Guides

Why We Encrypt Your Serial Numbers (and Everything Else We Do to Keep Your Records Private)

05/12/2026 · 5 min read

If you own firearms, you have probably had this thought: "I should keep better records, but I am not putting my collection in some app." That instinct is healthy. Most apps are free because you are the product, and a list of what is in your safe is exactly the kind of data you should not hand to an advertising company.

We built My Gun Tracker because we wanted records of our own firearms and did not trust the alternatives either. So here is the full picture of how it works, in plain English, including the parts where you should not just take our word for it.

Your serial numbers are encrypted before they touch the database

When you save a gun in My Gun Tracker, the most sensitive fields are encrypted with AES-256-GCM, the same class of encryption used for classified material, before they are written to the database. That includes:

  • Serial numbers
  • Where you purchased each gun and accessory
  • Who a gun was sold to, when you record a sale
  • The names of the ranges you shoot at
  • Every free-text notes field in the app

The encryption key is not stored in the database. It lives separately on the application server. That separation is the point: if someone stole a copy of our database, the rows for your guns would show the make, model, and caliber, and a block of unreadable ciphertext where the serial number should be. The same is true of our database backups.

We use authenticated encryption, which means tampered data fails loudly instead of decrypting into something wrong. And we will be straight with you about the limits: the application itself can decrypt your data, because it has to in order to show you your own records. Encryption at this level protects you from a stolen database, a compromised backup, or a breach that reaches the data but not the key. No system that shows you your data can honestly claim that nobody, under any circumstances, could ever read it. Anyone who tells you otherwise is selling something.

What we never collect in the first place

The strongest privacy protection is not encryption. It is data that does not exist.

  • No analytics. There is no Google Analytics, no Facebook pixel, no tracking scripts of any kind on any page. We do not watch what you click. We could not sell your browsing behavior to a data broker because we do not record it.
  • No advertising. My Gun Tracker costs $5 a month. That is the entire business model. We have no advertisers to satisfy and nothing to gain from your data beyond your subscription.
  • No location data. When you upload photos of your guns, we strip the metadata, including GPS coordinates, before the photo is stored. Phone cameras embed your location in every picture by default. Your photos in My Gun Tracker do not say where your safe is.
  • Minimal cookies. Only the strictly necessary ones: your login session and security tokens. Nothing that follows you around the internet.

What our payment processor sees

Payments run through Stripe, the same processor used by millions of businesses. When you subscribe, your card details go directly from your browser to Stripe and never touch our servers. What Stripe receives from us is an opaque internal ID and the subscription price. Stripe does not know what you track in My Gun Tracker, and we never send it your records, your name from the app, or anything about your collection.

Is this a registry?

No, and the design makes it a poor candidate for one.

A registry is a centralized, queryable record of who owns what, maintained for or accessible to an authority. My Gun Tracker is a single-user record-keeping tool. Each account is one person's private records, visible only to that person. There is no sharing, no social features, no marketplace, no transfer facilitation, and no connection to any government system. It is not an FFL bound book and not an ATF compliance tool. It is the digital version of the notebook in your desk drawer, except encrypted and backed up.

And unlike most services, deleting your account is a true hard delete. Every record tied to your account is removed from the database immediately. Not deactivated, not retained for analytics, removed.

The alternative has its own risks

It is worth saying: the common alternatives are not risk-free either. A paper list can burn in the same fire as the safe. A spreadsheet in a free cloud drive is held by a company whose business is data, under terms most people have never read. An unencrypted phone app keeps your collection one lost phone away from a stranger.

There is no zero-risk option for records you actually need to be able to access. There is only choosing who holds them, how they are protected, and what the holder's incentives are. We built My Gun Tracker so that the honest answer to all three is one we would accept for our own collections.

If that approach makes sense to you, the first 30 days are free and we do not ask for a card to try it. And if you would rather keep using paper or a spreadsheet, genuinely, fine. Just keep records somewhere. The owner with an encrypted app, the owner with a notebook, and the owner with nothing have very different conversations with the police after a break-in, and only one of them gets their serial numbers into the stolen gun database.

Keep your records where you can find them

My Gun Tracker stores your firearms with serial numbers encrypted, keeps photos with location data stripped, and turns the whole list into a police-ready or insurance-ready report in minutes. The first 30 days are free, no card required.

Start your free trial How we protect your data