Security Center

Your collection, protected by design.

ArmedIQ was built with the assumption that firearm inventory data is sensitive. Security and privacy are core to how the app is engineered — not features added later.

Our philosophy

Privacy first. Security by default.

We build ArmedIQ the way we'd want our own records handled: minimum data collected, sensitive fields encrypted, and no ads, brokers, or trackers taking a cut of what you enter.

Minimize exposure
Sensitive fields are masked in the UI and encrypted at rest. What isn't needed isn't collected.
You own your data
Export everything you've entered at any time. Delete your account and its data in one step.
Continuously improved
Security is reviewed on an ongoing basis, and the platform is updated as best practices evolve.
Security principles

Five ideas that guide every decision

When we design a feature or review an existing one, we come back to these.

Privacy by design
Sensitive fields are identified up front and protected from the moment they're captured — not treated as an afterthought once a feature ships.
Least privilege
Access — for you, for our systems, and for our team — is scoped to what a task actually requires, and nothing more.
Defense in depth
Encryption, authentication, biometric gating, and row-level isolation each stand on their own so that no single layer is the whole story.
Data ownership
Your collection is yours. You can export it or delete it at any time, without asking us.
Continuous improvement
Security is treated as an ongoing practice. We review, revise, and harden as best practices evolve.
How your data is protected

A layered approach

Each layer is designed to keep sensitive information usable to you and unreadable to anyone else.

Encryption at rest
Sensitive fields — serial numbers, NFA records, acquisition details, and GPS — are encrypted before being written to the database. Protected fields remain encrypted wherever they are stored.
Authentication & account security
Sign in with a password, or use passkeys for phishing-resistant login. Sessions are scoped and can be signed out from Settings. Password resets don't expose your stored data.
Biometric unlock
Protected fields stay masked until you confirm it's you with Face ID or Touch ID. Biometrics never leave your device.
Row-level isolation
Every record is scoped to the account that created it. Queries cannot cross account boundaries.
Data ownership
You can export your full collection as a portable file at any time. Deleting your account deletes your data.
No ads. No trackers.
We don't sell, rent, or broker your data. Your collection isn't used for advertising or analytics that leave the platform.
Visual overview

What actually happens with your data

Four diagrams showing how information flows through ArmedIQ.

Diagram 1
How your data reaches us

Every request between your device and ArmedIQ travels over an encrypted TLS connection. Sensitive fields are encrypted before being written to the database.

Your device
TLS
ArmedIQ
Encrypted
Database
At rest
Diagram 2
Revealing a protected field

Protected details (serial numbers, NFA records, GPS) stay masked until you confirm it's you. Decryption happens only for the authenticated account owner.

Face ID / Touch ID
Field decrypted
For this session
Shown to you
Diagram 3
If the database is ever exposed

Protected fields are stored as encrypted values, not plain text. Without the correct keys, those values are not readable.

Attacker
Sees
Encrypted values
Unreadable
Missing
Decryption keys
Diagram 4
Life of a protected field

From the moment you save an item, sensitive fields follow the same path: encrypted, stored, and only decrypted for you.

Create
Encrypt
Store
Verify you
Decrypt for owner
Our commitment

What we promise you

A short, plain-language statement of how we operate.

Privacy-first design
We collect the minimum data needed to run the service and encrypt what's sensitive.
Security by default
Protective settings are on out of the box — you don't have to opt in to be protected.
Continuous improvement
We track evolving best practices and update the platform accordingly.
Responsible disclosure
Researchers can report vulnerabilities directly to us. We respond, investigate, and credit.
Transparency
We describe what we do accurately and avoid marketing claims we can't stand behind.
You stay in control
Your data is yours. Export or delete it at any time, no questions asked.
Responsible disclosure

Found a security issue?

We appreciate reports from security researchers and take them seriously.

If you believe you've found a vulnerability in ArmedIQ, please email security@armediq.com with a description of the issue and steps to reproduce.

  • Please give us reasonable time to investigate and remediate before public disclosure.
  • Avoid accessing, modifying, or destroying data that does not belong to you.
  • Do not run automated scanners that generate significant traffic against production.
  • We'll acknowledge receipt promptly and keep you updated on progress.
FAQ

Security & privacy questions

Honest, plain-language answers to the questions we hear most.

Is my firearm information encrypted?

Yes. Sensitive fields — including serial numbers, NFA records, acquisition details, and GPS coordinates — are encrypted before being written to the database. Non-sensitive fields (like a firearm's make and model) remain searchable within your own account.

Can ArmedIQ employees see my serial numbers?

Protected fields are stored as encrypted values, and are not routinely accessible through ordinary database access. We do not browse individual account contents as part of normal operations. Access to production systems is limited and used only when needed to keep the service running or to investigate an issue you've reported.

What happens if my phone is stolen?

Signing into ArmedIQ still requires your account credentials. Biometric unlock is tied to your device's Secure Enclave and cannot be used from another phone. You can sign out of all sessions from Settings, and you can rotate your password to invalidate existing tokens.

What happens if I forget my password?

You can reset your password from the sign-in screen. Your encrypted data remains intact after a reset — signing back in gives you access to it again.

Is my data backed up?

Yes. The database is backed up on a rolling basis by our managed infrastructure. Protected fields remain encrypted wherever they are stored. You can also export your full collection at any time from Settings → Export.

Is GPS information protected?

Hunt GPS coordinates are treated as a protected field and are encrypted at rest, along with other sensitive location data you choose to record.

How are NFA records protected?

NFA-specific fields (form type, registration numbers, tax stamp details) are stored encrypted and gated behind the same protected-view unlock as serial numbers.

Why do I sometimes need Face ID or Touch ID?

Protected fields stay masked until you re-confirm it's you. This prevents a shoulder-surfer, a borrowed device, or an unattended screen from exposing sensitive details.

Is my information shared with anyone?

No. We do not sell, rent, or broker your data. We do not use your collection for advertising. Data is shared only when you explicitly create a share link, and those links can be revoked at any time.

Can I export my data?

Yes. Settings → Export produces a portable file containing everything you've entered. There is no lock-in and no additional charge to take your data with you.

Contact the security team

For vulnerability reports, security questions, or privacy requests.

Looking ahead

Security roadmap

Security is an ongoing effort, not a finished project.

We're committed to continuously improving how ArmedIQ protects your data. Future enhancements may include additional authentication options, expanded auditing and activity visibility, and ongoing platform hardening as best practices evolve.

This is a general direction rather than a commitment to specific features or timelines.

Security documentation
Last updated
July 2026
Version
1.0