Your Data, Your Rules

Your serial numbers
are nobody's business but yours.

Gun Vault is built on a simple premise: firearm records belong to the owner, not the platform. No ATF reporting. No data sales. No silent sharing with manufacturers, insurance companies, or anyone else. Ever.

256-Bit

AES at rest
TLS 1.3 in transit

Zero Reporting

Not a registry
Not connected to ATF

Export Anytime

CSV / PDF / ZIP
No lock-in, ever

US-Hosted

Servers in the US
Built by US owners

Our Pledge

Who we do not share with

ATF & Federal Agencies

Gun Vault is not connected to any ATF registry or reporting system. We do not report acquisitions, dispositions, or serial numbers. We are not an FFL.

Law Enforcement — Unsubpoenaed

We do not voluntarily share records with local, state, or federal law enforcement. Court-issued subpoena with specificity is the only path — see below.

Manufacturers

We do not send ownership data to firearm manufacturers, parts makers, or distributors. Your serial numbers are not used for warranty lookups, recalls, or marketing.

Insurance Companies

Your vault is not used to set premiums, trigger audits, or verify claims for any insurance carrier. If you want to share with your insurer, you export and send it yourself.

Data Brokers & Advertisers

Your firearm records are not a product. We don't sell them, rent them, or anonymize-and-aggregate them for third-party analysis. There is no secondary use.

Gun Control Organizations

Your data is not shared with advocacy groups on either side of the gun policy debate. Not Everytown. Not NRA. Not anyone else. Gun Vault is a tool, not a cause.

The Technical Layer

How your data is actually protected

Specifics, not buzzwords. Here's the stack keeping your vault private, and the trade-offs each piece makes.

AES-256 At Rest

Every record in our database is encrypted at rest using AES-256-GCM. Firearm details, photos, stories, tax stamps, and trust documents alike. Keys are rotated and managed in a separate key vault.

TLS 1.3 In Transit

Every connection between your browser and Gun Vault uses TLS 1.3. No request ever travels in plaintext. HSTS is enforced at the edge so downgrade attacks can't talk the browser into weaker crypto.

bcrypt Password Hashing

Your password is hashed with bcrypt before it ever touches storage. Industry standard, one-way, salted. Even our own team can't read your password. If we're breached, your login is still useless to an attacker.

JWT Session Tokens

Sessions use short-lived JWT tokens signed with a per-installation secret. No session IDs sitting in a shared database. Revoking access is instant, and nothing is stored on the device you can't wipe yourself.

Isolated Document Storage

Tax stamps, bills of sale, and trust PDFs live in an encrypted object store separate from your core database. Signed, short-lived URLs for access. No public buckets, no hotlinkable attachments.

US-Based Infrastructure

All servers, backups, and document storage are hosted in US data centers. No data is replicated outside US jurisdiction. Your records don't get backed up to a server farm in another country.

Access Model

Who can see your vault

A short, honest accounting. The default answer for most rows is "no" — but where the answer is "yes" or "limited," you should know the exact conditions.

You

Full read, write, and export access. Your account, your records. Requires your password + email.

Full Access

Your Executor

(Gun Legacy / Gun Trust) Read-only access after death certificate verification. You pre-designate them. Revocable while living.

Read-Only, Verified

Your Responsible Persons

(Gun Trust only) Read access to the trust document and item list if you grant it. Per-RP. Revocable any time.

Opt-In, Revocable

Gun Vault Engineers

Access restricted to infrastructure and encrypted data only. Decryption keys require multi-factor approval. Every access is logged and auditable.

Break-Glass Only

ATF / Law Enforcement

No voluntary access. Only via properly scoped court-issued subpoena. See the legal section below.

No Access

Manufacturers / Insurance / Brokers

None. At all. Ever.

No Access

The Hard Question

"What about subpoenas?"

An honest, unvarnished answer. Gun Vault is a US company subject to US law, and we're not going to pretend otherwise.

The honest answer

If Gun Vault receives a valid, specific, court-issued subpoena directed at a named account, we comply with the law like every other US company. We don't pretend we're above the law.

But we defend you within the law. We do not respond to informal requests, fishing expeditions, overly broad warrants, or agency letters. We challenge defective process. We require specificity — your name, the records sought, the legal basis. We will not hand over a full vault dump because a letter arrived on government letterhead.

We will also notify you that your records were requested, unless we are explicitly barred from doing so by the court (a gag order). When we are barred, we work to lift the gag as soon as legally possible so you can be informed after the fact.

Subpoenas Received

Records Disclosed

100%

User Notifications

Your Data, Your Rights

What you can do, anytime

No customer service ticket required. No waiting period. These controls live in your account settings.

