GUNR Privacy Policy

Effective date:

GUNR ("us", "we", or "our") is a South African company that operates the gunr.app website and the mobile applications — GUNR, DOPE, and Cost of Reloading (collectively the "Service").

This policy explains what data we collect, how we use it, where it is stored, who we share it with, and what rights you have — regardless of where you live. It applies to all users of the Service worldwide.

By using the Service, you agree to the practices described in this policy. Please also read our Terms of Service and Security page.

Data We Collect

Account Data (provided by you)

  • Email address and display name
  • Authentication method (email/password, Google Sign-In, or Apple Sign-In)
  • Phone number (optional — only if you enable multi-factor authentication)

Firearms and App Data (content you create)

The core purpose of the Service is to store data you enter about your firearms, shooting activities, and reloading. This includes:

  • GUNR: Firearms inventory, activity logs, load data, recipes, licence tracking information, and CSV imports
  • DOPE: Ballistic notebook entries, range conditions, windage and elevation adjustments, weather snapshots, and GPS coordinates
  • Cost of Reloading: Reloading component costs, cost-per-round calculations, and factory ammunition comparisons

This is the most sensitive data we hold. It is encrypted, isolated per user, and never shared with anyone. See our Security page for technical details.

Purchase Data

  • Subscription status, plan type, and billing cycle
  • Managed by Apple App Store, Google Play Store, and RevenueCat — we never see or store your credit card number

Automatically Collected Data

  • Device type, operating system version, and app version
  • IP address, browser type, and pages visited (website only)
  • Crash reports and performance metrics (Firebase Crashlytics)
  • Usage analytics events (Firebase Analytics in apps, Google Analytics 4 on website)
  • Page views and conversion events (Meta Pixel — website only, subject to your cookie consent)

How We Use Your Data

  • Provide, maintain, and improve the Service
  • Process subscriptions and manage your account access
  • Send transactional emails — account verification, password resets, and service notifications (via SendGrid)
  • Monitor app stability and fix crashes (Firebase Crashlytics and Discord error logging)
  • Analyse website traffic and usage patterns (Google Analytics 4 and Meta Pixel — website only, subject to your cookie consent)
  • Fetch weather data for ballistic calculations in DOPE (your location is sent to OpenWeather — no user identity is attached)
  • Respond to your support requests
  • Comply with legal obligations

What we never do

  • We never sell your personal data
  • We never use your firearms data for advertising
  • We never train AI models on your data
  • We never share your content data with other users
  • We never profile you for third-party marketing

How We Store and Protect Your Data

  • Location: All data is stored on Google Cloud (Firebase) in the United States (us-central1 region, Iowa)
  • Encryption at rest: AES-256 with Google-managed encryption keys
  • Encryption in transit: TLS 1.2+ on every connection
  • Data isolation: Firestore security rules enforce strict per-user access — your data is structurally invisible to other users
  • App verification: Firebase App Check blocks unauthorised API access from bots and spoofed clients
  • Account security: Optional multi-factor authentication (SMS or authenticator app) and biometric lock (fingerprint, Face ID)

For full technical details, visit our Security page.

Data Sharing and Third-Party Providers

We do not sell, rent, or trade your personal data. The following third-party services process data on our behalf or provide specific functionality within the Service:

Third-party service providers and the data they receive
Provider Data they receive Purpose
Google (Firebase) All user data (account, content, usage) Database, authentication, cloud functions, crash reporting, push notifications, analytics
Meta (Facebook) Page views, events, device info Website analytics pixel (subject to cookie consent)
RevenueCat Purchase history, device ID, app user ID Subscription management across iOS and Android
OpenWeather Location coordinates (read-only, no user identity) Weather data for DOPE ballistic calculations
SendGrid Email addresses Transactional email delivery
Discord Error context (method name, anonymised user ID, error message) Development team error and crash logging

Each provider processes data solely to perform their designated function. For details on how each provider handles your data, refer to their respective privacy policies.

Cookies and Tracking (Website Only)

The GUNR website uses Google Consent Mode v2. Cookies are denied by default until you make a choice via the consent banner.

