Trust

Security

How Prompto is built to keep your prompts private and your Mac safe — sandboxing, code signing, no telemetry, and a privacy manifest you can audit.

Version 1.0Effective May 10, 2026

01Architecture at a glance

Prompto is a local-first macOS menu bar app. Your prompt library, your tags, your search queries, and your settings live on your Mac. There is no Prompto server that receives them, no analytics SDK that observes them, and no cloud account that mirrors them.

This document explains the security properties that follow from that architecture: what the app is allowed to do on your machine, what it is not allowed to do, and how each guarantee is enforced — by Apple, by code signing, and by the source itself.

In one sentence

The Mac App Store build runs sandboxed, makes no network calls, and ships with a privacy manifest you can audit before installing.

02App Sandbox & code signing

The Mac App Store build of Prompto runs inside Apple's App Sandbox. The sandbox is enforced by macOS at the kernel level: it confines the process to a private container, restricts which files it can read or write, and blocks the entitlements it does not declare. We cannot opt out of these restrictions at runtime — they are part of the binary signature and checked on every launch.

Prompto's declared entitlements are intentionally narrow:

  • User-selected file access, scoped to vault folders you pick yourself with the macOS file picker.
  • Security-scoped bookmarks, so the app can reopen a vault you previously chose without prompting again.

Every released build is signed with a Developer ID certificate, notarized by Apple, and stapled. macOS Gatekeeper verifies the signature on first launch and on every update; a tampered binary will not start.

03Network access

The Mac App Store build of Prompto is shipped without the network entitlement. The sandbox blocks outbound and inbound connections at the kernel level — even if a future bug tried to open a socket, macOS would refuse.

That means, for the App Store build:

  • No analytics, telemetry, or crash-report upload.
  • No remote content, fonts, or asset downloads.
  • No external updater. Updates are handled by the Mac App Store.
  • No license server. There is no license to activate.

You can verify this independently: macOS's Activity Monitor and Little Snitch will show no Prompto network activity during search, edit, copy, or settings. We also publish an offline check script in the source repository that exercises the app while watching for socket calls.

04Vault & file access

Prompts are stored as plain Markdown files. By default, the Mac App Store build keeps them inside the app's sandbox container — a location only Prompto can read, even other apps you run cannot.

If you prefer to keep your vault somewhere you control — Documents, iCloud Drive, a Git repo — you choose the folder explicitly through the macOS file picker. The sandbox grants Prompto access only to that folder, scoped by a security bookmark, and only for as long as you keep that vault selected. Switching vaults revokes the previous grant.

Files written by Prompto inherit the file permissions of the folder you chose. If your disk is encrypted with FileVault, your vault is encrypted at rest. Prompto does not maintain a separate cache of your prompt bodies outside the vault folder.

05Clipboard

Prompto writes a single value to the system clipboard: the body of the prompt you just selected, and only when you explicitly trigger a copy with Return or a primary click on the result.

Prompto does not read the clipboard, does not watch the clipboard for changes, and does not simulate a paste keystroke into another app. You remain the only thing that moves text out of the clipboard.

06System permissions

Prompto deliberately avoids the macOS permissions that look most intrusive in the system Privacy & Security pane. The Mac App Store build does not request, and is not signed to request:

  • Accessibility — not used. Prompto does not simulate keystrokes or read the contents of other apps.
  • Input Monitoring— not used. The global launcher shortcut is registered through Apple's NSEvent shortcut API; keystrokes that do not match are never seen.
  • Screen Recording — not used.
  • Camera, Microphone, Contacts, Calendars, Reminders, Photos, Location — not used.

Launch at Loginis opt-in from Settings and uses Apple's SMAppServiceAPI, which lets you review and revoke the registration from System Settings > General > Login Items at any time.

07Update integrity

The Mac App Store build receives updates exclusively through the Mac App Store. Apple verifies the developer signature, scans the binary, and delivers it through its own infrastructure — Prompto itself contains no update logic for that channel.

The direct-distribution build (downloaded from our website) uses Sparkle with EdDSA signature verification. The appcast feed and the release archive are both checked against a public key compiled into the app; an update that fails verification is discarded before it is ever unpacked. Sparkle is not present in the App Store build.

08Privacy manifest

Prompto ships a Privacy Manifest (PrivacyInfo.xcprivacy) inside the app bundle, declaring exactly which Apple-defined required reason APIs the app uses and exactly which categories of data it collects. The current declaration:

  • Tracking: false. The app never links data to identifiers from other companies for advertising or analytics.
  • Collected data types: none. The app does not collect any of the categories Apple defines — no contact info, no user content, no identifiers, no usage data.
  • UserDefaults with reason CA92.1— to read and write the app's own preferences (shortcut, vault path, settings).
  • File timestamps with reasons C617.1 and 3B52.1 — to detect when your vault files change on disk and re-index, and to display human-readable modification dates.
  • System boot time with reason 35F9.1 — to compute monotonic durations for indexing and animation.

You can audit the manifest yourself: it lives at Prompto.app/Contents/Resources/PrivacyInfo.xcprivacy inside the installed bundle. Right-click the app in Finder, choose Show Package Contents, and open the file in any text editor.

09Logging hygiene

Prompto uses Apple's unified logging system for diagnostics. Log messages are split between public values, which appear in plain text in Console.app, and private values, which are redacted to <private> unless you have actively attached a debugger. We treat anything that could identify a person, a path, or the contents of a prompt as private.

Specifically, Prompto never logs prompt bodies, prompt titles, security-scoped bookmark data, full vault paths, clipboard contents, or localized error messages that might quote user data. Public log values are limited to the build channel, booleans, counters, the source of an action (menu bar, shortcut, click), result categories, and timing buckets.

10Reporting a vulnerability

If you believe you have found a security issue in Prompto, please email security@prompto.app before disclosing it publicly. We aim to acknowledge reports within two business days and to ship a fix as quickly as the severity warrants.

A useful report typically includes the affected version (visible under Settings > About), the macOS version, a description of the issue, and — if possible — a way to reproduce it. We do not run a paid bug bounty, but we will credit reporters in the release notes when they would like us to.

See also our Privacy Policy and Help Center.