Frequently asked questions
Everything we get asked most often. If you have a question that isn't here, book a discovery call and we'll answer it directly.
Jump to a topic
Getting started
What is PromptSafe?
PromptSafe is a pre-deployment AI safety and quality testing platform for teams building conversational AI agents. You run your agent through hundreds of realistic simulated conversations before launch, see exactly where it fails, get specific suggestions for what to change, and export a record of the testing for your governance, safety, and product teams.
Who is PromptSafe for?
Anyone building, testing, designing, or quality-assuring conversational AI agents. The people who get the most out of it are usually the ones closest to the agent's behaviour: product managers, behavioural scientists, clinical leads, subject-matter experts, and anyone responsible for what the agent says and how it says it. PromptSafe was designed so they can run testing themselves without needing engineering support.
How quickly can I get started?
The free trial takes a couple of minutes to sign up for, no card required. Your workspace comes pre-loaded with example agents, personas, and evaluators ready to use, so you can run your first simulation within minutes of signing up rather than starting from a blank page.
Do I need to give you my agent's source code or API keys?
No. You build or describe your agent inside PromptSafe. Connecting an existing agent through the API is available on the enterprise tier.
What sectors is PromptSafe for?
PromptSafe works for any team building human-facing conversational AI agents. We have particular depth in digital health, mental health and wellbeing, and healthtech, and we also support teams in customer support, education, finance, and other sectors building human-facing AI.
What is the science behind PromptSafe?
PromptSafe is built on published behavioural science and evaluation methodology, not just features. Our founder co-authored a 2026 open letter calling for behavioural science to become core to AI evaluation, and a peer-reviewed framework (FAST) for evaluating conversational AI across fidelity, accuracy, safety, and tone. We are also developing the Evaluation Evidence Framework, a transparent way to quantify confidence in evaluation results. You can read more on our Scientific foundations page.
Trial
How long is the free trial?
Seven days from when you verify your email.
Do I need to give a credit card to start the trial?
No. The trial is fully self-serve and does not require a card. We absorb the running cost.
What can I do during the trial?
You get the full product, with 30 PS tokens per day. That is enough to run several simulations of varying complexity per day, exploring how PromptSafe works across personas, evaluators, and the Prompt Improver. We recommend starting with the guided product tour: it walks you through the whole workflow, from setting up an agent to reading your first evaluation, and surfaces features that are easy to miss on your own, such as the Prompt Improver.
What happens when the trial ends?
You are redirected to a usage page where you can buy a Pack of tokens to keep going. Your account, agents, personas, and evaluators are preserved.
Can I extend the trial?
The trial is the trial, but if you have a specific reason to need more time before deciding, book a discovery call and we'll talk about it.
Pricing and tokens
How much does PromptSafe cost?
After the free trial, you buy Packs of usage. Each Pack is £99 and includes 2,000 PS tokens, valid for 90 days. If you buy another Pack before that period ends, your unused tokens roll over and, together with the new tokens, remain valid for a fresh 90 day period starting from your latest purchase. If a previous Pack has already expired, a new one gives you 90 days from the date of purchase.
Are prices inclusive of VAT?
Prices on this page are exclusive of VAT. UK customers pay 20% VAT on top of the listed price at the Stripe checkout step, so a £99 Pack will be charged at £118.80 in total. VAT is automatically calculated by Stripe based on the billing address you enter at checkout. A full VAT invoice is provided after purchase. Non-UK customers currently pay the listed price with no VAT added.
Is there a subscription?
Not at launch. We deliberately started with Packs so teams can buy what they need, when they need it, without committing to a recurring spend. We may introduce subscriptions later based on what teams ask for.
What is a PS token?
A PS token is the unit PromptSafe uses to measure usage. A typical simulation uses around 5 to 10 PS tokens. Simpler runs cost less, more complex runs cost more, and usage varies with the combination and number of features you run, the number of personas, the number of evaluators, and how long the conversations get. The usage indicator inside the product shows you how many PS tokens each simulation has used, so you can build a feel for it over time. We will refine these estimates as more teams use the product.
How do I know how many PS tokens I have left?
A usage indicator inside the product shows your remaining tokens at all times. You can also see the current expiry date for your tokens, which moves forward each time you buy a new Pack.
What happens to my tokens if I buy a second Pack?
