Security & Privacy Information
Your data stays on your device. Always.
100% Private & Local
Prompt Forge is a completely client-side web application. All your prompts, style references,
and settings are stored in your browser's local storage on your device only. Nothing is
uploaded to any server—not even ours.
What Data is Stored?
When you use Prompt Forge, the following information is stored locally in your browser:
Saved Prompts - Any prompts you save to your library
Style References (sref) - Image URLs, weights, and descriptions you save
Uploaded Documents - Any files or web content you add for reference
LLM Settings - API URLs and model names (if you use local LLM integration)
App Preferences - Custom dropdown options, theme choice (light/dark mode)
What is NOT Stored?
We do not collect, transmit, or store any of your data on our servers. There is no
user database, no cloud storage, no tracking cookies, and no analytics that identify you personally.
How Your Data Moves
Your data only leaves your device in these situations (and only when you choose):
| Action |
What Happens |
| You click "Export" |
Downloads a JSON file to your device (stays on your computer) |
| You share your export file |
Only if you manually send the file to someone else |
| Browser sync is enabled |
Chrome/Firefox may sync your localStorage to your own account (encrypted) |
| Fetching web content |
App may use CORS proxies to fetch public web pages (no personal data sent) |
| Using local LLM |
Connects to localhost only—your computer, not external servers |
Security Features
We've implemented multiple layers of protection:
XSS Protection - All user input is safely escaped to prevent malicious scripts
Sandboxed Output - HTML previews run in isolated iframes with no script execution
Content Security Policy - Restricts what resources the app can load
No External Dependencies - Only loads Bootstrap and icons from trusted CDNs
Important Notes
Your Data is Device-Specific
Because everything is stored locally, your prompts and settings are tied to this specific browser
on this device. If you switch browsers, computers, or clear your browser data, you'll need to
re-import your library from an export file.
Recommendation: Regularly export your library as a backup
(click "Export All" in the app).
Don't Store API Keys
While your data is private, localStorage is not encrypted. If you're using LLM integration,
only connect to local instances (localhost). Never store production API keys
for commercial services in the app.
Common Questions
Can you see my prompts?
No. We cannot see, access, or recover your prompts. They exist only in your
browser's localStorage on your device. We don't have a database or any way to access your data.
What happens if I clear my browser cache?
Your saved library data will be deleted. That's why we recommend exporting your library regularly
as a backup. You can re-import it anytime using the "Import" button in the app.
Can I use this app offline?
Yes! Once the page loads, Prompt Forge works completely offline. You can generate prompts,
manage your library, and use all features without an internet connection. (Note: Fetching
web content and LLM integration require connectivity.)
Is my data encrypted?
Browser localStorage is not encrypted by default. However, since your data never leaves your device,
it's protected by your device's security (password, encryption, etc.). For maximum security, use
device encryption and keep your operating system updated.
Do you comply with GDPR/privacy laws?
Because we don't collect, transmit, or store any personal data on our servers, GDPR and most
privacy regulations don't apply in the traditional sense. We simply provide the tool—you control
all your data locally.
Your Privacy is Our Priority
Prompt Forge is designed with privacy by default. We believe your creative work should stay yours.
Back to Prompt Forge