Back to home

Privacy Policy

Last updated: 06/09/2026 · Effective: [placeholder, set when launched]

Who we are

GunTracker is a product of Smith Web Apps, LLC, a limited liability company that builds and operates the service. In this policy, "we," "us," and "our" refer to Smith Web Apps, LLC. "GunTracker," "the service," and "the app" refer to the product itself.

This policy explains what information we collect when you use GunTracker, what we do with it, what we never do with it, your rights over it, and how to contact us with questions.

The short version

GunTracker is built for one person tracking one collection. The promise is simple: we never sell or hand out your data to anyone. No advertisers, no analytics partners, no data brokers, no marketing email. The only third party we share anything with is Stripe, our payment processor, and only the minimum they need to bill you (an opaque internal user ID; never your email, name, or any of your records). The only email you receive from us is about your account (verification, password reset, two-factor codes) or, infrequently, a notice about a significant change to the service. We do not send marketing email.

Sensitive fields you record (serial numbers, range names, purchase locations, and every "notes" field) are encrypted at rest. Anyone with database access alone cannot read them.

1. What we collect

Account information you give us

  • Email address (required, used to send confirmation, password reset, and two-factor codes)
  • Username (required, displayed in the app)
  • Password (stored using a one-way cryptographic hash, never in plaintext, never recoverable)
  • Two-factor preference (on/off, and whether your email has been verified for codes)

Information you create using the app

  • Firearms you record: make, model, caliber, serial number, purchase details, current value, status history, notes, photos
  • Accessories: type, make, model, value, photos, which gun they're assigned to
  • Ammunition types: caliber, brand, lot number, quantity, cost, notes
  • Range trips: date, range name, weather, per-gun sessions, ammo usage, target photos, notes
  • Maintenance entries: type, description, round count at service
  • Photos you upload. Hidden camera metadata embedded in photo files, including GPS location, is automatically removed before the photo is stored. We keep only the image itself.
  • Contact information you optionally enter into a printable report (for example, your address on an insurance report). This information is used only to render that report and is not added to your profile.
  • If you contact support, the name, email address, and message you provide, which are delivered to our support inbox so we can reply to you.

Information generated automatically

  • Timestamps on records you create or update
  • Web server access logs (IP address, request method, URL path, status code, user agent), used only for operating the service and security investigation
  • Application logs (structured records of what the app did), deliberately scoped to exclude the contents of the sensitive fields described in Section 3

What we do not collect

  • We do not require your legal name, address, phone number, date of birth, or Social Security number to create or use an account. If you choose to type contact details into a printable report or a support message, they are used only for that purpose and are never added to a profile about you
  • We do not load third-party analytics, advertising scripts, fingerprinting code, or social-media trackers
  • We do not place tracking cookies. See Section 6 for the strictly-necessary cookies the application does set
  • We do not collect biometric information, precise geolocation, or device sensor data

2. How we use it, and why

We use the information you give us strictly to operate the service:

  • Authenticate you on sign-in and across your session
  • Send transactional emails (account confirmation, password reset, two-factor codes, infrequent service notices)
  • Generate the printable theft, loss, insurance, and inventory reports you request
  • Run the dashboard, search, and reporting features that read your own data back to you
  • Bill your subscription and confirm payment status with our payment processor (see Section 4)
  • Investigate security incidents, abuse, or service issues using the access and application logs
  • Respond to your questions or support requests

Legal basis (for users in jurisdictions where this matters, e.g. the EEA / UK). We process account, content, and billing data because it is necessary to perform our contract with you (to deliver the service you signed up for). We process operational and security logs because we have a legitimate interest in keeping the service running, available, and secure, and in detecting and preventing fraud or abuse. We may also process data to comply with a legal obligation, or, where applicable, with your consent.

That is the entire list of purposes. There is no secondary use, no monetization, no profiling.

3. Encryption

The following categories of fields are encrypted at rest using strong, industry-standard encryption:

  • Gun serial numbers
  • Gun purchase locations
  • Gun notes and gun-status-change notes (including the "Sold to" field)
  • Accessory purchase locations and notes
  • Maintenance descriptions and free-text type entries
  • Ammo type notes
  • Range trip range names, weather, notes, and per-gun session notes

Anyone who gained access to a database file or backup alone would not be able to read these fields.

Web traffic between you and the service is encrypted in transit using current industry-standard protocols. We do not accept unencrypted connections to the application.

4. Payment processing

GunTracker subscriptions are billed by Stripe, an independent payment processor, on behalf of Smith Web Apps, LLC. The merchant of record on your card statement is Smith Web Apps, LLC, with GUNTRACKER shown as the recognizable product descriptor. We chose Stripe specifically because it lets us share almost nothing about you with them.

What we send Stripe: an opaque internal ID that lets Stripe report your subscription status back to us. That ID is not your username, email, or any data you have entered. It is a random identifier generated when you registered.

What we do not send Stripe: your email address, username, name, mailing address, phone number, IP address, or any of the firearm collection data you have recorded. None of this is shared with Stripe by us.

