Why you can trust ArmedIQ with your collection.
A guide, in plain language, to how ArmedIQ keeps sensitive information about your firearms, ammunition, and hunts protected — and what our design actually prevents.
Why inventory data deserves protection
A firearm inventory is more than a list. It records serial numbers, acquisition history, NFA registrations, storage habits, and sometimes where you hunt. That's the kind of information you'd never leave on a sticky note — and it's not the kind of information any app should treat casually.
ArmedIQ is built on a simple assumption: this data is private, and it should stay that way even if something goes wrong on our end.
What happens if someone gains database access?
Any responsible service has to plan for the worst-case scenario: an attacker who manages to see the raw data stored on our servers.
In ArmedIQ, sensitive fields like serial numbers, NFA records, acquisition details, and GPS coordinates aren't stored as plain text. They're stored as encrypted values — scrambled strings of characters that can't be read without the right keys. An attacker with a copy of the database wouldn't be able to look up your serial numbers or your hunt locations from what they found there.
Protected fields are stored as encrypted values, not plain text. Without the correct keys, those values are not readable.
No system can promise perfect security. What we can promise is that we've designed ArmedIQ so a database exposure alone does not reveal your protected fields in readable form.
Why encryption matters
Encryption turns readable information into a form that requires a key to unlock. Storing sensitive data encrypted means that copies of the database — backups, replicas, or anything an attacker might get their hands on — don't automatically reveal what you own.
From the moment you save an item, sensitive fields follow the same path: encrypted, stored, and only decrypted for you.
How biometric protection works
When you tap to reveal a serial number or an NFA record, ArmedIQ asks you to confirm it's really you with Face ID or Touch ID. That check happens on your device — your face or fingerprint never leaves your phone and is never sent to our servers.
If someone picks up your phone while you're logged in, they still can't casually flip through your protected fields. They'd need to pass the biometric prompt first.
Protected details (serial numbers, NFA records, GPS) stay masked until you confirm it's you. Decryption happens only for the authenticated account owner.
Why decryption is tied to your account
Protected fields are decrypted only as part of authenticated application workflows. Someone else — even someone with access to raw database contents — would not be able to reconstruct your sensitive values from what's stored.
How this plays out in real life
The architecture matters because of what it means for everyday situations. A few examples:
How access to protected fields is limited
Our systems are designed so that reading a protected field is not a routine operation. The values stored in the database are encrypted, and protected fields are not routinely accessible through ordinary database access.
If we ever need to investigate a specific issue you've reported, we do so with a narrow scope and only for as long as it takes to resolve your request.
Bringing it all together
The full path your data takes — from your device, over an encrypted connection, into an encrypted database, and back out only for you — is one continuous chain.
Every request between your device and ArmedIQ travels over an encrypted TLS connection. Sensitive fields are encrypted before being written to the database.
No app is "unhackable" — and we won't tell you it is.
What we can tell you is what we've built: sensitive fields encrypted at rest, biometric gating on reveal, strict account isolation, and a commitment to keep improving.