Export Everything

Download your entire vault as CSV, PDF, or ZIP (photos + documents included). At any time, on any plan, including Free.

Delete Your Account

Self-service account deletion. Your data is wiped from our systems within 30 days, including backups. No "we'll keep it forever just in case" clause.

Revoke Executor Access

Remove or change your designated executors any time. The moment you revoke, their credentials stop working. No waiting period.

See What's On File

A "What We Know About You" summary lives in your account settings. It lists every field we store, including IP addresses from recent logins.

If the worst happens, you hear it from us first

If Gun Vault experiences a data breach, we will notify affected users within 72 hours of confirmation. No legal-team delays, no "still investigating" silence for months. A real breach, a real notification, with what happened and what records were affected. This is a commitment above what US law requires.

Remaining Questions

Security FAQ

The questions gun owners ask before they upload their first serial number.

Is Gun Vault a federal firearms registry?

No. Gun Vault is a private record-keeping tool for individual gun owners. We are not connected to the ATF's systems, we are not a Federal Firearms Licensee (FFL), and we do not submit any data to any government registry. Your records exist because you chose to keep them, on a platform you chose to use.

Can the government force you to turn over user data?

Only through a valid, court-issued subpoena directed at a specific named account. We would comply with lawful legal process same as any US company. But we defend our users: we require specificity, challenge overbroad requests, and notify the affected user unless explicitly gagged. We do not provide data in response to informal requests, agency letters, or fishing expeditions.

Where is my data physically stored?

US-based data centers. Primary databases and document storage are in the United States. Backups are also US-based. Your data does not leave US jurisdiction, does not get replicated to foreign servers, and does not get mirrored to third-party analytics platforms.

Does Gun Vault use my data to train AI or machine learning?

No. Your records, photos, stories, tax stamps, and trust documents are not used as training data, not shared with AI providers, and not analyzed for any secondary purpose. The AI-assisted features in GunPrice valuation queries run on aggregate market data, not your personal records.

What if Gun Vault gets acquired or goes out of business?

In an acquisition, your data rights transfer to the new owner under the same terms of service. They inherit our commitments or the acquisition doesn't happen. If Gun Vault shuts down, we give 90 days' notice by email with clear export instructions. Your records belong to you — we'd never hold them hostage or let them evaporate.

How do you verify an executor after I die?

Your designated executor submits a verification request with a certified copy of the death certificate. We verify authenticity (matching state records where possible), then grant read-only access to your vault. The executor does not receive your password or full account control — only the information and documents you set up for them to see.

Do you use third-party analytics or tracking?

Minimal and anonymous. We use first-party analytics to understand which pages are useful and where users get stuck. No Google Analytics, Facebook Pixel, or similar tracking pixels that would associate your visit with external identity graphs. Your vault page visits are not correlated with any ad-tech profile.

Is two-factor authentication available?

Email-based one-time codes (OTP) are required for sign-in from new devices. TOTP (Google Authenticator, Authy, 1Password) and hardware keys (YubiKey, FIDO2) are supported on paid plans. We recommend using a password manager with a long unique password as the primary defense — 2FA is an important second layer, not a replacement for password hygiene.

Can I audit what you've stored about me?

Yes. Your account settings include a "What We Know About You" page that shows every stored field: firearms, photos, documents, stories, login history (IPs and user agents), payment method on file, and subscription state. Nothing is hidden. If a field exists, you can see it.

Your records, your rules.

Free to start. Free to leave. Free to know exactly what we store, who can see it, and what we will never do with it. That's the whole promise.

Create My Free Vault Compare Plans

Your Account Unlocks All 5

The Complete Platform

One login. Access every Gun Transfer America platform. Free to start.

01 — Price

What’s My Gun Worth?

Free private sale estimates. Know your value before you list, trade, or transfer.

Value My Gun →

02 — Clear

Prove It’s Not Stolen

Run your serial number against private stolen gun registries. GunClear Certificate proves it’s clean. $10.

Check Serial # →

03 — Share

List Your Gun Free

Free to list. In-state private sales. Background-checked transfers for $50 when your buyer is found.

List My Gun →

04 — Transfer

Transfer It Legally

Background check, official bill of sale & lifetime digital records. Legal in most states. Flat $50 — no surprises.

Transfer a Gun →

05 — Vault

Your Guns. Your Legacy.

Secure records, photos, history & succession planning for every firearm you own. Protect your collection. Free to start.

Open My Vault →

The complete platform for gun owners.

Your serial numbersare nobody's business but yours.