settings — that wipes your data within 24 hours per the Privacy policy.

Section 3 — Pricing

PromptForge is free. There's no paid tier active and no card to enter.

The current limits are:

• 5 generations a month per account (the cap most people care about).
• Up to 3 extra generations a month if you share PromptForge —

this is the Pro Pass mechanic and it's optional.

• 30-day retention on generated outputs in your library.
• Owner-issued invites can grant more generations as a top-up

(this is how I let people who hit the cap and emailed me keep using it).

If the project ever moves to a paid model, this section gets a proper rewrite and I'll give 14 days' notice in advance — see §8.

Section 4 — Intellectual property

4.1 Your content

You own the project descriptions, answers, and generated outputs that pass through your account. You grant us a non-exclusive, worldwide licence to host and process this content solely to deliver the service to you. We don't claim ownership of your generated outputs or the apps you build from them.

4.2 Our intellectual property

PromptForge owns the service, including the wizard, the recommendation logic, the output templates, and the underlying data that drives them. You're welcome to use the prompts and plans we generate for any purpose — personal or commercial — but you may not:

• copy, scrape, or systematically extract our recommendations or

the data that drives them in order to build a competing service;

• attempt to reverse-engineer how the wizard works; or
• resell or sublicense access to the service.

4.3 AI-generated content

Generated outputs are produced via Anthropic's Claude API. Anthropic's commercial terms govern those outputs. Per Anthropic (as of 2026), API inputs are not used for model training. We disclaim warranty of accuracy or fitness for purpose on AI-generated content — see §6.

4.4 Sharing is opt-in

Your projects are private by default. If you click Share on a specific output, I mint a random unguessable URL — anyone with that exact URL can read that one output and nothing else. Don't click Share if you'd rather keep the idea to yourself. You can revoke a share link any time from your library.

Section 5 — Privacy and data

Our handling of your personal data is governed by our Privacy Policy, which is incorporated into these terms by reference. Key points:

• We're the controller of your personal data.
• We use a small set of trusted processors (listed in our

Privacy Policy) all under Data Processing Agreements.

• You have full GDPR rights, including self-serve deletion.
• We don't sell, rent, or license your data to advertisers.

Section 6 — Liability and warranties

6.1 Service warranty

The service is provided "as is" and "as available". We don't warrant that it will be uninterrupted, error-free, or fit for any particular purpose. We make no representation about the quality or accuracy of recommendations or AI-generated outputs.

6.2 AI-output warranty

PromptForge generates plans + prompts as a starting point. You are responsible for reviewing them before acting on them, in particular the security guidance, compliance recommendations, and stack choices. AI tools occasionally produce inaccurate output even with our structural validators in place.

We disclaim liability for losses arising from your decision to follow (or not follow) AI-generated recommendations.

6.3 Limitation of liability

To the maximum extent permitted by UK law:

• We're not liable for indirect, consequential, or special

damages.

• Our aggregate liability for any claim is capped at **the greater

of (a) £100, or (b) the amount you paid us in the 12 months before the claim**.

This limitation does not exclude liability for death or personal injury caused by negligence, fraud, or any liability that cannot be excluded under UK law (Consumer Rights Act 2015 mandatory protections survive these terms).

6.4 Indemnification

You agree to indemnify us against claims arising from:

• Your breach of the Acceptable Use Policy.
• Your unauthorised use of the service or our IP.
• Content you submit that infringes third-party rights.

Section 7 — Governing law and jurisdiction

7.1 Governing law

These terms are governed by the laws of England and Wales.

7.2 Jurisdiction

The courts of England and Wales have exclusive jurisdiction over any dispute arising from these terms or your use of the service — subject to your consumer rights (which may give you additional local-court protections that nothing in these terms removes).

7.3 Disputes — informal first

Before any court action, you agree to contact hello@promptforge.uk and give us at least 30 days to resolve the issue informally.

Section 8 — Changes to these terms

We may revise these terms. For material changes (anything affecting your rights, fees, or data handling) we'll give you at least 14 days' notice by email and an in-app banner before the change takes effect.

Continued use of the service after a change takes effect constitutes acceptance. If you don't agree to a change, you can close your account before it takes effect (no charge for remaining Solo period — pro-rata refund).

Non-material changes (typo fixes, clarifications, structural edits without rights impact) are updated in place with the revision date in §9 below.

Section 9 — Revision history

• 2026-04-29: Initial AUP-only draft.
• 2026-04-30: First-pass drafts of §§2-8 (account terms, billing,

IP, privacy reference, liability, governing law, changes).

• 2026-05-06: §§2-8 wording reviewed against ICO templates and

comparable UK SaaS terms (Stripe Atlas, Indie Hackers / Lemon Squeezy boilerplates). Standard UK consumer-contract carve-outs added in §6 (we cannot exclude liability for death, personal injury, fraud, or breach of statutory consumer rights). If you are running a high-stakes commercial deployment, get your own solicitor pass — these are sensible defaults, not bespoke advice.