What Stripe collects directly from you: when you complete payment on Stripe's hosted checkout page, you enter your card details and an email address. That information goes from your browser to Stripe. It never touches our database. We do not see your card, your card type, your billing ZIP, or anything else you give Stripe. After you have paid, the only things we receive back are non-personal billing references: a customer number, a subscription number, the subscription's status, and the date it is paid through. No personal information flows back to us from Stripe.

What Stripe does with the data they collect: Stripe is bound by their own privacy policy at https://stripe.com/privacy. Per their stated practices, they use payment data to process payments and meet legal obligations (fraud prevention, regulatory reporting), not to sell or share for advertising. You can request deletion of your data directly with Stripe after canceling your subscription.

Card data: card data is entered on Stripe's site, handled by Stripe's PCI-compliant infrastructure, and never reaches our servers. We cannot see or store your card details because we never receive them.

5. Where your data lives

  • All application, database, email, and backup processing for the service takes place on cloud infrastructure located within the United States.
  • Backups are retained in encrypted form by our infrastructure provider.
  • Subscription billing records (your customer record at Stripe, your card details, and your payment history) are kept by Stripe per their retention policy.

Other than the limited billing data handled by Stripe (Section 4), we do not transfer your data outside the United States. If you access the service from outside the United States, you understand and agree that your information will be transferred to, stored, and processed in the United States.

6. Cookies and local storage

GunTracker sets a small number of cookies, all strictly necessary to operate the service:

  • An authentication cookie that keeps you signed in
  • A security cookie that protects forms from cross-site request forgery
  • A short-lived cookie the application uses to carry one-time status messages between pages (for example, "Gun added."). It is removed as soon as the message is shown.

The site also uses your browser's session storage on certain longer forms (for example, the theft and insurance report forms) to remember what you typed if you navigate back to edit. That data stays in your own browser, is never sent to us as stored state, and is cleared automatically when you close the tab.

We do not set cookies for advertising, analytics, fingerprinting, or cross-site tracking.

Do Not Track and Global Privacy Control. Because we do not track users across sites or sell or share personal information, there is nothing for these browser signals to opt you out of. Every user gets the same no-tracking treatment whether or not their browser sends such a signal.

7. Email

Account-related transactional emails (verification, password reset, two-factor codes, and infrequent service notices) come from noreply@myguntracker.com and are delivered through a third-party email service provider acting on our behalf. We do not send marketing email and we do not sell your address. Transactional emails do not include open or click tracking pixels.

You cannot opt out of essential account emails (for example, password-reset confirmations or security alerts) while keeping an active account, because they are necessary for the security of the service. If you no longer want to receive any email from us, delete your account.

8. Categories of third-party services we use

We use a small number of third-party service providers to operate GunTracker. They are listed below by category, with what each receives and why. We do not engage processors beyond these categories.

Category Purpose Data shared with them by us
Cloud infrastructure provider Hosting the application, database, and encrypted backups; delivering transactional email All account and content data, processed under the provider's data processing agreement; subject line and recipient address for transactional emails
Stripe (payment processor) Subscription billing and payment processing An opaque internal user ID. We do not send Stripe your email, name, or any of your records. See Section 4 for the complete data-sharing scope.

If we ever change processors or add a new category, we will update this section before they receive any of your data.

9. How long we keep data

  • Account and content data (your guns, accessories, ammo, range trips, photos, notes, account record) are kept for as long as your account exists. When you delete your account, every row tied to it is removed from the database immediately (see Section 11).
  • Backups are retained in encrypted form for a limited operational window measured in days, then rotated out. Deleted accounts disappear from active databases immediately but may persist in backups until the next rotation cycle, after which they cannot be recovered.
  • Web server access logs are kept for a limited operational period and then routinely deleted. They are used only for service operation and security investigation, never for profiling.
  • Application logs follow the same limited operational period as access logs.
  • Admin audit log entries recording actions an administrator took on an account are kept indefinitely for operational and compliance purposes. They preserve your username as it was at the time of the action but no other data about you.
  • Stripe billing records are kept by Stripe per their retention policy, independent of our retention. See Section 4.

10. Children

GunTracker is intended for adults who legally own firearms. It is not directed at children, and we do not knowingly collect information from anyone under 18. If you believe a child has created an account, contact us at guntrackersupport@smithwebappsllc.com and we will delete it.

11. Your rights, your account, and deletion

You can:

  • See what we have on you. Every record we hold is rendered on a page in the app. There is no hidden profile.
  • Edit or correct individual records at any time. Every entity has an edit page; ammo types and range trips can be hard-deleted, and photos can be deleted individually.
  • Delete your entire account at any time from Account → Danger zone → Delete my account. This is a hard delete. Every row tied to your account is removed from the database immediately, including all guns, accessories, ammo types, range trips, photos, and the account record itself. There is no soft-delete, no recovery period, no support process that can bring it back. If you have an active subscription, we cancel it with Stripe as part of the delete so no further charges occur.
  • Delete your subscription data with Stripe separately. Canceling your account here cancels the subscription and deletes everything GunTracker holds about you. Stripe's record of your subscription history stays with Stripe per their retention policy. You can request deletion directly with Stripe via their support or per the rights described in their privacy policy.
  • Request a copy of your data by writing to us. We will provide what we hold in a machine-readable format within a reasonable time.
  • Object to or restrict processing where you have that right under applicable law, by writing to us.

