Privacy Policy

Last updated: April 13, 2026

1. Information We Collect

GunVault collects information you provide directly, including:

• Account information: name, email address, password (hashed), FFL number, shop name
• Firearm records: A&D book entries you create (manufacturer, serial number, acquisition/disposition data)
• Customer records: buyer information you enter for compliance purposes
• Usage data: page views, feature usage, error logs

2. How We Use Your Information

• To provide and maintain the GunVault service
• To send transactional emails (account confirmation, password resets)
• To improve the platform and fix bugs
• We do not sell your data to third parties
• We do not share your A&D records with anyone except as required by law

3. Data Security

Your data is stored in an encrypted SQLite database. Passwords are hashed using bcrypt (cost factor 12). JWT tokens expire after 7 days. We use HTTPS for all data transmission in production.

4. ATF Compliance Data

Your Acquisition & Disposition records, Form 4473 data, and customer records are your records. GunVault stores them on your behalf. You are responsible for maintaining ATF-compliant records per 27 CFR 478.125. We do not audit or review your records.

5. Data Retention

Your data is retained for as long as your account is active. If you delete your account, your data is permanently removed within 30 days. Note: You are responsible for keeping copies of ATF-required records before deleting your account.

6. Your Rights

• Export your data at any time via CSV export
• Request deletion of your account by emailing privacy@gunvault.com
• Update your information in Settings at any time

7. Cookies

GunVault uses localStorage (not cookies) to store your authentication token. We do not use tracking cookies or analytics that share data with third parties.

8. Contact

Privacy questions: privacy@gunvault.com