Last updated: March 2026

Privacy Policy

Ironspire is a desktop application for managing AI agent teams. We believe your data is yours. This policy explains what we collect, what we don't, and how we handle what we do.

This policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we serve users in the European Economic Area, we also comply with the EU GDPR.

Data Controller: Ironspire is the data controller for the personal data described in this policy. We are based in the United Kingdom. For data protection enquiries, contact privacy@ironspire.dev.

What We Collect

Account data: email address, display name, and optional avatar when you create an account
Subscription status: your current plan tier and billing period
Session metadata: device type and IP address for security purposes
Analytics events: only if you opt in via our cookie consent banner

What We Don't Collect

Your code: everything stays on your local machine
Your API keys: stored locally with DPAPI encryption, never transmitted to our servers
Your conversations with AI agents: all chat history remains on your device
Your file system contents: we have no access to your files or directories

Lawful Bases for Processing

Under the UK GDPR, we process personal data on the following lawful bases:

Contract performance: account data and subscription status are necessary to provide theIronspire service and manage your subscription
Legitimate interest: session metadata (device type, IP address) is processed for security, fraud prevention, and service reliability
Consent: analytics events are collected only with your explicit opt-in consent via the cookie consent banner. You may withdraw consent at any time

Sub-Processors

We use the following third-party services to operate Ironspire. Each sub-processor is bound by a data processing agreement.

Service	Purpose	Data Processed
Supabase	Authentication, account storage	Email, display name, session tokens
Paddle	Payment processing (merchant of record)	Email, payment details (handled by Paddle)
Vercel	Website hosting	Standard web server logs
PostHog EU Cloud	Analytics (opt-in only)	Usage events, device type (no IP, no geolocation)

International Data Transfers

Some of our sub-processors process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including:

UK adequacy decisions for the recipient country
International Data Transfer Agreements (IDTAs) or the UK Addendum to EU Standard Contractual Clauses

Cookies

Our use of cookies complies with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR.

Website: We use analytics cookies only with your explicit opt-in consent via our cookie consent banner. If you decline, no analytics cookies are set. Strictly necessary cookies (such as session authentication) do not require consent under PECR.

Desktop app: TheIronspire desktop application does not use cookies. Your consent preference is stored in your browser's localStorage and never transmitted to our servers.

Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

Right of access: request a copy of the personal data we hold about you
Right to rectification: request correction of inaccurate or incomplete personal data
Right to erasure: request deletion of your account and associated data
Right to restriction: request that we limit how we process your data in certain circumstances
Right to data portability: receive your data in a structured, machine-readable format
Right to object: object to processing based on legitimate interest
Right to withdraw consent: withdraw consent for analytics at any time via the cookie banner or your browser settings

To exercise any of these rights, email privacy@ironspire.dev or use the account management section in the desktop app. We will respond within one month, as required by the UK GDPR.

Data Retention

Account data: soft-deleted immediately on request, hard-purged after 30 days
Analytics: individual events deleted after 90 days, then aggregated
Subscription history: retained by Paddle (as merchant of record) in accordance with their legal and tax compliance obligations

Complaints

If you are unhappy with how we handle your personal data, we encourage you to contact us first at privacy@ironspire.dev.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Website: ico.org.uk
Telephone: 0303 123 1113

Contact

For privacy enquiries or to exercise your data subject rights, contact us at privacy@ironspire.dev. We aim to respond to all requests within one month.