Privacy Policy

Effective January 1, 2026 — Wheaton Arms LLC d/b/a CanBuilder

1. Introduction

Wheaton Arms LLC d/b/a CanBuilder (“we,” “us,” or “our”) operates canbuilder.com (the “Service”). This Privacy Policy describes what personal information we collect, how we use and protect it, and your rights regarding that information. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you register for an account, we collect your email address, display name, and optionally your zip code. Zip code is used solely to surface nearby NFA dealers and is never shared externally.

Build Data

Suppressor builds you create and save are stored in your account. We do not share individual build configurations with third parties without your explicit consent, except as required by law.

Payment Information

Subscription payments are processed by Authorize.net, a service of Visa Inc. We transmit your payment details directly to Authorize.net over an encrypted connection. We never store your full credit card number, CVV, or banking credentials on our servers. We retain only a masked card reference and subscription status for account management purposes.

Usage Analytics

We collect anonymized data about how you use the Service, including pages viewed, features used, search queries, and session duration. This data is not linked to your personal identity and is used solely to improve the Service.

Communications

If you opt in to our newsletter or product alerts, we store your email address for that purpose. You may unsubscribe at any time via the unsubscribe link in any email or by contacting privacy@canbuilder.com.

3. How We Use Your Information

  • To create and manage your account
  • To provide compatibility search results and saved builds
  • To process subscription payments and send receipts
  • To surface nearby NFA dealers based on your zip code
  • To send newsletters, product alerts, and transactional emails you have opted into
  • To respond to support requests and account inquiries
  • To detect, investigate, and prevent fraud, abuse, and security threats
  • To analyze usage patterns and improve the Service
  • To comply with applicable legal obligations

4. What We Do Not Do

  • We do not sell, rent, or trade your personal information to any third party.
  • We do not share your build configurations with manufacturers, dealers, or advertisers without your explicit consent.
  • We do not serve behavioral advertising based on cross-site tracking or data broker profiles.
  • Advertisements shown to free-tier users are contextual only (based on the product category being viewed), not based on your personal data or browsing history.

5. Third-Party Service Providers

We use the following sub-processors to operate CanBuilder. Each is engaged under a data processing agreement and bound by applicable data protection law:

  • Supabase — Database hosting, authentication, and real-time services (supabase.com)
  • Vercel — Web application hosting and CDN (vercel.com)
  • Authorize.net (Visa) — Payment card processing (authorize.net)
  • Resend — Transactional and newsletter email delivery (resend.com)
  • Anthropic — AI-powered chatbot functionality; query text may be processed by Anthropic (anthropic.com)

We do not permit these providers to use your data for any purpose other than delivering services to CanBuilder.

6. Data Retention

We retain your account data for as long as your account remains active. If you request account deletion, we will soft-delete your data immediately and permanently purge it within 30 days, except where retention is required by law. Subscription and billing records are retained for 7 years for financial and tax compliance purposes. Anonymized analytics data is retained indefinitely.

7. Your Privacy Rights

All Users

You may at any time request: (a) a copy of the personal information we hold about you; (b) correction of inaccurate data; or (c) deletion of your account and personal data. Submit requests to privacy@canbuilder.com. We will respond within 30 days.

California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act, California residents have the right to: know what personal information is collected and how it is used; request deletion of personal information; opt out of the sale or sharing of personal information (we do not sell or share personal information); correct inaccurate personal information; and be free from discrimination for exercising these rights. To submit a verifiable consumer request, contact privacy@canbuilder.com.

European Users (GDPR)

If you are located in the European Economic Area or United Kingdom, you have rights including: access to your personal data; rectification of inaccuracies; erasure (“right to be forgotten”); restriction of processing; data portability; and the right to object to certain processing. Our legal bases for processing are: contract performance (subscription services), legitimate interests (security, fraud prevention, analytics), and consent (newsletter). To exercise your rights, contact privacy@canbuilder.com.

8. Cookies and Tracking

We use session cookies strictly necessary for authentication and account management. We do not use third-party advertising cookies, social media tracking pixels, or cross-site behavioral tracking technologies. You may disable cookies in your browser settings, but some Service features (including login and saved builds) will not function without them.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has provided personal information, we will promptly delete it. If you believe a minor has submitted information to us, please contact privacy@canbuilder.com.

10. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted database storage through Supabase, row-level security policies, and regular security monitoring. No method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers by email at least 14 days before material changes take effect. The current version is always available at canbuilder.com/privacy. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

12. Contact

For privacy questions, data requests, or concerns:
Wheaton Arms LLC d/b/a CanBuilder
privacy@canbuilder.com