All your PS tokens are pooled into a single balance, regardless of which Pack they came from. Each Pack is valid for 90 days, and buying another Pack before the current one expires rolls your unused tokens into a fresh 90 day period starting from your latest purchase. For example, if you buy one Pack on the 1st and another on the 20th, all your tokens expire together, 90 days after the 20th, not on different dates. If your previous tokens have already expired, a new Pack simply gives you a fresh 90 day balance from the date of purchase.
Can I get a custom plan?
Yes, that's what the enterprise tier is for. Volume pricing, bring your own model API keys, agent-via-API integration, and custom support are all available. Book a discovery call.
Use cases
What kinds of agents can I test?
Any conversational agent. PromptSafe is use-case agnostic. Common examples include health coaching agents, mental health support agents, customer support agents, educational tutors, financial guidance agents, and internal AI assistants.
Does PromptSafe work for non-health use cases?
Yes. The depth of behavioural science in the platform was originally built for health and wellbeing work, but the underlying patterns (how people behave in conversation, what makes an agent helpful or harmful) apply across sectors. Teams building customer support, educational, and financial agents are already using PromptSafe.
How is this different from observability tools like LangSmith or Langfuse?
LangSmith and Langfuse are engineering platforms focused on tracing, monitoring, and evaluating AI agents against test data or production traffic you bring them. They tell you what your agent did and where it slowed down or failed. PromptSafe sits upstream of that: it generates the conversations being tested, using realistic and adversarial personas, then scores observable behaviours across multi turn dialogue. PromptSafe is also designed for product, clinical, and governance leads to use alongside engineers, not engineers alone. Many teams who care about agent quality use both: PromptSafe pre-deployment to surface behavioural failures, observability tools after to watch the agent with real users.
Can PromptSafe replace human review of my agent?
No, and it is not designed to. Human review by domain experts is irreplaceable, especially in regulated or clinical contexts. PromptSafe scales the parts of testing that benefit from automation (running hundreds of conversations, scoring them consistently, surfacing patterns) so human reviewers can focus on the parts that need their judgement.
Does PromptSafe make my agent safe?
No. Nothing makes an agent safe. The team building the agent is responsible for its safety. What PromptSafe does is surface failures, help you fix them, and produce a record of the testing you did and the results you got.
Can I use PromptSafe to validate my agent for clinical or regulated deployment?
No. PromptSafe is a pre-deployment testing tool for finding behavioural failures and producing a record of testing. It does not constitute clinical validation, regulatory approval, or compliance certification. Where your deployment context requires formal validation under FDA, MHRA, Health Canada, TGA, or equivalent frameworks, PromptSafe complements that work but does not substitute for it. The team responsible for the agent's deployment is responsible for ensuring the appropriate validation pathway has been followed.
Governance
How does PromptSafe support ISO/IEC 42001?
ISO/IEC 42001 is the management-system standard for AI. PromptSafe produces a reproducible, pre-deployment testing record for your conversational agent, which is the kind of evidence the standard expects you to keep. PromptSafe gives you that evidence; it does not certify your compliance.
How does PromptSafe support the EU AI Act?
If your agent is a high-risk system, Article 9 of the Act requires a documented, ongoing risk-management process, enforceable from August 2026. PromptSafe gives you test artefacts that map to that evidence requirement: what you tested, what failed, and how the fix moved the failure rate. It is evidence for your file, not a conformity assessment.
How does PromptSafe support NHS DCB0129/0160?
DCB0129 and DCB0160 are the NHS clinical risk-management standards for manufacturers and deploying organisations. PromptSafe outputs, the transcripts, evaluator outcomes, and failure-rate diffs, feed directly into the clinical safety case your clinical safety officer assembles. PromptSafe is an input to that case and does not replace clinical review.
Does PromptSafe come with evaluators pre-mapped to specific frameworks?
No. Frameworks like ISO/IEC 42001, the EU AI Act, and NHS DCB0129/0160 are process and risk-management standards. They tell organisations to test, document, and audit AI systems, but they don't specify a list of behavioural tests an agent must pass. The right tests depend on your agent, your users, and your risk profile. PromptSafe ships with a library of behaviour-focused evaluators across safety, scope, escalation, and clinical-risk dimensions, and you can author your own. The evidence those evaluators produce is what supports your framework documentation.
What does the audit trail actually contain?
A full export of each simulation: the agent name and version, the persona used, the evaluator applied with criteria, the score and summary statement, what the agent did well and where it failed, improvement suggestions, the full conversation log, and the date the report was downloaded. At launch, exports are in CSV format, easy to analyse, summarise, or turn into a polished report using your AI tool of choice outside PromptSafe. You can hand the export to your governance team, your AI safety lead, your auditor, or your regulator.
