TN Tennessee Guns Federally Licensed Firearms Dealer
🛒 0

Privacy Policy

Privacy Policy

Last updated: April 2026

We respect your privacy and we do not share customer data with third parties for marketing. Federal record-keeping rules require us to keep certain data for the ATF, but everything beyond that is on you to control.

Data We Collect

  • Order info: name, billing address, the receiving FFL’s shipping address, email, phone, and a payment-confirmation reference. We never see or store your full card number — that lives with the payment processor.
  • Account info (optional): email and a hashed password if you create a customer account.
  • FFL paperwork: required by federal law (ATF Form 4473 stays at the receiving FFL; our outbound records are kept per the 27 CFR Part 478 retention schedule).
  • Site analytics: standard server logs (IP, user-agent, request path) and a small set of session cookies for cart functionality.

How We Use It

To process your order, coordinate the FFL transfer, send shipping updates, comply with federal record-keeping rules, and improve the site. We do not sell, rent, or share your data with third-party marketers, advertisers, or data brokers. Period.

Payment Data

Card processing happens entirely through our payment provider over a TLS-encrypted connection. The provider is PCI-DSS compliant. Tennessee Guns never sees your full card number, expiration date, or CVV.

Cookies

Session cookies for the cart, and basic anonymous analytics. You can disable cookies in your browser, but the cart will not function without them. We do not use third-party advertising trackers, Facebook pixels, or remarketing tags.

Your Rights

Email [email protected] to request a copy of your customer data, correct any errors, or request deletion of non-required records. ATF-mandated FFL records are retained per federal law and cannot be deleted on request — that one is not optional for us.

Data Breach Policy

If we are ever notified of a data exposure that affects customer records, we notify affected customers directly and within the timeframe required by the strictest applicable state law (typically 30 days). We have not had a breach.