Last updated: June 2026
Security
Ironspire runs on your machine, not ours. Your code, your conversations with AI agents, and your API keys stay on your device. This page explains the design decisions behind that, the permission model that governs what agents can do, and how we secure the marketplace.
For how we handle the limited account data we do process, see the Privacy Policy.
Local-first by design
Ironspire is a desktop application. The work you do in it never leaves your machine unless you choose a cloud AI provider, in which case prompts go directly to that provider, never through our servers.
- Your code: stays on your local machine. We have no access to your files or directories.
- Your conversations: all agent chat history remains on your device.
- Your API keys: stored locally and encrypted with Windows DPAPI, never transmitted to our servers.
The agent permission model
In Normal interaction mode, Ironspire gates every tool call behind an approval step. An agent proposes a tool call and pauses; you decide whether to allow it. Only seven read-only tools are auto-approved by default:
Read · Glob · Grep · WebSearch · WebFetch · LS · ListDir
Everything that can change your system, such as Write, Edit, and Bash, requires your explicit approval. The agent stays paused until you approve or deny, so nothing runs behind your back.
Faster modes exist for when you trust a task, such as Auto-Accept and Full Access, but they are opt-in and clearly labelled. The default is always approval-first.
Marketplace security
Every marketplace package passes through multiple checks before it reaches your machine, and enforcement continues at runtime.
- Cryptographic signing: packages are signed with Sigstore keyless signing and recorded in the public Rekor transparency log, so anyone can verify who signed a package and when.
- Content integrity: every file carries a SHA-256 hash, verified on install. Published versions are immutable, giving each package an auditable chain of custody.
- Permission manifests: each package declares exactly what it needs (file reads, file writes, network hosts, tools, MCP servers). You review this before installing.
- Risk scoring: packages are scored LOW, MEDIUM, or HIGH from their content type, permissions, and scan results. High-risk packages require an extra confirmation before they install.
Data and sub-processors
The only data we process is what is needed to run your account: email, display name, subscription status, and session metadata for security. Analytics are opt-in only. Account data is soft-deleted immediately on request and hard-purged after 30 days.
We rely on a small set of sub-processors (Supabase, Paddle, Vercel, and PostHog EU Cloud), each bound by a data processing agreement. The Privacy Policy lists exactly what each one handles.
Reporting a vulnerability
If you believe you have found a security issue in Ironspire, please email support@ironspire.dev with the details and steps to reproduce. Please give us a reasonable chance to investigate and fix the issue before disclosing it publicly. We are grateful for responsible disclosure.