Privacy Policy

Summary

• We do not sell your personal data.
• We do not run third-party ads inside the product.
• Vault contents are encrypted on your devices; we cannot read your firearm records, photos, or documents.
• We do not store your precise real-time location for marketing purposes.
• We provide this policy to meet transparency expectations under CCPA/CPRA and GDPR-style rights where they apply.

Data we collect

Account data (email, username), subscription status, support messages you send us, and operational logs needed to run the service (e.g., errors, security events). Business claim forms may collect contact details you voluntarily submit.

Ghost Vault & encryption

Ghost Vault uses client-side encryption (AES-256-GCM in the product architecture). Ciphertext may be stored so your vault can sync across devices; keys and passphrases that decrypt that data are not available to us by design.

Location

The app may use coarse location features (e.g., range finder, maps) on your device. We do not maintain a history of your precise real-time GPS for advertising.

CCPA / CPRA (California)

California residents may request access to or deletion of personal information we hold, subject to legal exceptions. We do not sell personal information as defined by the CCPA. To exercise rights, contact support@collectivehq.net.

GDPR (EEA / UK)

Where GDPR applies, we act as a controller for account and billing data. You may request access, rectification, erasure, restriction, or portability where technically feasible. You may lodge a complaint with your local supervisory authority. Legal bases include contract (providing the service), legitimate interests (security, fraud prevention), and consent where we ask for it explicitly.

Retention

We retain information as long as your account is active or as needed for legal, tax, and security obligations, then delete or anonymize it.

Contact

Questions: support@collectivehq.net