Security
How Ironwork protects your data
Encryption at rest
All sensitive data is encrypted at rest with AES-256-GCM. This includes:
- Anthropic API keys
- Linear OAuth tokens and refresh tokens
- GitLab OAuth tokens and Personal Access Tokens
- Webhook secrets
The encryption key is stored separately from the database and is configured as a server environment variable. Tokens are decrypted only when needed for an API call and are never written to logs.
Workspace isolation
Each workspace is a separate tenant. No data crosses workspace boundaries — projects, integrations, API keys, and agent history belong exclusively to their workspace.
Agent execution runs in isolated forked processes using a tenant worker pool. Each workspace's agent tasks run in their own child process, preventing one workspace's workload from affecting another. This isolation extends to environment state, file system access, and memory.
Repository access
Repositories are cloned when you add a project to your workspace. Agents access repository files only during active tasks — reading code for refinement context, writing code for implementation, or reviewing diffs. There is no persistent code indexing or background scanning.
Repository clones can be deleted at any time by removing the project from your workspace.
Authentication
Ironwork uses WorkOS AuthKit for authentication and session management. This provides:
- Session management — secure cookie-based sessions with encrypted tokens, automatic refresh, and server-side validation
- Single Sign-On (SSO) — connect your identity provider (Okta, Azure AD, Google Workspace, etc.) for centralized access control
- Multi-Factor Authentication (MFA) — additional security layer for user accounts
- OAuth — secure authorization flows for integrations with Linear and GitLab
Data retention
Agent task history is retained within your workspace for audit and review purposes. This includes task status, agent output, and session metadata. Repository clones are stored on the Ironwork server and can be deleted at any time by removing the project from your workspace.
No training data
Your data is never used for training
Your code, issues, merge request content, and agent conversations are never used for model training. Data flows only to your Anthropic account via your own API key. Anthropic's API data usage policy applies — when using the API, your data is not used to train models.
Third-party access
Ironwork interacts with a limited set of third-party services, each for a specific purpose:
| Service | Purpose | Data shared |
|---|---|---|
| WorkOS | Authentication, SSO, user management | User email, name, organization membership |
| Anthropic | AI processing (via your API key) | Issue content, code context, MR diffs sent as prompts |
| Linear | Your Linear instance (issue tracking) | Agent reads/writes issues and comments on your workspace |
| GitLab | Your GitLab instance (code hosting) | Agent reads/writes MRs, comments, and code on your instance |
No other third parties receive your data. Ironwork does not use analytics services, error tracking, or telemetry that transmits your code or issue content.