Privacy Policy
Effective 2026-04-18. Last reviewed 2026-04-18.
ArmorOS serves law-enforcement, federal, defense, and private-sector professionals whose identities and activities warrant meaningful protection. This policy describes what we collect, how we use it, where it lives, and the controls you have over your own data.
Who operates this site
ArmorOS (“we,” “our,” “us”) operates this website and the related services. We can be reached through the contact form or at [email protected].
What we collect
- Account information. If you register, we collect email address and the attributes you supply to AWS Cognito (display name, handle, agency affiliation, specialties). Passwords are handled exclusively by Cognito and never touch our servers.
- Verification documents. If you apply for Verified Industry status, we collect the supporting documents you upload (agency ID, FSO certificate, dealer license, MFG employment letter) and the metadata needed to review them. Documents are stored encrypted in enterprise cloud storage with private-only access and are never shared outside the review team.
- Contact submissions. The contact form collects the name, email, organization, category, subject, and body you supply, plus your IP address for spam prevention.
- Subscriptions. Email address, the topics and jurisdictions you chose to track, and the frequency you selected.
- Usage analytics. Aggregate page-view counts via Plausible Analytics, which does not use cookies, does not fingerprint, and does not send any personal data to third parties. Full Plausible data policy.
- Server logs. Our reverse proxy logs HTTP method, path, status code, response size, user-agent, and IP address for operational and security purposes. Logs are retained for 30 days.
What we do NOT collect
- We do not use advertising or tracking cookies.
- We do not sell user data to third parties.
- We do not run session replay, rage-click tracking, or similar surveillance analytics.
- We do not share Verified Industry submission contents with anyone outside the SME review team.
How we use it
- Authenticate you and enforce the tier-based access model.
- Send the email products you asked for: verification confirmations, weekly digests, and regulatory alerts matching your saved searches.
- Improve the product. Aggregate usage only; no individual-level analytics are used for decisioning.
- Route contact submissions to the correct internal team within one business day.
Where it lives
All user data is stored in US-based enterprise cloud infrastructure operated under FedRAMP-aligned controls. The CDN edge caches static assets only; authenticated content bypasses the cache.
Your rights
- Access. You can download a copy of everything we have on you via the contact form (category: “verification_help”).
- Correction. Update your profile attributes from your account page, or email [email protected].
- Deletion. Email [email protected] and we will delete your account and associated data within 30 days. Verification submissions we have retained for compliance may be redacted instead of deleted, and we will tell you which.
- Portability. Account data and subscriptions are available as JSON on request.
Third-party services
- Enterprise cloud provider. Hosting, authentication, email delivery, and storage — subject to the provider’s shared-responsibility model and standard data-processing terms.
- Cloudflare. DNS, CDN, DDoS protection, and Turnstile captcha for form abuse prevention. Cloudflare Turnstile does not use tracking cookies and is not a behavioral captcha.
- Plausible Analytics. Privacy-first page-view analytics. No cookies. No personal data.
Security
Data in transit is protected by TLS 1.2+. Data at rest in Postgres and S3 is encrypted with AWS-managed keys. Access to production data is restricted to designated operations personnel, logged via CloudTrail, and reviewed.
Law enforcement and legal process
We cooperate with valid, properly-scoped legal process. We do not voluntarily share user data absent such process. Where permitted, we notify affected users. We publish an annual transparency report once the platform reaches meaningful scale.
Cookies
We use the minimum cookies necessary to run the site, plus optional analytics cookies that help us understand which content matters. We do not sell cookie data, run advertising, or share data with third-party ad networks.
| Cookie | Set by | Purpose | Duration | Essential? |
|---|---|---|---|---|
| armor_session | ArmorOS auth | Logged-in session state | 30 days | Yes |
| armor_oauth_state | ArmorOS auth | CSRF protection during sign-in | 10 min | Yes |
| armoros_cookie_consent | ArmorOS | Your cookie preference | 13 months | Yes |
| _ga | Google Analytics | Distinguishes unique visitors | 2 years | No (optional) |
| _ga_EKXJ53X4C3 | Google Analytics 4 | Session state | 2 years | No (optional) |
You can change your cookie preference at any time:
You can also opt out of Google Analytics entirely by installing the Google Analytics opt-out browser add-on.
Children
ArmorOS is not directed to individuals under 18. We do not knowingly collect information from minors.
Changes
When this policy changes materially, we update the “Effective” date, post a notice on the site, and — for active users — email you.