Privacy Policy

1. Introduction

ArmoryFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using ArmoryFlow, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when using our Service:

• Account Information: Name, email address, business name, phone number
• Payment Information: Credit card details, billing address (processed by Stripe)
• Store Information: Store name, address, website, FFL license information
• Product Data: Firearm listings, descriptions, images, pricing, inventory details
• Communications: Support requests, feedback, correspondence

2.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: Browser type, operating system, IP address, device ID
• Log Data: Access times, error logs, performance data
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies

2.3 Information from Third Parties

We may receive information from:

• Stripe: Payment processing and transaction data
• Analytics Providers: Vercel Analytics, usage statistics
• UPC APIs: Product information from barcode lookups

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process transactions, manage your account, store your data
• Improve the Service: Analyze usage patterns, identify bugs, develop new features
• Communicate with You: Send service updates, respond to inquiries, provide support
• Billing and Payments: Process subscriptions, send invoices, handle refunds
• Security: Detect fraud, prevent abuse, enforce our Terms of Service
• Legal Compliance: Comply with legal obligations, respond to legal requests
• Marketing: Send promotional emails (you can opt out at any time)

3.8 Anonymized and Aggregate Data

We may anonymize and aggregate product data you upload to the Service, including:

• Firearm descriptions, specifications, and features
• Pricing information
• Geographic location (city/state level only, never specific addresses)
• Inventory quantities and turnover rates
• Product categories and trends

This anonymized data:

• Cannot be used to identify you, your business, or any individual
• May be used for analytics, industry research, benchmarking, and reporting
• May be shared with partners or third parties in aggregate form
• Helps us improve the Service and provide industry insights
• Is not considered personal information under privacy laws

3.9 Advertising and Marketing

We may display strategic advertisements and marketing content within the Service on behalf of partners. This may include:

• Relevant product recommendations
• Industry news and updates
• Partner offers and promotions

We do not share your personal or contact information with advertisers. Ad targeting may be based on anonymized, aggregate data only.

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

• Supabase: Database hosting and authentication
• Vercel: Application hosting and deployment
• Stripe: Payment processing
• Email Services: Transactional and marketing emails

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal process (subpoenas, court orders)
• Respond to government requests
• Protect our rights, property, or safety
• Enforce our Terms of Service
• Investigate fraud or security issues

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.4 Anonymized Aggregate Data

We may share anonymized, aggregate data with partners, researchers, and third parties for purposes including:

• Industry analytics and benchmarking
• Market research and insights
• Product development and improvements
• Strategic partnerships

This anonymized data:

• Does not contain any personal information
• Cannot be used to identify you or your business
• May include product trends, pricing data, geographic distributions, and inventory patterns
• Remains our property and may be used for commercial purposes

We do not sell your personal contact information, customer lists, or any data that can identify you personally.

5. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide the Service
• Required to comply with legal obligations
• Necessary to resolve disputes or enforce agreements

After account termination, we retain your data for 30 days to allow data export, then permanently delete it unless required by law to retain it longer.

6. Data Security

We implement reasonable security measures to protect your information, including:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with Supabase Auth
• Row-level security (RLS) to isolate store data
• Regular security audits and updates
• Access controls and monitoring

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Access and Correction

You have the right to:

• Access your personal information
• Correct inaccurate data
• Update your account information
• Export your data

7.2 Deletion

You may request deletion of your account and data at any time. We will delete your information within 30 days, except where required by law to retain it.

7.3 Opt-Out Rights

You can opt out of:

• Marketing emails (click "unsubscribe" in any email)
• Analytics tracking (browser Do Not Track settings)
• Cookies (browser cookie settings)

7.4 GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under GDPR:

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Export your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing

7.5 CCPA Rights (California Residents)

If you are a California resident, you have rights under CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt out of the sale of personal information (we do not sell your data)
• Right to request deletion of personal information
• Right to non-discrimination for exercising your rights

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and security
• Analytics Cookies: Track usage patterns to improve the Service
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling cookies may limit Service functionality. See our Cookie Policy for more details.

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will promptly delete it.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that adequate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

To exercise your privacy rights or for questions about this Privacy Policy, contact us at:

For GDPR-related requests, please contact our Data Protection Officer at dpo@armoryflow.com.