Everything you need to know about protecting your firearms data.
User flows, best practices, warnings, and tips.
App Lock
Data Protection
Maximum Security
Download from App Store, complete welcome flow
Get familiar with the app before setting up security
Review all security options available
Quick biometric unlock for convenience
Follow setup flow, choose strong PIN (avoid 123456, 111111)
Background app, reopen, verify PIN works
PIN-only = convenience, Encryption = maximum security
⚠️ Read carefully—mistakes here cause permanent data loss
Encryption requires PIN first (to protect the master key)
Comprehensive warning sheet appears
Understand: If you forget PIN, data is PERMANENTLY LOST
This generates a new 256-bit encryption key
May take 30-60 seconds for large inventories
Go to 'Disaster Recovery' → Generate Backup Recovery Key
Save to 1Password, print to paper, store in safe
Verify data encrypts/decrypts properly
Follow encryption setup flow above
Security → Multi-Device Setup → Export Key
Do NOT set up PIN on Device B yet
Security → Multi-Device Setup → Import Key (scan Device A's QR)
Must match Device A exactly
Existing data encrypts automatically
Add item on Device A, verify it syncs to Device B (encrypted)
After enabling encryption, IMMEDIATELY create a backup recovery QR code. This is your ONLY way to recover data if you lose all devices.
Save your backup QR to a password manager (1Password, Bitwarden), print it and store in a safe, or take a screenshot and save to encrypted cloud storage. Treat it like a password—anyone with this QR + your PIN can decrypt your data.
Avoid: 123456, 111111, 123123, 000000, birth dates. Recommended: Random 6 digits, or a meaningful-to-you number that's not obvious (last 6 digits of old phone number, etc.)
After generating a backup QR, test it on a second device or by removing/reinstalling the app. Verify you can actually recover with it BEFORE you need it in an emergency.
PIN alone = app lock only (data in plaintext). PIN + Encryption = app lock + data protection. Choose based on your threat model.
This is the #1 user mistake. 'I enabled encryption but didn't make a backup QR, then my phone died' = permanent data loss. We cannot recover your data—the encryption key only exists on your devices.
Your backup QR code contains your encrypted master key. Anyone with this QR + your PIN can decrypt ALL your data. Don't post it on social media, send via email, or store in unsecured locations.
If you often forget passwords/PINs, stick with PIN-only mode (no encryption). You can always reinstall the app if you forget your PIN. With encryption enabled, forgotten PIN = permanent data loss.
When you change your PIN, all previously generated QR codes stop working (they contain the master key encrypted with your OLD PIN). After changing PIN, generate new backup QR codes.
With encryption enabled and iCloud sync on, data syncs as encrypted blobs. Other devices must import your encryption key via QR code. If you lose all devices, iCloud backup is useless without the key.
ArmoryHub offers ZIP export backups of your entire inventory. These ZIP files contain your data in PLAINTEXT (CSV format)—even if encryption is enabled in the app. NEVER store unprotected ZIP backups in unsecured locations. ALWAYS add a password to the ZIP file before storing or sharing. Recommended: Use 7-Zip or WinRAR to add AES-256 password protection to your backup ZIPs.
When you export your inventory as a ZIP backup, the data is exported in plaintext CSV format—even if you have encryption enabled in the app. This is intentional to ensure compatibility and recoverability, but it requires careful handling.
🔐 BEST PRACTICE: Export Backup → Add Password to ZIP → Store in Password Manager → Delete Unprotected Original
macOS uses AES-128 by default. For AES-256, use terminal: zip -e -r backup.zip folder/
7-Zip is recommended for Windows. Built-in Windows ZIP encryption uses older ZipCrypto (less secure than AES-256).
Unfortunately, no. This is a fundamental security feature, not a bug. Your data is encrypted with a key derived from your PIN. Without the PIN, the key cannot be derived, and the data cannot be decrypted. This is the same security that protects banking apps and military communications. If you have a backup recovery QR code stored somewhere safe, you can use that to recover on a new device.
Good news! Since encryption is disabled, your data is stored in plaintext and is NOT encrypted. Simply delete the app and reinstall it. Your data will sync back from iCloud (if enabled) in plaintext, and you can set up a new PIN. This is why we separate PIN (authentication) from encryption (data protection).
Yes, BUT you need your PIN. When you restore your iPhone and install ArmoryHub, your encrypted data will sync down from iCloud. You'll need to either: (1) Import your encryption key from another device via QR code, or (2) Use your backup recovery QR code. Without one of these, your synced data will remain encrypted and unreadable.
Absolutely! This is the MOST secure configuration. Enable PIN + Encryption, then disable iCloud sync in Settings. Your data never leaves your device. Perfect for maximum security. Just make sure to generate and safely store a backup recovery QR in case your device is lost/damaged.
You may notice a 1-2 second delay when unlocking the app (while data decrypts) and when backgrounding (while data encrypts). This is normal. We're encrypting/decrypting thousands of text fields. For most users, this delay is imperceptible on modern iPhones.
