Features Pricing Resources About Testimonials Developers Support
Log In Get Started

Privacy Policy

Privacy Policy

Last updated: April 7, 2026

Blue Aeris Trust ("Blue Aeris", "we", "us", or "our") respects your privacy and is committed to protecting personal information you provide when using the Logbooks for Guns website at https://www.logbooksforguns.com and the Logbooks for Guns Software Application (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights you have regarding your personal information.

This Privacy Policy is incorporated into and governed by our Terms and Conditions. By using the Service, you consent to the practices described below.

1. Who We Are

The Service is operated by Blue Aeris Trust, a trust acting through its Executive Trustee, Mark Brown. Our principal mailing address is 401 E 8th St Ste 214 PMB-2136, Sioux Falls, SD 57103. For privacy inquiries, contact privacy@logbooksforguns.com or sales@logbooksforguns.com.

2. Scope

This Privacy Policy applies to personal information we collect from and about:

  • Customers — Federal Firearms Licensees (FFLs), their owners, employees, and authorized users who hold accounts with the Service.
  • Visitors — users of the public marketing website who have not created an account.
  • Buyers and Transferees — individuals whose information our Customers enter into the Service in connection with the Customer's federal recordkeeping obligations (for example, on Form 4473). With respect to this category of data, the Customer (FFL) is the data controller and Blue Aeris acts as a service provider; please see Section 11 below.

3. Information We Collect From Customers and Visitors

We collect the following categories of personal information directly from you when you create an account, use the Service, contact support, or browse the website:

  • Identifiers: first name, last name, email address, business/company name, mailing address, phone number, account username, and unique account identifiers.
  • Authentication Data: hashed password, password change history, two-factor authentication secret, social login identifiers (Google, Microsoft, or Apple, if you use single sign-on), and remember-me tokens.
  • Federal Firearms License Information: FFL license number, FFL type, state license number where applicable, NICS user ID, FFL document upload (the actual license PDF or image), license expiration date.
  • Commercial Information: Subscription plan, billing period, payment status, transaction history (transaction IDs, amounts, dates, payment status). We do not store full credit card numbers; payment card data is processed and stored by our payment processor.
  • Internet and Network Activity: IP address, browser type and version, device identifiers, pages visited, dates and times of access, referring URLs, session identifiers, login history, audit log entries reflecting actions you take in the Service.
  • Geolocation: Approximate location derived from IP address (coarse, city-level). We do not collect precise GPS or device-level geolocation.
  • Communications: Support tickets you submit, replies you send to us, contact form submissions, customer feedback, and messages you exchange with our team.
  • Customer Records (Work Product): Acquisition and Disposition (A&D) records you create in the Service, including firearm details (manufacturer, importer, model, type, caliber, serial number), receipt dates, source information, and any custom notes or attachments you add.
  • Account Preferences: Email subscription preferences, compliance email opt-in status, terms acceptance history.

4. Sensitive Personal Information We Collect

Some of the information we process is classified as "Sensitive Personal Information" under California Civil Code § 1798.140(ae) and equivalent provisions of other state privacy laws. This includes:

  • Government Identifiers: Federal Firearms License numbers, state firearms license numbers, NICS identifiers, and identification documents you upload to verify your FFL.
  • Account Login Credentials: Hashed passwords and two-factor authentication secrets (used solely to authenticate you to your account).
  • Communications Content: The content of support tickets and email correspondence with our team.
  • Buyer Information (Processed on Behalf of FFL Customers): Form 4473 records contain federally required information about firearm purchasers, including legal name, residential address, date of birth, place of birth, height, weight, sex, race, ethnicity, country of citizenship, U.S. Social Security Number (where voluntarily provided), state of residence, alien/admission number where applicable, identification document type and number, and NICS transaction reference. Race, ethnicity, citizenship, and immigration status are categorized as Sensitive Personal Information under Cal. Civ. Code § 1798.140(ae) (as amended by AB 947, effective January 1, 2024).

Sensitive Personal Information is collected and used solely for the purposes for which it was provided (account authentication, federal recordkeeping compliance, and federally required firearm transaction documentation) and is not used to infer characteristics about you or to direct advertising. As described in Section 14, you may have the right to limit the use and disclosure of your Sensitive Personal Information.

5. Sources of Information

We collect the categories of personal information described above from the following sources:

  • Directly from you when you register, log in, enter records, contact support, or otherwise interact with the Service.
  • Automatically from your device when you visit the website or use the Service (cookies, session tokens, IP address, server logs).
  • From your FFL Customer (if you are a buyer/transferee whose information was entered by an FFL using the Service).
  • From third-party authentication providers (Google, Microsoft, Apple) if you choose to log in with single sign-on. We receive only the information you authorize the provider to share with us.
  • From our payment processor (transaction confirmations, payment status, last four digits of card on file, card brand).
  • From public sources such as the ATF Federal Firearms Licensee database (used to verify FFL information you provide).

