Written for owners, not engineers

Why you can trust ArmedIQ with your collection.

A guide, in plain language, to how ArmedIQ keeps sensitive information about your firearms, ammunition, and hunts protected — and what our design actually prevents.

Why inventory data deserves protection

A firearm inventory is more than a list. It records serial numbers, acquisition history, NFA registrations, storage habits, and sometimes where you hunt. That's the kind of information you'd never leave on a sticky note — and it's not the kind of information any app should treat casually.

ArmedIQ is built on a simple assumption: this data is private, and it should stay that way even if something goes wrong on our end.

What happens if someone gains database access?

Any responsible service has to plan for the worst-case scenario: an attacker who manages to see the raw data stored on our servers.

In ArmedIQ, sensitive fields like serial numbers, NFA records, acquisition details, and GPS coordinates aren't stored as plain text. They're stored as encrypted values — scrambled strings of characters that can't be read without the right keys. An attacker with a copy of the database wouldn't be able to look up your serial numbers or your hunt locations from what they found there.

Diagram 3
If the database is ever exposed

Protected fields are stored as encrypted values, not plain text. Without the correct keys, those values are not readable.

Attacker
Sees
Encrypted values
Unreadable
Missing
Decryption keys

No system can promise perfect security. What we can promise is that we've designed ArmedIQ so a database exposure alone does not reveal your protected fields in readable form.

Why encryption matters

Encryption turns readable information into a form that requires a key to unlock. Storing sensitive data encrypted means that copies of the database — backups, replicas, or anything an attacker might get their hands on — don't automatically reveal what you own.

Diagram 4
Life of a protected field

From the moment you save an item, sensitive fields follow the same path: encrypted, stored, and only decrypted for you.

Create
Encrypt
Store
Verify you
Decrypt for owner

How biometric protection works

When you tap to reveal a serial number or an NFA record, ArmedIQ asks you to confirm it's really you with Face ID or Touch ID. That check happens on your device — your face or fingerprint never leaves your phone and is never sent to our servers.

If someone picks up your phone while you're logged in, they still can't casually flip through your protected fields. They'd need to pass the biometric prompt first.

Diagram 2
Revealing a protected field

Protected details (serial numbers, NFA records, GPS) stay masked until you confirm it's you. Decryption happens only for the authenticated account owner.

Face ID / Touch ID
Field decrypted
For this session
Shown to you

Why decryption is tied to your account

Protected fields are decrypted only as part of authenticated application workflows. Someone else — even someone with access to raw database contents — would not be able to reconstruct your sensitive values from what's stored.

Protected fields stay encrypted
Serial numbers, NFA records, acquisition details, and GPS coordinates are stored as encrypted values, not readable text.
Reveal is gated
A biometric or password confirmation is required to reveal protected fields in the app.
Sessions are scoped
A signed-in session belongs to your account. You can sign out of every device from Settings.
No routine access
Protected fields are not routinely accessible through ordinary database access, and production access is limited to what's needed to keep the service running.

How this plays out in real life

The architecture matters because of what it means for everyday situations. A few examples:

You lose your phone
Signing in still requires your account credentials, and biometric unlock is tied to the device's Secure Enclave — it can't be used from another phone. You can rotate your password and sign out of every session from Settings.
Someone gets read-only access to a database backup
Protected fields in that data are encrypted values, not readable text. What an observer would see is scrambled ciphertext, not your serial numbers or hunt locations.
You lend your phone to a friend
Even if you're already signed in, protected fields stay masked until the reveal is re-confirmed with Face ID or Touch ID. Casual scrolling doesn't expose them.
You export your collection
You get a portable file with the data you entered — no lock-in, no gatekeeping. Your data belongs to you, and the export path is always available in Settings.

How access to protected fields is limited

Our systems are designed so that reading a protected field is not a routine operation. The values stored in the database are encrypted, and protected fields are not routinely accessible through ordinary database access.

If we ever need to investigate a specific issue you've reported, we do so with a narrow scope and only for as long as it takes to resolve your request.

Bringing it all together

The full path your data takes — from your device, over an encrypted connection, into an encrypted database, and back out only for you — is one continuous chain.

Diagram 1
How your data reaches us

Every request between your device and ArmedIQ travels over an encrypted TLS connection. Sensitive fields are encrypted before being written to the database.

Your device
TLS
ArmedIQ
Encrypted
Database
At rest
A note on honesty

No app is "unhackable" — and we won't tell you it is.

What we can tell you is what we've built: sensitive fields encrypted at rest, biometric gating on reveal, strict account isolation, and a commitment to keep improving.