Last updated June 12, 2026

Privacy Policy

Ironsmith is built to be local-first. You can create personal Mac apps without signing in, without analytics, and without sending anything to Ironsmith or third parties. When you choose account features, the Ironsmith AI provider, or third party providers, some information is processed to make those features work.

What This Policy Covers

This policy explains how Ironsmith handles information in the macOS app and the optional online services used for accounts, the Ironsmith AI provider, billing, and credits.

The Ironsmith macOS app is open source, so you can inspect how it works in the GitHub repository.

Information Stored Locally By The Mac App

Ironsmith is designed so the core app can run without an Ironsmith account. The app stores working data locally on your Mac, including:

  • Generated tool names, bundle identifiers, package paths, sandbox settings, short local prompt summaries, and timestamps.
  • Generated Swift packages, app bundles, manifests, app icons, backups, and build artifacts under your local Ironsmith tools directory.
  • Provider and model settings, including provider names, base URLs, enabled state, selected models, and generation preferences.
  • Downloaded local models and model download progress.
  • UserDefaults preferences for generated app permissions and generation options.

By default, Ironsmith stores app data under ~/.ironsmith/ and app preferences in the normal macOS preference locations. API keys for providers such as OpenAI, Anthropic, Gemini, Ollama, or custom OpenAI-compatible endpoints are stored in the macOS Keychain, not sent to Ironsmith.

When Information Leaves Your Mac

Information leaves your Mac only when a feature you choose needs a network request. Examples include:

  • Signing in with Ironsmith, refreshing your account, listing Ironsmith AI models, or buying credits.
  • Using the Ironsmith AI provider.
  • Using a third party AI provider with your own API key, such as OpenAI, Anthropic, Gemini, or a custom OpenAI-compatible endpoint.
  • Fetching remote model lists from a provider you configured.
  • Downloading local models or pulling models through Ollama.
  • Checking GitHub Releases for Ironsmith app updates.
  • Generated apps making network requests because you asked Ironsmith to build an app that needs internet access.

If you use Apple Foundation Model, Ollama on localhost, or another local model endpoint, your generation may stay on your device or local network depending on how that provider is configured.

Ironsmith Accounts And Credits

If you sign into Ironsmith, Ironsmith processes account information needed to identify your account and provide credits. This can include your user ID, email address when provided by your sign-in method, authentication tokens, and account profile records.

Ironsmith also stores AI credits and billing records, such as your credit balance, credit purchases, checkout status, payment and refund identifiers from Stripe, and usage history needed to keep your balance accurate. Ironsmith does not receive or store your payment card number; payment details are handled by Stripe Checkout.

When you use the Ironsmith AI provider, your prompt and the generation context needed to build your app are passed to the upstream AI provider. Ironsmith does not store your prompts or generated responses. It stores only usage metadata needed for credits, reliability, and abuse prevention.

Third-Party Services

Ironsmith uses third-party services to provide optional account, billing, AI, and update features:

  • Supabase provides authentication and account data storage.
  • Stripe provides checkout, payment processing, and refund webhooks.
  • OpenRouter routes Ironsmith AI requests to upstream AI model providers.
  • Google Cloud hosts Ironsmith's online service.
  • GitHub hosts source code, release downloads, and app update metadata.
  • Apple may process information when you use Sign in with Apple.
  • Third party AI providers you configure directly process requests according to their own terms and privacy policies.

Ironsmith does not sell or rent your personal information. Ironsmith may disclose information if required by law, legal process, a valid request from a government authority, or as part of a merger, acquisition, reorganization, sale of assets, or transfer to a successor entity.

Your Choices

  • You can use Ironsmith with local models and no Ironsmith account.
  • You can choose whether to use the Ironsmith AI provider, your own third party provider API keys, or local providers.
  • You can remove provider API keys from Ironsmith, which deletes the matching macOS Keychain entry.
  • You can delete generated tools and local model files from your Mac.
  • You can sign out of your Ironsmith account or delete the account from the Ironsmith provider settings.

Some records may be retained where necessary for payment records, fraud prevention, security, dispute handling, tax/accounting obligations, or legal compliance.

Security And Retention

Ironsmith uses platform security features such as the macOS Keychain for provider API keys and authenticated API requests for account features. Generated apps are sandboxed and hardened by default.

Local data stays on your Mac until you remove it. Online records are kept for as long as needed to provide the service, maintain account and billing history, resolve disputes, prevent abuse, and meet legal or accounting requirements.

You can delete your Ironsmith account at any time from the Ironsmith provider settings. Account deletion removes your account data from Ironsmith's online service, subject to any records Ironsmith needs to retain for payment, security, legal, or accounting reasons.

Children

Ironsmith is not directed to children under 13, and the service is not intended to knowingly collect personal information from children.

Changes And Contact

This policy may be updated as Ironsmith changes. The latest version will be posted on this page with a new update date.

Questions, privacy requests, and refund questions can be sent to [email protected].