Zero-trust posture
No single system is implicitly trusted with your plain data. Your device encrypts first, your account proves identity, and the cloud stores encrypted blobs instead of readable inventory.
Zero-trust trust center
Trust should be readable, not assumed.
ArmoryAtlas is built with a zero-trust operating model around a zero-knowledge cloud vault. Your device encrypts first, your account proves identity, and the service stores encrypted data instead of readable inventory.
This page explains what that means in plain language: what we can see, what we cannot see, why an account exists, how encrypted cloud storage works, where premium boundaries live, and how we talk about billing, restore, export, and support without hand-waving.
Cloud-only vault Encrypted before upload Cross-device by account Biometric unlock supported
Trust summary
What makes the model different
Zero-knowledge vault
Sensitive records are encrypted on-device with your vault key before sync or backup. ArmoryAtlas cannot read serial numbers, notes, receipts, trust documents, or range records from the server side.
Cloud-only encrypted vault
ArmoryAtlas is a cloud service. Your records are encrypted before upload, then stored as encrypted vault data in the cloud instead of being treated as a device-only database.
Deliberate access only
Biometric unlock, export, estate workflows, and cross-device access are intentional, user-driven steps. Sharing is never turned on silently.
Privacy explainer
What we can see and what we cannot
The easiest way to lose trust is to blur the line between account services and vault contents. ArmoryAtlas treats those as separate layers even though the product is cloud-only.
What we can access
- Account identity and sign-in metadata needed to authenticate you
- Billing and entitlement state needed to show plan access correctly
- Encrypted sync or backup blobs and file metadata needed to store your vault
- Operational telemetry needed to detect crashes, sync failures, and restore mismatches
What we cannot access
- Firearm details, serials, counts, notes, and valuation content in readable form
- Receipts, trust documents, tax stamps, and supporting files in plaintext
- Your vault key or the raw master secret that unlocks your encrypted records
- A hidden backdoor copy of your inventory for advertising, profiling, or third-party access
Why this is safer than a spreadsheet
Trust is a workflow problem, not a slogan
Review after review showed the same pattern: people are not just buying storage. They are buying confidence that the cloud record will still exist, still make sense, and still be exportable when something goes wrong.
Spreadsheets scatter sensitive data
Copies get emailed, attached to notes, saved in desktop folders, or left inside generic cloud drives with little context about who can read them.
ArmoryAtlas encrypts before storage
Your records are meant to live inside an encrypted vault with clearer boundaries around sync, export, restore, and device unlock.
Spreadsheets break under real workflows
They rarely handle receipts, photos, estate access, travel context, round counts, or restore validation without a patchwork of extra files.
ArmoryAtlas keeps trust tasks together
Inventory, attachments, exports, backup guidance, and estate workflows live in one system so ownership, proof, and recovery are easier to reason about.
Storage matrix
Plain-English storage boundaries
This is the trust model users actually need: where something lives in the cloud, why it exists, whether ArmoryAtlas can read it, and what control you keep.
| Surface | Purpose | Where it lives | Can we read it? |
|---|---|---|---|
| Encrypted cloud vault | Primary source of truth for inventory, notes, attachments, and history | Encrypted records stored in your account-backed cloud vault | No plaintext access You unlock access with your account identity plus vault credentials or device security where supported |
| Cross-device sync and recovery | Keep the encrypted cloud vault available across devices and during account recovery flows | Encrypted blobs stored under your account | No plaintext access You sign in, unlock the vault, and choose when to reconnect, restore, or move to another device |
| Exports | Insurance, estate, audit, print, and personal backup workflows | Generated for you on demand | No, unless you intentionally share the exported file elsewhere You choose the format, destination, and whether to share it |
| Device biometrics | Faster unlock without weakening the vault model | Hardware-backed device secure storage | No You opt in per device and can turn it off at any time |
| Account and billing | Identity, purchase restore, plan access, and support routing | Account service and store billing systems | Yes, for account and entitlement data only You can review plan state, sign in on a new device, and manage billing separately from vault data |
Why an account exists
Identity is not the same thing as your vault key
- To authenticate you across iOS, Android, and web without exposing the vault key to the server
- To associate your encrypted cloud vault and attachments with the correct user account
- To restore purchases and premium entitlements without guessing which device owns them
- To support executor access, billing support, and device migration when you explicitly request them
Pricing and transitions
Clear boundaries beat surprise paywalls
- Free starts with a secure zero-knowledge vault and limited inventory capacity so you can evaluate the core workflow safely.
- Premium removes the major inventory caps and unlocks advanced workflows such as Travel Co-Pilot, reloading, AI target analysis, advanced reports, and executor access.
- The live plan matrix on /plans is the source of truth for current limits and launch offers.
- Billing state should control premium workflows, not silently erase ownership of records you already created in your cloud vault.
Cloud-only storage
Cloud-hosted does not mean cloud-readable
ArmoryAtlas is a cloud-only product, but the trust boundary is still the same: vault contents are encrypted before upload, account services are separate from readable records, and export, restore, and sharing should remain explicit user actions. Wherever we present those workflows, the UI should tell you what is stored in the encrypted cloud vault, what is account metadata, and what leaves the system as an export.
Platform boundaries
Make the boundaries obvious
Another repeated review theme was confusion about where a workflow lives. If something is best on desktop, premium-only, or tied to your cloud account, the interface should say so before you invest effort.
Best on mobile
- Daily logging and lookup
- Quick edits at the range or shop
- Biometric unlock
- Fast access to your encrypted cloud vault
Best on desktop or web
- Long-form review and bulk setup
- Spreadsheet-oriented import and export tasks
- Printing and audit-style document workflows
- Large-screen browsing across bigger collections
What we owe you everywhere
- Clear labels when a workflow is mobile-only or desktop-first
- No bait-and-switch around premium requirements
- A readable path to export, backup, restore, and support
- Consistent trust language across plans and platforms
How we answer trust questions
Trust language should get sharper when something goes wrong
Users do not only judge security on good days. They judge it during restores, entitlement mismatches, crashes, export deadlines, and privacy concerns. Good trust messaging is specific, calm, and technically honest.
Privacy concern
We explain what account metadata exists, what vault content is encrypted before upload, and what the service must keep to authenticate or bill correctly.
Restore or sync concern
We show what was backed up, when it last succeeded, and whether attachments, documents, and counts match after restore.
Billing or purchase mismatch
We surface the entitlement source of truth, give you a restore or retry action, and avoid language that makes your data feel hostage to a stale purchase state.
Crash or integrity issue
We document the problem clearly, protect existing records first, and explain what was repaired, what still needs review, and how to export your data immediately if needed.
Continue reading
Read the trust model, then use the vault
If you want the legal detail, read the privacy policy and terms. If you want the live plan matrix, open pricing. If you just want to start with the secure vault, create your account and keep your records encrypted from the first session.