Who is the audit trail for?
Governance teams, AI safety leads, regulatory contacts, and product teams who need to demonstrate testing happened. We deliberately design the artefact for those readers, not for board summary slides.
Can I share reports with auditors or regulators outside my organisation?
Yes. The exported reports are designed to contain the elements an auditor would typically expect to see and are shareable with external readers.
Technical
How does PromptSafe simulate conversations?
PromptSafe runs your agent against synthetic personas in multi turn conversations. The personas are not scripts. They behave dynamically based on a behavioural science framework, changing direction, asking unexpected questions, and pushing back the way real users do.
Are the personas based on real people?
No. Personas are synthetic and grounded in behavioural science. They model real patterns of behaviour, beliefs, and conversational dynamics, but they are not derived from any identifiable individual. The persona schema covers identity and background, beliefs and behavioural orientation, agent interaction style, behaviour history, and additional context including neurodiversity and emotional regulation.
What models does PromptSafe use?
PromptSafe uses a number of carefully chosen models under the hood, each tuned for the specific work it does: generating personas, simulating conversations, evaluating results, and producing improvement suggestions. At launch, simulations run on GPT-5.4. The simulation settings show other models in a dropdown but they are greyed out by default. To unlock alternative models for simulation, you need the enterprise tier, or you can contact us to discuss what you'd like.
Can I use my own model API keys?
Yes, on the enterprise tier. Bring your own keys lets you run your testing through your own model accounts. This is gated behind enterprise because it adds complexity that most self-serve users do not need.
How is my data handled?
Your workspace is private to you and your teammates. We never share your content with other customers and we do not sell it. Running a simulation does send the conversation, including your agent's instructions, to the AI model providers that power the testing (currently OpenAI, Anthropic and xAI), who process it as our service providers in order to run the test. We treat the things that describe your own AI system, your agent prompts, system instructions, uploaded documents and configuration (we call these Customer Product Assets), as confidential, and we do not use them for research or to improve our models by default. We may use Evaluation Assets, the personas, evaluators, simulation transcripts, scores and metrics produced by the testing process, with appropriate safeguards, to improve PromptSafe and for research. Nothing is used to train third party or general purpose AI models, and any research we publish will contain only aggregated findings, never anything that identifies you or your organisation. Full details are in our privacy policy.
Who can see what is in my workspace?
Your workspace is private to you and any teammates you have invited. No other customer can see it, and Sacher AI does not share workspace content with third parties for their own purposes. Two things are worth knowing. The AI model providers that power the simulations (currently OpenAI, Anthropic and xAI) process conversation data on our instructions in order to run the tests. And on enterprise engagements, Sacher AI may set up and work inside the workspace as part of the agreed scope.
Does Sacher AI ever add things to my workspace?
Sometimes, yes. Sacher AI may add curated example personas or evaluators to your workspace where they are relevant to your sector, so you have more useful starting material to work with. Any items Sacher AI adds are clearly labelled as examples, so you can always tell what you created and what was added. Sacher AI never modifies or deletes anything you have created.
Do you use my data to train your models?
PromptSafe does not use your data to train third party or general purpose AI models, and it does not use your Customer Product Assets (your agent prompts, system instructions, uploaded documents and configuration) to improve our models by default. We may use Evaluation Assets (the personas, evaluators, simulation transcripts, evaluator outputs, metrics and benchmarks produced during testing), with appropriate safeguards, to improve PromptSafe itself, including our evaluation methodologies, benchmarking systems, safety classifiers, and scientific research. We never publish customer identifiable information and never sell customer data. The principle is simple: PromptSafe improves by learning how AI systems behave during evaluation, not from the design of your AI system.
Where is PromptSafe hosted?
PromptSafe runs on secure cloud infrastructure with customer data hosted in the European Union. If you have specific data residency requirements, the enterprise tier can accommodate them.
Importing personas
Can I import multiple personas at once via CSV?
Yes. Persona Builder has an Import a batch button that creates multiple personas at once from a single CSV file, rather than building them one at a time in the UI. It is the fastest way to populate a workspace if you already know the range of users you want to test against.
Where do I get the persona import template?
Download the persona import template (CSV). The CSV has 24 columns covering identity, demographics, behavioural traits, and interaction style. It includes the column headers and one filled example row showing the expected format. Open it in Excel, Google Sheets, Numbers, or any text editor. Fill one row per persona and save as CSV. Some columns are free text and some map to dropdowns in the product UI, where the CSV value needs to match the dropdown label exactly. The example row in the template shows the correct format for each.
