Privacy Policy

This platform deliberately does not collect personal data beyond what's needed to run an auction and ship a firearm to your licensed FFL dealer. Concretely: we do not collect, store, or share your home address, your prior firearm purchases (your "30-day rule" history), your permit numbers, your background-check status, or your possession history. Those data points are between you, your FFL, and your state.

We rely on the state of your selected FFL to determine which listings you can see and bid on. That trades a small amount of state-level precision for keeping personal-history data off our servers entirely.

• Account identity — your email and the Keycloak subject identifier (your account in our identity provider). We never see or store your password; Keycloak does.
• Display name — first / last name as you provide them, used to address emails and on receipts.
• Preferred FFL — the licensed dealer you've selected for shipments. We retain the dealer id and address; we do not learn your home address.
• Bid + order history — the auctions you've bid on, the orders you've placed, the payments processed. Required for tax and audit retention.
• Operational telemetry — IP address and user-agent on bid placement (used for rate limiting and shill-bidding detection), device fingerprint where you provide one, and standard request logs. IP and device fingerprint are retained 90 days.
• Payment — handled by Stripe. We never see your full card number; we receive a tokenized reference and the last four digits for display.

Strictly to operate the platform: take bids correctly, ship to the right FFL, charge the right amount, settle disputes, and meet audit obligations. We do not sell personal data, we do not run third-party advertising trackers, and we do not share data with marketing partners.

• The seller of an auction sees only the order's shipping FFL and the buyer's first name.
• The FFL dealer at pickup sees what they need to complete the transfer (full name, government ID at the counter, permits where required by their state).
• Stripe sees the payment side and meets PCI obligations on our behalf.
• Platform staff with the appropriate scope can see operational data for moderation and dispute resolution. Access is logged.
• Law enforcement: only on valid legal process and only the records actually responsive to it.

Financial and audit records (orders, payments, payouts, dispute outcomes) are retained seven years to meet IRS and state requirements. Bid history is retained for the lifetime of the account; on account closure, personal identifiers (name, email) are anonymized but the bid records themselves are preserved as part of the audit trail. IP address and device fingerprint are retained 90 days.

• Access — you can request an export of all data we hold about you. We respond within 30 days.
• Correction — you can update name, email, and preferred FFL through your account at any time.
• Deletion — you can close your account and request anonymization of personal identifiers, subject to the financial retention windows above.
• Communications — transactional notifications cannot be opted out of; non-transactional notifications (e.g. ending-soon for watchlist) are opt-out at any time in your account preferences.

Requests run through the contact page or directly via your account.

We use a session cookie for authentication, a small set of preference cookies (e.g. "hide non-shippable" toggle on the browse page), and localStorage entries for bid acknowledgment (one entry per auction id you've bid on). No third-party tracking cookies.

All traffic is HTTPS. Passwords are managed by Keycloak (we never see them) and protected by mandatory MFA for sellers and staff. Database backups are encrypted at rest. Bid placement uses row-level database locks to prevent race conditions; payment intents are tokenized through Stripe.

The platform is not directed to anyone under 18. We do not knowingly collect data from minors. If you become aware that a minor has registered, please notify us and we will delete the account.

We update this policy as the platform evolves. Material changes are emailed to active accounts at least 14 days before they take effect. The "last updated" stamp at the top of this page reflects the most recent revision.