Privacy & Data

Local storage

All of your data (collections, environments, request history, and UI state) is stored in a local SQLite database on your machine. Nothing is transmitted to any server unless you explicitly enable telemetry, submit a bug report, or turn on cloud sync.

The database is located at:

Platform Path
Linux ~/.local/share/com.ironcall.desktop/ironcall.db
Windows %APPDATA%\com.ironcall.desktop\ironcall.db

Telemetry

Telemetry is opt-in. On first launch, Ironcall asks whether you want to enable anonymous usage statistics. If you agree, it sends the following on startup:

  • App version
  • OS name and version
  • A SHA-256 hash of a stable machine identifier, used to count unique installs and not reversible to the original value

No request data, URLs, headers, body content, or credentials are ever collected. You can change your choice at any time in Settings > Privacy.

Bug reports

Bug reports are opt-in and triggered by you. When you submit a report from the in-app button, the following is collected in addition to your description and contact email:

  • The same fields as telemetry (version, OS, hashed machine identifier)
  • Hardware info (CPU model, core count, and RAM)
  • Recent application logs

Logs are scrubbed before sending: Authorization headers, cookies, basic-auth URLs, tokens, home directory paths, and email addresses are redacted. No request bodies or credentials are included. You can review what will be sent before submitting.

Secrets handling

Variables marked as secrets are:

  • Masked in the UI
  • Encrypted at rest in the local database
  • Replaced with REDACTED in collection exports (the key is kept, the value is not)
  • Never transmitted in telemetry or bug reports

Encryption at rest

Secret values are encrypted with AES-256-GCM before they are written to the database. The encryption key is derived from a machine identifier, which means:

  • The database file is useless if copied to another machine; the secrets cannot be decrypted there.
  • It does not protect against software running under your own account on this machine, which can derive the same key. Treat your machine and user account as the trust boundary.

If you need protection against local access, use full-disk encryption or an encrypted home directory at the operating-system level.

Cloud sync

Cloud sync is opt-in and Pro-only. When enabled, your workspace is replicated to EU-hosted servers using end-to-end encryption: keys are derived on your device, and the server never sees your plaintext data. See the pricing section for plan details.

CLI referenceTroubleshooting