Privacy & local-first FAQ
Is Ironspire local-first?
Yes. All data is processed and stored on your machine. Conversations, agent configurations, memory entries, analytics, and credentials never leave your device unless an agent explicitly makes an outbound API call (for example, to a model provider or GitHub).
There is no Ironspire cloud service that receives your code, file contents, or agent conversations.
What network traffic does Ironspire generate?
The only outbound connections Ironspire makes are:
- LLM API calls: sent to the provider you configure (Anthropic, OpenAI, etc.) when agents send messages
- GitHub API calls: sent when GitHub Sync is active, using your personal access token
- Update checks: periodic requests to GitHub Releases to check for new Ironspire versions (can be disabled in Settings)
- Paddle: licence validation calls for subscription management
No code, file contents, conversation history, or memory data is sent to Ironspire servers.
If you have an Ironspire account, your subscription status is synced with our server. Your conversations and agent data remain local.
Where is my data stored?
Everything is stored locally in your user data directory:
- Conversations: SQLite database, capped at 200 messages per agent
- Memory: SQLite with full-text search (FTS5)
- Cost analytics: SQLite in WAL mode, per profile
- Settings and credentials: encrypted via your OS credential store (DPAPI on Windows, Keychain on macOS, libsecret on Linux)
Does Ironspire collect telemetry?
Telemetry is opt-in only. If you enable it, Ironspire sends anonymous usage events via PostHog using a random UUID. No personal information is included. A session heartbeat pings every 30 minutes. You can disable telemetry at any time in Settings.
How are my API keys protected?
API keys are encrypted at rest using Electron's safeStorage API, which delegates to your OS's native credential store (DPAPI on Windows, Keychain on macOS, libsecret on Linux). They are never written to plain-text config files, included in project exports, or sent to Ironspire servers.
See the Security guide for the full credential storage and security model.
Can I use Ironspire offline?
Partially. Ironspire itself does not require an internet connection to run. Features that do not call external services (the editor, terminal, file tree, settings management) continue working offline. Features that require an internet connection are:
- Agent conversations: need a live connection to your model provider's API
- GitHub Sync: needs access to the GitHub API
- Update checks: need access to GitHub Releases
If you use Ollama for locally hosted models, agent conversations also work offline once models are downloaded.
Is my code sent to Ironspire?
No. Your code is only sent to the AI model provider you configure (Anthropic, OpenAI, etc.) when an agent includes it in a conversation. Ironspire acts as a client that routes your messages to the provider -- it does not process or store your code on any Ironspire infrastructure.
How do agents control access to my files?
Agents operate under a configurable permission model set per agent. Options are Plan (proposes actions, cannot execute without approval), Normal (executes most actions, pauses for sensitive operations), and Full access (executes all actions autonomously). You can also enable Docker sandboxing per agent to restrict filesystem and network access to a container.
See the Security guide for a full description of the permission model and defence-in-depth layers.