Documentation

PromptCloak is available on the App Store for iPhone and iPad. A Mac version is in development and will launch shortly after. Download the app and you're immediately ready to chat — no account creation, no email verification, no phone number.

On first launch, PromptCloak generates an Ed25519 cryptographic keypair on your device. Your private key is stored in the device Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection — the same security level used by banking apps. Your session ID (e.g., AZ-4E7C2D) is derived from your public key and is the only identifier visible anywhere in the app.

The onboarding flow walks you through privacy features, AI capabilities, and an optional iCloud sync toggle. Once complete, you see the terminal-styled identity card confirming your cryptographic session — then you're in.

Zero-Knowledge Identity

PromptCloak has no concept of user accounts. No email. No phone number. No username. Your identity is an Ed25519 keypair generated entirely on your device. The private key never leaves the Keychain. Every API request is signed with your private key — the backend verifies the signature but cannot determine who you are.

Two Privacy Modes

Network Security

All connections enforce TLS 1.3 minimum. Certificate pinning validates SPKI hashes against Let's Encrypt intermediates and ISRG Root X1. Every request carries four auth headers: X-Public-Key, X-Timestamp, X-Signature, and X-Entitlement.

Data Transit

Message content is processed by third-party inference providers (Groq for Llama/GPT-OSS, xAI for Grok) — this is required for AI inference. These providers do not store or train on API inputs per their data processing agreements. The PromptCloak backend proxies requests but does not persist message content. There is literally no database — nothing to hack, subpoena, or leak.

Read the full Privacy White Paper →

PromptCloak ships with six AI models across two providers, selectable at any time — even mid-conversation:

The model catalog is server-driven — new models appear instantly without an App Store update. Vision requests automatically route to Llama 4 Scout when using non-Grok models. Model selection persists across sessions.

BYOK lets you connect your own API keys from OpenAI or Anthropic. When using BYOK, requests go directly from your device to the AI provider — the PromptCloak backend is completely bypassed.

Supported BYOK Models

• OpenAI: GPT-4o, GPT-4o Mini, o4 Mini
• Anthropic: Claude Sonnet 4, Claude Haiku 4.5

Key Security

API keys are stored in the device Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly — the same protection used by banking apps. Keys are validated with a lightweight test call before saving. BYOK models display a [YOUR KEY] badge in the model selector.

Step-by-step: Set up your Claude API key →

Hermes Agent (Self-Hosted)

Connect your own Hermes Agent instance for fully self-hosted AI with memory, skills, and tools. Messages go directly from your device to your server — no third-party services in the path.

Step-by-step: Connect your Hermes Agent →

PromptCloak automatically extracts factual information about you — preferences, background, habits — from each conversation. Memories are stored entirely on your device and injected into the system prompt so the AI uses them naturally.

• Deduplication: Jaccard similarity (threshold 0.6), exact match, and substring containment prevent redundant memories
• Relevance ranking: 50% NLEmbedding cosine similarity + 20% word overlap + 30% recency
• Capacity: 50-memory cap with LRU eviction by last-used date
• Manual control: View all memories in settings, delete individual items or clear all

Attach photos via camera capture (iOS), photo library picker (iOS/iPad), or file picker. Before any image is sent:

• All EXIF metadata is stripped by re-rendering through a graphics context — GPS coordinates, camera info, and timestamps are removed
• Images are resized to 768px max edge and compressed to 0.5 JPEG quality
• Thumbnails are generated for inline display
• Full-screen viewer supports pinch-to-zoom (1x-5x), double-tap toggle, and swipe-to-dismiss

In Strict Mode, an explicit privacy warning appears: images are not PII-scrubbed (text scrubbing applies to text content only).

Custom Instructions let you set persistent context that shapes every AI response. Two fields:

• About You: Tell the AI about your background, role, or context
• Response Style: Formatting preferences — concise vs. detailed, technical depth, tone

Instructions are layered in the system prompt: base prompt → about you → response style → active skill → memories. A [CUSTOM] badge appears in the chat header when instructions are active. Synced via iCloud when enabled.

Type / in the input field to open a terminal-styled command popup with fuzzy matching.

Built-in Commands

• /summarize — Summarize the last message
• /explain — Explain the last message in simpler terms
• /expand — Expand on the last response
• /translate — Translate the last message
• /fix — Fix grammar and improve writing
• /memory — Open memory view
• /clear — Reset conversation context
• /model — Open model selector

Custom Skills

Create reusable prompt templates that become slash commands. Each skill has a name, trigger, system prompt, and optional template message with {{placeholder}} support. Skills track usage and sync across devices via iCloud.

PromptCloak integrates Perplexity Sonar for real-time web search. A keyword classifier automatically detects queries needing live data and routes them through Perplexity. You can also toggle web search manually per message using the globe icon.

• 100 web searches per month on the base plan
• [WEB ROUTED] indicator appears on web-sourced responses
• Can be toggled on/off in Settings with usage display

Record meetings directly in the app or import audio files (.m4a, .mp3, .wav, .caf). By default, transcription runs entirely on-device using Apple's Speech framework — audio never leaves your device.

• Audio recordings are deleted after transcription — only text persists
• The transcript appears in the conversation so you can ask the AI to summarize, extract action items, or answer questions about what was discussed
• Key facts from meetings are automatically extracted into the memory system

Optional iCloud sync (toggled during onboarding or in settings) uses SwiftData + CloudKit to sync conversations, messages, and memories across all devices signed into the same Apple ID.

• PromptCloak has zero server-side access to your iCloud data
• Warning on enable: iCloud data persists even after app deletion
• Full iCloud zone wipe available in settings
• Requires app restart to toggle

PromptCloak gives you 25 free messages to try the app. After that, choose a subscription plan to continue. All payments are processed by Apple — no identity compromise.

Manage or restore purchases from Settings. RevenueCat integration uses your anonymous cryptographic public key — no personal information.