6. How We Use Your Information

We use the personal information we collect for the following business and commercial purposes:

  • To provide, operate, maintain, and improve the Service;
  • To create and manage your account and authenticate your access;
  • To process your subscription payments and manage billing;
  • To enable you to maintain Acquisition and Disposition records, Form 4473 records, and other compliance documentation required by federal and state firearms laws;
  • To generate reports, exports, and printable bound book records on your behalf;
  • To respond to your support requests and customer service inquiries;
  • To send you transactional communications (account notices, billing confirmations, password resets, two-factor codes, compliance digest emails);
  • To send you marketing communications about features, updates, and offerings (you may opt out at any time);
  • To monitor, detect, and prevent fraud, abuse, security incidents, and unauthorized access;
  • To comply with our legal obligations and respond to lawful requests from law enforcement, government authorities, or in connection with valid legal process;
  • To enforce our Terms and Conditions and other agreements;
  • To analyze usage of the Service in aggregate to improve performance and add features.

7. How We Share Your Information

We share personal information only as described below. We do not sell or rent your personal information.

  • With your FFL Customer. If you are a buyer or transferee whose information was entered by an FFL, your information is accessible to that FFL within their account.
  • With our service providers, organized into the following categories: cloud hosting and infrastructure providers (United States), payment processors, transactional email delivery services, and offsite encrypted backup storage providers (United States). All service providers are bound by contract to use personal information solely to provide services to Blue Aeris and not for their own purposes.
  • With law enforcement and government authorities in response to a valid subpoena, court order, search warrant, or other lawful process, including ATF, FBI, NICS, or state authorities investigating firearms transactions. We will produce records as required by law and will notify you when reasonably possible and lawful to do so.
  • With professional advisors such as attorneys, accountants, and auditors, when necessary in connection with the operation of our business and bound by confidentiality obligations.
  • In connection with a business transfer, such as a merger, acquisition, or sale of assets, where personal information is transferred as part of the transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.
  • With your consent or at your direction, for any other purpose disclosed at the time of collection.

8. We Do Not Sell or Share Your Personal Information for Cross-Context Behavioral Advertising

Blue Aeris does not sell personal information in exchange for monetary or other valuable consideration, and we do not share personal information for cross-context behavioral advertising as those terms are defined under California Civil Code § 1798.140(ad) and (ah). We have not sold or shared personal information for these purposes in the preceding 12 months and we have no plans to do so.

9. Categories of Recipients (Past 12 Months)

In the preceding 12 months we have disclosed the following categories of personal information to the following categories of recipients:

  • Identifiers, commercial information, internet activity, account data: shared with cloud hosting providers, payment processors, transactional email delivery services, and backup storage providers, all for the business purpose of operating the Service.
  • Customer A&D records and Form 4473 records: stored only on infrastructure under our control; not disclosed to any third party except as described in Section 7 (lawful process, business transfer, or with your consent).
  • Sensitive Personal Information: not disclosed to any third party except as described in Section 7.

10. Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Customer account information is retained for the life of your account and for a reasonable period thereafter to satisfy ongoing legal, compliance, audit, and recordkeeping requirements.
  • A&D records and Form 4473 records are retained permanently, in accordance with the federal recordkeeping requirements at 27 CFR § 478.129(b), which require Federal Firearms Licensees to retain disposition records for not less than twenty (20) years and acquisition records with no matching disposition for the life of the business. This permanent retention also applies after subscription lapse, account closure, or account termination, as described in our Terms and Conditions.
  • Payment records are retained for the period required by tax, accounting, and financial recordkeeping laws.
  • Server logs and security audit logs are retained for periods consistent with operational security needs and applicable law.
  • Backup copies of customer data are retained for disaster recovery purposes; hourly database snapshots are kept for short cycles and daily full backups are retained for longer periods on encrypted offsite storage.
  • CCPA request records are retained for at least 24 months as required by California regulation.

11. Special Notice: Buyer Information on Form 4473

If your information was entered into the Service by an FFL Customer in connection with a firearm transaction (for example, on a Form 4473), the FFL is the data controller of that information. Blue Aeris acts as a service provider to the FFL with respect to your information and processes that information solely on the FFL's behalf and at the FFL's direction.

If you are a buyer or transferee and you wish to exercise privacy rights with respect to your Form 4473 information, you should generally direct your request to the FFL who processed your transaction. Blue Aeris will cooperate with the FFL in handling such requests, subject to the federal recordkeeping requirements at 27 CFR § 478.129(b), which legally require the FFL and Blue Aeris (as the FFL's service provider) to retain Form 4473 records for at least twenty (20) years following the transaction.

Federal law mandates retention of these records. Requests to delete Form 4473 information will be denied to the extent retention is required by federal law, as permitted by California Civil Code § 1798.105(d)(8) and equivalent provisions of other state privacy laws.

