Sub Gratia LLC Logo
Back to Apps

Privacy Policy — Zeroed

Effective Date: April 15, 2026

1. Introduction

This Privacy Policy explains how Sub Gratia LLC (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use the Zeroed mobile application (“the App”). The App is designed as an “offline-first” tool to help you manage your firearm inventory and operational logs. We prioritize a local-first architecture so that you maintain maximum control over your sensitive data.

We recognize that firearms inventory data is sensitive and that its unauthorized disclosure could expose you to risk of theft, harassment, or other harm. We treat your data accordingly.

2. Information We Collect

We collect only the information necessary to provide and improve the App.

  • Account & Identity Information: If you choose to create an account for cloud backup, you sign in using “Sign in with Apple.” We receive only the minimal identifiers necessary to manage your account: a unique Apple-provided user identifier and, if you choose to share it, your email address (which may be a private relay address provided by Apple). We do not collect or store passwords, and we do not have access to your Apple ID credentials.
  • User-Generated Content: This includes firearm details (make, model, serial numbers, condition), financial data (purchase price, acquisition method), accessories, ammunition logs, usage logs, and media (photos of firearms, documents such as receipts or NFA tax stamps).
  • System & Analytics Data: We collect anonymized crash reports and basic telemetry generated by Expo/React Native to improve app stability. This data does not include your User Content.
  • Purchase History: If you purchase a subscription, your payment is processed directly by the Apple App Store. We use RevenueCat to validate your purchase via an anonymous App User ID. We do not collect or store your credit card information.

3. How Your Data is Stored

  • Local Device Storage (Primary): The App operates on an offline-first architecture. All user data, inventory details, logs, and media are stored directly on your physical device using a local SQLite database (WatermelonDB). If you do not create an account, your data never leaves your device.
  • Cloud Storage (Optional Backup & Sync): If you create an account, your data is encrypted in transit (TLS) and at rest, and synced to our backend servers provided by Supabase, hosted on AWS infrastructure in the United States.

4. Third-Party Service Providers (Subprocessors)

To operate the App, we rely on the following categories of third-party service providers:

  • Supabase (database and authentication, hosted on AWS): cloud sync and backup of User Content for users who create an account.
  • Amazon Web Services (AWS) (cloud infrastructure, U.S.): underlying infrastructure for Supabase.
  • RevenueCat (subscription management): validates and manages subscription entitlements via anonymous App User IDs.
  • Apple App Store (payment processing and authentication): processes all purchases and provides “Sign in with Apple” authentication. We never see or store your payment details or Apple ID credentials.
  • Expo / React Native (crash reporting and telemetry): anonymized stability data only.

These providers are contractually obligated to protect your data and use it only to provide services to us. We do not authorize them to use your data for their own marketing or advertising purposes.

5. How We Share Your Data

We do not sell, rent, or trade your personal information, inventory data, serial numbers, or uploaded documents. We do not share your data with advertising networks, data brokers, or marketing platforms.

We will disclose data only in the following limited circumstances:

  • To the subprocessors listed above, solely as needed to provide the App's functionality.
  • In response to valid legal process (subpoena, search warrant, court order, or other legally binding request) where we are legally compelled to do so. We will resist overbroad or improper requests where reasonably feasible, and we will notify you in advance unless legally prohibited from doing so.
  • In response to a good-faith belief that disclosure is necessary to protect the rights, property, or safety of Sub Gratia LLC, our users, or the public, or to investigate fraud or violations of our Terms.
  • In connection with a business transfer (merger, acquisition, or sale of assets), in which case we will notify you and ensure that any successor entity is bound by terms at least as protective as this Privacy Policy.

We will not voluntarily disclose your data to law enforcement, government agencies, insurers, employers, or any other third party absent valid legal process or your explicit consent.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS) and at rest for cloud-stored data, provided by our infrastructure providers (Supabase and AWS).
  • Authentication via “Sign in with Apple” only. We do not store passwords or handle password authentication. Account access is managed entirely through Apple's authentication system, which uses industry-standard security including two-factor authentication on your Apple ID.
  • Strict access controls: Sub Gratia LLC currently operates as a small organization, and access to production user data is limited to authorized personnel on a need-to-know basis. Database access is logged by our infrastructure provider.
  • Use of reputable subprocessors with their own security certifications (Supabase, AWS, both holding SOC 2 certification).

However, no system is perfectly secure. You acknowledge that despite our reasonable safeguards, unauthorized access, breach, or disclosure of data is possible. You may reduce this risk by using the App in offline-only mode, in which case your data never leaves your device.

7. Data Breach Notification

In the event of a data breach affecting your personal information or User Content, we will notify you and applicable authorities as required by applicable law (including state data breach notification laws and, where applicable, the GDPR). We will provide notification without unreasonable delay and will include information about the nature of the breach, the data affected, and steps you can take to protect yourself.

8. Data Retention

  • Active Accounts: We retain your User Content for as long as your account is active.
  • Account Deletion: Upon account deletion (initiated by you in-app), we will permanently delete your User Content from our active production systems within thirty (30) days.
  • Backups: Residual copies may persist in encrypted backups for up to ninety (90) days following deletion, after which they are overwritten in the normal backup rotation.
  • Legal Holds: We may retain limited data longer if required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes (e.g., fraud prevention).
  • Anonymized Analytics: Aggregated, anonymized analytics data that cannot reasonably be linked to you may be retained indefinitely.

9. Your Rights and Data Control

Regardless of jurisdiction, all users of the App have the following rights:

  • Optional Offline Mode: You are not required to create an account. You may use the App entirely offline so your data never touches a cloud server.
  • Privacy Mode: The App includes a “Privacy Mode” toggle that hides sensitive values (like prices and serial numbers) from the screen to prevent shoulder-surfing.
  • Data Export: You retain ownership of your data and can export it locally as PDFs or CSVs at any time.
  • Data Deletion: You may permanently delete your account and wipe all cloud data from Supabase directly within the App's Settings menu.
  • Access and Correction: You may request a copy of the personal information we hold about you, or request correction of inaccurate information, by contacting admin@subgratia.com.

Additional Rights for Residents of Certain Jurisdictions

  • California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other state privacy laws: You have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to opt out of “sale” or “sharing” of personal information (we do not sell or share your data), and to non-discrimination for exercising these rights. To exercise these rights, contact admin@subgratia.com.
  • European Economic Area, United Kingdom, and Switzerland (GDPR/UK GDPR): If applicable, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. You also have the right to lodge a complaint with your local data protection authority. The legal basis for our processing is your consent (which you may withdraw at any time) and the performance of our contract with you.

10. Children's Privacy

The App is not directed to children under 17 (consistent with the App's Age Rating). We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the “Effective Date” at the top of this policy and providing a notice within the App. Continued use of the App after such notice constitutes your acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise any of your rights, contact us at:

Sub Gratia LLC

admin@subgratia.com