You can toggle encryption off anytime. Your data will be decrypted back to plaintext, but your encryption key stays in the Keychain (in case you want to re-enable later). To completely remove encryption, you must disable PIN (which deletes the key). Just remember: disabling encryption means your data is no longer protected at rest.
No. ZIP backups are exported in PLAINTEXT CSV format—even if encryption is enabled in the app. This ensures compatibility and allows you to recover data outside the app. CRITICAL: Always add a password to ZIP backups before storing them. Use 7-Zip (Windows) or macOS Terminal to add AES-256 encryption. Store password-protected ZIPs in secure locations only (password managers, encrypted drives, safes). Never email or upload unprotected backups to cloud storage.
Yes. When importing a backup, ArmoryHub will prompt for the ZIP password if it's protected. The app extracts the CSV files, imports the data, then discards the temporary files. Your password is never stored. Recommendation: Use password-protected ZIPs for all backups as a second layer of security.
New to the app? Enable PIN first to protect against casual access. Once you're comfortable and have backed up your data, enable encryption for maximum security. You can always add encryption later.
When encryption is enabled, the app automatically hides the 'Never' timeout option. We recommend 'Immediately' for encrypted data—this ensures data is locked as soon as you leave the app.
After generating a backup QR, test it! Install ArmoryHub on an iPad or old iPhone, import the QR, verify it works. Better to discover issues now than during an emergency.
Generate one backup QR and save it in: (1) Password manager, (2) Printed in safe, (3) Encrypted USB drive. Redundancy prevents total loss if one location fails.
When setting up a new device, use the temporary QR code (expires in 5 minutes). These are one-time use for security. For recovery, use the non-expiring backup QR.
Ultimate security: Enable PIN + Encryption, then disable iCloud sync. Your data never leaves your device. Perfect if you never want your firearms data in any cloud, even encrypted.
The legendary Wife Mode (shows all values at 50% of actual price) works with or without encryption. Mission-critical feature operates independently of security settings.
Tap the 'LOCK' button in the top-right of the app to immediately encrypt data and lock the app. Useful before handing device to someone or entering a public space.
Scenario:
I share my device with family members
Recommendation:
BIOMETRIC ONLY or PIN ONLY
Reasoning:
Prevents family from accidentally deleting firearms or seeing purchase prices. No encryption needed unless data is highly sensitive.
Scenario:
I have NFA items with tax stamps and trust names
Recommendation:
PIN + ENCRYPTION
Reasoning:
NFA data is legally sensitive. Encryption protects serial numbers, tax stamp numbers, and trust information from unauthorized access.
Scenario:
I'm worried about device theft
Recommendation:
BIOMETRIC + PIN + ENCRYPTION
Reasoning:
Two-factor auth prevents casual access. Encryption prevents forensic data extraction. Thief cannot access data even with professional tools.
Scenario:
I use iCloud sync across multiple devices
Recommendation:
PIN + ENCRYPTION + QR Code Transfer
Reasoning:
Encryption ensures data syncs as encrypted blobs. QR codes transfer keys securely between your devices offline. iCloud never sees your keys.
Scenario:
I'm a competitive shooter tracking DOPE data
Recommendation:
BIOMETRIC ONLY or PIN ONLY
Reasoning:
DOPE data isn't legally sensitive. PIN-only gives quick access while preventing others from modifying your data. Encryption is overkill for this use case.
Scenario:
I'm in a jurisdiction with strict firearms laws
Recommendation:
OFFLINE + PIN + ENCRYPTION
Reasoning:
Maximum privacy: Disable iCloud sync entirely. Enable PIN + Encryption. Data never leaves your device, even encrypted. Generate backup QR and store physically (not digitally).
No. We cannot reset your PIN because we don't have access to it. Your PIN is hashed locally on your device and never transmitted to us. This is a security feature, not a limitation. If encryption is disabled, you can delete/reinstall the app. If encryption is enabled and you don't have a backup QR, your data is unrecoverable.
For security. With encryption enabled, the master key must be periodically cleared from memory. The 'Never' option would keep the key in memory indefinitely, increasing risk from memory dump attacks. We automatically hide this option when encryption is on.
With encryption enabled: Data is re-encrypted when you background the app, then the master key is cleared from memory. When you return, you authenticate with PIN, data is decrypted back to plaintext for app use. With PIN-only: Nothing happens—data stays in plaintext.
Depends on inventory size. Small inventory (10-50 items): ~1 second. Medium (100-500 items): 2-5 seconds. Large (1000+ items): 10-30 seconds. This happens in the background with a progress indicator.
Yes. Export happens while the app is unlocked (data is decrypted in memory). Exported files are NOT encrypted—they're plain CSV/PDF files. If you want to share encrypted exports, manually encrypt the export files before sharing.
No. Face ID / Touch ID data never leaves Apple's Secure Enclave and is never accessible to apps. We simply ask iOS 'is this the device owner?' and iOS responds yes/no. Your biometric templates stay with Apple, not us.
ArmoryHub is built by a single independent developer who is passionate about firearms, security, and creating tools that solve real problems. This isn't a big corporation—it's one person who cares about getting it right.
Questions? Feedback? Security concerns? Email: support@armoryhub.app
Download ArmoryHub and choose the security level that's right for you.