  • Analytics cookies (Google Analytics 4) — measure website traffic and usage patterns
  • Advertising cookies (Meta Pixel) — track page views and conversion events
  • Consent preference — your choice is stored in your browser's localStorage (key: gunr_consent)

You can change your preference at any time by clearing your browser data or using your browser's cookie settings. The GUNR mobile apps do not use cookies.

Data Retention

Data retention periods and deletion triggers
Data type Retention period Deletion trigger
Account data Duration of your account Immediate deletion on account deletion
Firearms and app data Duration of your account Immediate deletion on account deletion
Purchase history Duration of your account (Apple/Google retain separately per their policies) Deleted with account
Crash reports 90 days Automatic expiry (Firebase Crashlytics)
Website analytics 14 months Automatic expiry (Google Analytics 4)
Contact form submissions Until inquiry resolved, maximum 12 months Manual cleanup
Error logs (Discord) Indefinite (operational logs) Not tied to user identity in most cases

When you delete your account, all associated data in our systems is permanently and immediately destroyed. There is no soft-delete period, no archived copies, and no exceptions.

International Data Transfers

GUNR is a South African company. Your data is stored on Google Cloud servers in the United States (us-central1 region).

  • South African users: The transfer of your data to the US is covered by Section 72 of the Protection of Personal Information Act (POPIA). Google provides adequate safeguards through SOC 2, ISO 27001, and contractual data protection commitments.
  • EU, EEA, and UK users: The transfer is covered by the EU-US Data Privacy Framework and Google's Standard Contractual Clauses (SCCs), as required under the GDPR.
  • US users: Your data remains within the United States. No cross-border transfer occurs.

Google Cloud holds SOC 1/2/3, ISO 27001, ISO 27017, and ISO 27018 certifications.

Your Rights

All users

Regardless of where you live, you can:

  • Access your data — export as PDF or CSV from any GUNR app at any time
  • Correct your data — edit any record directly within the app
  • Delete your data — delete your account and all associated data is permanently removed
  • Object to processing — contact us to object to specific processing activities
  • Data portability — download your data in standard formats (CSV, PDF)

South African users (POPIA)

Your rights above are honoured under the Protection of Personal Information Act, 2013 (POPIA). Additionally:

  • You have the right to lodge a complaint with the Information Regulator (South Africa)
  • The responsible party for your data is GUNR, contactable at hello@gunr.app

EU, EEA, and UK users (GDPR)

In addition to the rights above, you have the right to:

  • Restrict processing of your personal data
  • Withdraw consent at any time (for consent-based processing such as website cookies)
  • Lodge a complaint with your local Data Protection Authority

Legal basis for processing:

  • Contract performance: account data, firearms and app data — necessary to provide the Service you signed up for
  • Legitimate interest: crash reporting, error logging, app analytics — necessary to maintain and improve the Service
  • Consent: website cookies and tracking (Google Analytics, Meta Pixel) — only active after you consent via the cookie banner

US users (state privacy laws)

GUNR voluntarily honours the consumer privacy rights established by US state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Texas Data Privacy and Security Act (TDPSA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state legislation.

Your rights include:

  • Right to know what personal information is collected and how it is used — described in this policy
  • Right to delete your personal information — delete your account or email us
  • Right to correct inaccurate personal information — edit within the app or email us
  • Right to opt out of the sale or sharing of personal information — GUNR does not sell or share your personal information, so there is nothing to opt out of
  • Right to non-discrimination — we will never penalise you for exercising your privacy rights

How to exercise your rights: Email hello@gunr.app with "Privacy Request" in the subject line. We will respond within 30 days.

Appeal process: If we deny a request, you may appeal by emailing hello@gunr.app with "Privacy Appeal" in the subject line. We will respond to your appeal within 45 days.

Children's Privacy

The Service is restricted to users aged 18 and older due to its firearms-related content. We do not knowingly collect personal data from anyone under the age of 18.

If you are a parent or guardian and believe your child has used the Service, please contact us at hello@gunr.app. If we discover we have collected data from a minor, we will delete it immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page and update the effective date above.

For material changes, we will notify you via email and/or a prominent notice within the Service before the change takes effect.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or want to exercise any of your rights, contact us at hello@gunr.app.

For privacy-specific requests, please include "Privacy Request" in the subject line. We respond within 30 days.

Get in Touch

Have a question, feature request, or need help? Drop us a message and we'll get back to you.