12. Your Privacy Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know. You may request that we disclose what categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collection, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected.
  • Right to Delete. You may request that we delete personal information we have collected from you, subject to the federal-law and other exemptions in California Civil Code § 1798.105(d). As described in Section 11, federally required A&D and Form 4473 records cannot be deleted because they are required to be retained for at least 20 years under 27 CFR § 478.129(b).
  • Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt Out of Sale and Sharing. You may direct us not to sell or share your personal information. As stated in Section 8, we do not sell or share personal information for cross-context behavioral advertising, so this right does not currently apply, but you may exercise it as a precaution.
  • Right to Limit Use of Sensitive Personal Information. You may direct us to limit the use and disclosure of your Sensitive Personal Information to those uses necessary to provide the goods or services reasonably expected, subject to permitted exceptions.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Service, charge different prices, or provide a different level of service because you exercised your rights.
  • Right to Portability. You may request a copy of the personal information we maintain about you in a portable, readily usable format.

13. Privacy Rights of Residents of Other States

Residents of states with comprehensive consumer privacy laws — including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire, Nebraska, Maryland, Minnesota, Rhode Island, Indiana, Kentucky, and Tennessee — have rights similar to those described in Section 12, including the right to access, correct, delete, and opt out of sale or targeted advertising of their personal information. The specific rights and exemptions depend on the law of your state of residence. To exercise any of these rights, please contact us using the methods described in Section 14.

Federal recordkeeping retention requirements at 27 CFR § 478.129(b) and the legal-obligation exemptions in each state law continue to apply to A&D and Form 4473 data.

14. How to Exercise Your Privacy Rights

To exercise any of the rights described above, please contact us using one of the following methods:

  • Email: privacy@logbooksforguns.com or sales@logbooksforguns.com
  • Mail: Blue Aeris Trust, Attn: Privacy Officer, 401 E 8th St Ste 214 PMB-2136, Sioux Falls, SD 57103

We will need to verify your identity before processing your request, including by confirming information that matches what we have on file or by other reasonable verification methods. We aim to respond to verifiable requests within 45 days, with one 45-day extension permitted by law where reasonably necessary.

Authorized Agents. You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.

Universal Opt-Out Mechanisms (GPC). If you visit our website with a browser or device that transmits a Global Privacy Control (GPC) signal, we will treat that signal as a request to opt out of the sale or sharing of your personal information.

15. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Service. The cookies we use include:

  • Strictly necessary cookies: required for authentication, session management, security (CSRF protection), and core Service functionality. These cannot be disabled.
  • Functional cookies: used to remember your preferences (such as remember-me tokens, sidebar collapse state, theme).
  • Analytics cookies: used in aggregate to understand how the Service is used and to improve performance. Where used, these are configured to respect Do Not Track and Global Privacy Control signals.

You can configure your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of the Service may not function properly.

16. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS/HTTPS), encryption of offsite backups, hashed password storage, two-factor authentication options, role-based access controls, audit logging, and regular security review.

No security measure is perfect or impenetrable. We cannot guarantee the absolute security of your personal information, and you transmit information to us at your own risk. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

17. Data Breach Notification

In the event of a data breach involving personal information, we will notify affected individuals and applicable regulatory authorities in accordance with applicable law, including state data breach notification statutes. Where notification is required, we will provide notice without unreasonable delay and consistent with the time periods specified by applicable law.

18. Children's Information

The Service is intended for use by Federal Firearms Licensees and their authorized users who are at least twenty-one (21) years of age. We do not knowingly collect personal information from children under the age of 13, and the Service is not directed at children. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe we may have collected information from a child, please contact us immediately.

19. International Users

The Service is intended for use within the United States. All servers, infrastructure, and personnel are located in the United States. Personal information collected through the Service is stored and processed in the United States. By using the Service, you acknowledge that your information may be transferred to and processed in the United States and consent to such transfer.

20. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

21. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry consensus on how to interpret DNT signals, we do not currently respond to DNT browser signals. We do, however, recognize Global Privacy Control (GPC) signals as described in Section 14.

22. California Shine the Light

California Civil Code § 1798.83 (the "Shine the Light" law) permits California residents to request information about the disclosure of their personal information to third parties for direct marketing purposes. As described in this Privacy Policy, we do not disclose personal information to third parties for their direct marketing purposes. You may request this information annually by contacting us at privacy@logbooksforguns.com.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons. When we make material changes, we will update the "Last updated" date at the top of this policy and provide additional notice (such as by email or by a notice within the Service) when required by applicable law. We will review and update this Privacy Policy at least once every twelve (12) months as required by California Civil Code § 1798.130(a)(5). Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated Privacy Policy.

24. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Blue Aeris Trust
Mark Brown, Executive Trustee
401 E 8th St Ste 214 PMB-2136
Sioux Falls, SD 57103
Email: privacy@logbooksforguns.com
General contact: sales@logbooksforguns.com