Armory Atlas
Sign In Sign Up

Privacy Policy

Last Updated: May 13, 2026

Your Privacy is Our Priority

Armory Atlas is built with Zero-Knowledge architecture, meaning we cannot and do not access your personal data. This policy explains exactly how we protect your privacy.

At Armory Atlas ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we handle information in connection with our website, mobile application, and services (collectively, the "Service"). Our Zero-Knowledge architecture ensures that your sensitive data remains private and secure at all times.

1. Zero-Knowledge Architecture

What Zero-Knowledge Means

Our Service is designed so that we have zero knowledge of your personal data. All sensitive information—including your firearm inventory, personal notes, documents, and other User Content—is encrypted locally on your device before being stored on our servers.

Client-Side Encryption

Your Master Encryption Key (MEK) is generated from your password using industry-standard key derivation functions (PBKDF2) and never leaves your device.

AES-GCM Encryption

We use AES-256-GCM encryption, a military-grade encryption standard, to protect your data both at rest and in transit.

No Recovery Possible

Because we don't have access to your MEK, we cannot recover your data if you lose your password. This is by design to ensure maximum privacy.

No Backdoors

We have not implemented any backdoors, master keys, or recovery mechanisms that would allow us to access your encrypted data.

2. Information We Collect

Data We CAN Access

  • Account Information: Email address, account creation date, last login time
  • Encrypted Data Blobs: Your encrypted data (which we cannot read or decrypt) will be sored on our servers
  • Target photos: To analyze your target, we need encrypted images.

Data We CANNOT Access

  • Technical Data: IP addresses, browser type, device information, operating system information send by your device - BUT WE NEVER STORE THESE DATA.
  • Authenticated Usage Analytics: We do not run analytics after login, including inside the authenticated app experience or dashboard.
  • Your Password or Master Encryption Key
  • Your Firearm Inventory Details (make, model, serial numbers, etc.)
  • Personal Notes and Documents
  • Travel Itineraries or Location Data
  • Any Content You Enter (all encrypted before leaving your device)

3. How We Use Information

We use the limited information we can access only for the following purposes:

Service Provision

To provide, maintain, and improve our Service functionality

Account Management

To manage your account, authenticate users, and prevent unauthorized access

Technical Support

To provide customer support and troubleshoot technical issues

Security Monitoring

To detect, prevent, and address security threats or fraudulent activity

4. Information Sharing and Disclosure

We Do NOT Share Your Encrypted Data

Your encrypted data is never shared, sold, or disclosed to any third party for any reason. Even if we wanted to, we cannot decrypt your data.

Government Requests: Even under legal compulsion, we can only provide what we have access to—which does not include your actual firearm data, personal notes, or any encrypted content.

Limited Non-Encrypted Data Sharing

We may share non-encrypted information only in these specific circumstances:

  • Service Providers: Trusted third parties who help us operate our Service (e.g., hosting providers, limited pre-login analytics services)
  • Legal Requirements: When required by law, court order, or to protect our rights
  • Safety: To protect the safety and security of our users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (your encrypted data remains encrypted). You will have option to export your data and delete your account.

5. Data Security

Encryption Standards

  • • AES-256-GCM encryption for data at rest
  • • TLS 1.3 for data in transit
  • • PBKDF2 for key derivation
  • • Secure random number generation

Infrastructure Security

  • • SOC 2 compliant hosting providers
  • • Regular security audits and monitoring
  • • Access controls and logging
  • • Automated threat detection

6. Your Privacy Rights

Access

Request information about what non-encrypted data we have about you

Correction

Update or correct your account information

Deletion

Request deletion of your account and associated data

7. Data Retention

  • Account Data: Retained while your account is active, plus 30 days after deletion
  • Encrypted Data: Permanently deleted when you delete your account
  • Log Data: Typically retained for 90 days for security and debugging purposes
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely

8. Cookies and Tracking

Essential Cookies

Required for authentication and basic functionality

Analytics

Anonymous analytics are limited to public, pre-login pages. After login, analytics are disabled and do not run in the authenticated product experience.

9. International Data Transfers

Our servers are located in the United States. If you are accessing our Service from outside the U.S., please note that your encrypted data will be transferred to and stored in the United States. However, because your data is encrypted with keys we don't possess, the location of storage does not impact your privacy.

10. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: [email protected]

Response Time: We typically respond to privacy inquiries within 72 hours.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • • Posting the new Privacy Policy on this page
  • • Updating the "Last Updated" date
  • • Sending you an email notification (for significant changes)
  • • Displaying a prominent notice in the Service