Every app on Artiefax is sandboxed in a cross-origin iframe with strict Content Security Policy headers. Zero access to your data, cookies, or other apps on your device.
Every app runs inside an iframe on a completely separate domain. It can't read your cookies, access your storage, or interact with other apps.
Strict CSP headers block unauthorized scripts, prevent inline injection, and restrict network requests. Apps can only load resources from approved sources.
Each app gets its own isolated storage namespace. One app can never read, write, or even detect another app's data.
When you paste an artifact from an AI tool, you're running code you probably didn't write and might not fully understand. That's fine—Artiefax treats every app as untrusted by default. The sandbox ensures a buggy or malicious app can't steal your data, hijack your session, or affect other apps in your library. You get the convenience of running AI-generated code with none of the risk.