Trust & pricing

Trust

Wrkr runs infrastructure so you don't have to, but it deliberately holds as little of your stuff as possible. This page is the plain-language version of that boundary: what's yours, what's ours, and what you're still on the hook for.

What Wrkr never holds

By design, these stay inside your machine or your own accounts. Wrkr does not custody them:

  • Your secrets. API keys, access tokens, and app credentials live in your VM — in your .env files or your own secret store. There is no Wrkr secrets vault, and Wrkr never asks you to hand them over.
  • Your AI provider keys and sessions. You log in to your own harness account; your model API keys are yours. Your prompts, your sessions, your transcripts, and your model responses are not Wrkr's.
  • Your code and projects. Your repositories are files on your machine. Wrkr has no "projects" product that owns or indexes them.
  • Your app's data. Your database and your stored files are yours to read, export, and take with you at any time.

The test is simple: if it's something you'd keep private on your own laptop, it stays private on your machine here too.

What Wrkr does manage

So that you don't have to:

  • Your account and sign-in, and your billing.
  • The machine's lifecycle — provisioning, keeping it always-on, and the host underneath it.
  • Backups — the hourly offsite backup of your work (see below).

Isolation

Your machine is yours alone — one machine per person, isolated from every other customer's. Nobody else is on your box, and other customers' machines can't reach into yours. Getting in requires your sign-in.

The native macOS app authenticates through your system browser and stores your session securely in the macOS Keychain, so it can reconnect without re-prompting. The app itself is code-signed and notarized, so your operating system can verify it's the genuine Wrkr app before it runs.

Durability

Your data is protected at the layer where it lives:

  • Your work — your home directory is backed up every hour, encrypted, to offsite storage, automatically. If your machine is rebuilt, your work comes back.
  • Your app's database — take on-demand snapshots and restore them, or pull a portable dump anytime with wrkr db export.
  • Your app's files — held in durable object storage that survives a machine rebuild.

The full mechanics are on Backups & restore.

No lock-in

Everything Wrkr gives you is standard underneath — plain Postgres, plain Redis, plain object storage, plain files. You can export your database, download your stored files, and walk away with your data whenever you want. Nothing about Wrkr traps you.

What stays your responsibility

Wrkr secures the substrate; the application is yours to secure like any app you'd ship:

  • Your app's own security — its authentication, authorization, input validation, and how it handles its users' data.
  • Your secrets hygiene — keep keys in the environment, not in your code or your repo.
  • Your external accounts — your domain registrar, your payment processor, your AI provider, and their credentials.

Guarantee

Wrkr is prepaid — one flat price — with a 14-day money-back guarantee: if it isn't for you, you get your money back.

The formal privacy policy arrives with public signup; until then access is invite-only and the commitments above are the complete story.