How should I design good personas?
This is for you to decide. You know your users better than we do. Persona design depends on your product, your user base, and the failure modes you most want to test against. That said, the schema is designed to work well with a clear brief and an AI assistant. A practical approach: write a short brief describing the kind of users your agent serves, the sub-segments that matter, and the test cases you care about (typical users, edge cases, adversarial users). Share the brief with an AI tool of your choice, along with the import template, and ask it to draft a CSV that fits the schema. Review and refine the output. Adjust any persona that feels generic, exaggerated, or off-brief. Save the CSV and import.
What if I want help designing personas?
If you would rather have personas designed for you, we offer professional services for workspace setup. Book a discovery call to discuss your testing goals.
Running and reading evaluations
How long does a simulation usually take?
A typical ten-turn simulation runs in one to three minutes end to end. Longer conversations take proportionally longer. You can keep working in the app while a simulation runs and come back to the results when it is done.
Should I rely on a single evaluation score?
No. A single score on one conversation is not a reliable measure on its own. Large language models judge each conversation, and like any probabilistic system, they can return a slightly different score when the same conversation is scored more than once, especially on nuanced, judgement-based criteria. PromptSafe is designed to be read as trends, not single results. Run your agent across many conversations and personas, then look at how the scores move over time. That tells you whether a change to your agent has made things better, worse, or no different. The aggregate pattern is stable and meaningful even when an individual score is not.
What do the evaluator score levels actually mean?
Each evaluator describes a specific behaviour, for example "recognises and signposts clinical risk" or "stays within its scope of authority". Scores run from 1 to 5, shown as a percentage: 20%, 40%, 60%, 80%, or 100%. Each band tells you how consistently the agent showed that behaviour across the conversation. 20% means the agent rarely showed the behaviour. 40% means the agent showed it in places but not reliably, missing it where it should have applied. 60% is mixed: the agent showed it about half the time, with notable misses. 80% means the agent showed it most of the time, with one or two lapses. 100% means the agent showed it consistently. Treat the bands as a gradient, not a verdict. Single scores can vary slightly when you rescore the same conversation, so the most reliable read is the trend across many conversations and personas.
Why might the same conversation get a slightly different score?
PromptSafe uses a large language model to score each conversation against your evaluators. Large language models are probabilistic, which means they can return a slightly different score when they assess the same conversation more than once, particularly when the criteria call for judgement. If you see meaningful variation when you rescore the same conversation, it often means the evaluator criteria are not precise enough. Tighten the wording to describe the behaviour you want the agent to show, then rescore. The variance should narrow. Some variance will always remain because of the probabilistic nature of large language models. This is why we recommend reading scores as a trend across many conversations and personas, not as a fixed measurement of any single conversation.
What should I do when my agent scores poorly on an evaluator?
Click the down arrow on the evaluator card to expand it. You will see the reasons for the score, with examples from the conversation. Click Prompt Improver to get suggestions for updating your agent's prompt or instructions. Make the change, then run a new simulation across a few personas to see how the trend moves.
How many turns should a typical simulation have?
Five to ten turns is the sweet spot for most testing. Long enough for the agent to show how it responds when a persona keeps pushing, changes direction, or asks something unexpected. Longer simulations are useful when you are stress-testing a failure mode that only appears later in the conversation.
How do I rerun a simulation against the latest version of my agent?
Once you have updated your agent, run a new simulation with the same personas and evaluators. You will get a new conversation, which means the scores can differ from the previous run regardless of whether your changes helped. Run a few simulations across different personas before deciding whether the change worked. Comparing a single new conversation to a single old one is not enough to tell. The reliable read is the trend across the set.
Can I export results to share with my team or governance reviewers?
Yes. Every simulation produces an exportable CSV report you can hand to your team, AI safety lead, auditor, or regulator. For the full field list, see "What does the audit trail actually contain?" in the Governance group.
What is the difference between adversarial and realistic personas?
Realistic personas behave like the users your agent is built to serve. They have plausible needs, beliefs, and patterns of behaviour drawn from your sector. Adversarial personas are designed to stress-test a specific evaluator, pushing, deflecting, and probing in the ways most likely to make the agent break that particular check. Use realistic personas to find out how your agent performs in normal use, and adversarial ones to find where it can be broken.