Security & Privacy
IronShift is built with a privacy-first architecture. Your data, credentials, and chat history never leave your machine.
Security Principles
| Principle | Details |
|---|---|
| Privacy-First | Chat history stored locally on your machine. Never sent to or stored in the cloud. |
| Credentials Stay Local | Uses your existing CLI auth (az, aws, gcloud). Cloud credentials never leave your machine. |
| Human-in-the-Loop | All write operations require explicit approval. Read ops can optionally be auto-approved. |
| Audit Trail | Every action logged in conversation history for a complete record. |
| Enterprise Ready | Self-host the entire backend for complete control over data and compliance. |
| No Data Collection | Queries, outputs, and infrastructure details stay on your machine. |
Authentication Flow
- OAuth-based login via the IronShift Dashboard
- Session tokens securely stored in IDE's global state
- Auto-refresh syncs plan changes and usage limits periodically
- Logout clears all stored credentials immediately