One exception to deletion: we keep admin audit log rows that record actions taken by an administrator on your account (for example, "admin extended trial for user X on date Y"). Those are operational records of administrative actions, not records about you in the privacy-rights sense. Your username at the time of the action is preserved so the audit log remains intelligible; no other data about you is kept.

12. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"). This section summarizes those rights and how to exercise them.

Categories of personal information we collect. See Section 1 for the complete list. In CCPA categories: identifiers (email, username, IP address), internet activity information (access logs), commercial information (your subscription status with Stripe), and the content you choose to enter into the app. We do not collect biometric, precise geolocation, sensitive demographic, or inference data.

We do not sell or share your personal information for cross-context behavioral advertising or any other purpose. We have not sold or shared personal information in the preceding twelve months and we do not intend to.

Your California rights:

  • Right to know what personal information we have collected about you and how we use it.
  • Right to delete your personal information (see Section 11).
  • Right to correct inaccurate personal information.
  • Right to opt out of any "sale" or "sharing" of your personal information (we do not engage in either, so this right is satisfied by default).
  • Right to limit use of sensitive personal information (we do not collect sensitive PI for purposes that would require limitation).
  • Right to non-discrimination for exercising your rights. We will not deny service, charge a different price, or provide a different level of service because you exercised a CCPA right.

To exercise any of these rights, write to guntrackersupport@smithwebappsllc.com. We will verify your identity through your account credentials and respond within the statutory timeframe. You may also use an authorized agent; we will require written authorization and verification.

Other U.S. states. If you live in another state with a comprehensive privacy law (for example Virginia, Colorado, Connecticut, Utah, or Texas), you may have similar rights of access, correction, deletion, and portability. We honor these requests for all users regardless of state, through the same contact above.

13. European users (UK, EEA)

GunTracker is designed for and operated from the United States. If you are in the United Kingdom or the European Economic Area and choose to use the service, you understand that your data will be transferred to and processed in the United States, which may not offer the same level of data-protection rights as your home jurisdiction.

Lawful bases for processing are described in Section 2. You have the rights of access, rectification, erasure, restriction, portability, and objection under applicable data protection law. To exercise any of these, write to guntrackersupport@smithwebappsllc.com.

You also have the right to lodge a complaint with the data protection authority in your country if you believe we have processed your data unlawfully.

We are not currently established in the UK or EEA and have not appointed a representative under Article 27 of the UK or EU GDPR.

14. Security

We use industry-standard practices to protect your account and your data, including encryption at rest for sensitive fields (see Section 3), encryption in transit, strong password hashing, optional two-factor authentication delivered by email, rate limiting on sensitive endpoints, and encrypted backups. No online service can guarantee absolute security, but we treat your records as if they were our own.

What we ask of you: use a unique password (a password manager helps), turn on two-factor, and don't share your account. If you suspect your account has been accessed by someone else, change your password immediately and turn on two-factor if it isn't already on.

15. Security incident notification

If we become aware of a security incident that materially compromises the confidentiality, integrity, or availability of your data, we will notify you without undue delay, through the email address on file or an in-app notice, with a description of what happened, what data was affected, what we are doing in response, and what (if anything) you should do. Where applicable law requires notification to regulators, we will comply with those requirements as well.

16. Disclosure for legal process and business transfer

Legal process. We may disclose your information if we believe in good faith that disclosure is required by a valid subpoena, court order, or other legal process; necessary to protect the rights, property, or safety of Smith Web Apps, LLC, our users, or the public; or necessary to detect, prevent, or address fraud or security issues. Where legally permitted and reasonable, we will notify you before disclosing your information so you have an opportunity to challenge the request.

Business transfer. If Smith Web Apps, LLC is involved in a merger, acquisition, sale of assets, financing, or bankruptcy, your information may be transferred to a successor or affiliate as part of that transaction. We will notify you (through an in-app notice or email) before your data becomes subject to a different privacy policy, and any successor will be bound by terms at least as protective as this policy for the data transferred.

17. Changes to this policy

If we change this policy, the "Last updated" date at the top of the page will change. Material changes will also be highlighted on this page for a reasonable period and, where required by law, communicated by email or in-app notice before they take effect. We will not retroactively expand how we use data you have already given us without your explicit consent.

18. Contact

GunTracker is operated by Smith Web Apps, LLC. For privacy questions or to exercise any of the rights described in this policy, write to guntrackersupport@smithwebappsllc.com or use the Support form. If we do not respond within a reasonable time, you may have rights to escalate to a privacy regulator in your jurisdiction.

Mailing address: [placeholder, insert the LLC's registered business address before launch].