Last updated: 2026-02-15

PromptFlux processes speech locally. Audio and transcription text are not sent to cloud transcription APIs.

• Audio is captured locally for transcription.
• Pre-buffer and recording data are memory-resident and short-lived.
• Transcription output is sent to clipboard and optionally auto-paste.

• First run may download the speech model.
• Mobile relay, if enabled, exposes a local LAN endpoint protected by token.
• Core STT websocket is localhost-only (127.0.0.1).

• Config: %APPDATA%/promptflux/config.json
• Models: %APPDATA%/promptflux/models/
• App artifacts/logs: under %APPDATA%/promptflux/

• Use PromptFlux on trusted devices.
• Keep mobile relay disabled on untrusted networks.
• Rotate mobile relay token when needed.
• Review firewall prompts and allow only expected local access.

Security fixes are provided for the latest release branch.

Please report security issues privately to the maintainer first. Do not publish exploit details in a public issue before remediation.