Privacy Policy
RangeJournal.com — Last updated: May 6, 2026
RangeJournal.com is built as a private shooting sports journal. It is not a community, marketplace or public profile platform.
1. Who we are
RangeJournal.com is a personal journal application for shooting sports athletes. The service is provided as-is for personal record-keeping.
2. What data we collect
When you create an account we store: your email address (encrypted), a cryptographic lookup hash of your email, an Argon2ID or Bcrypt password hash, your display name (encrypted), account creation date, and last login timestamp. For each shooting session you may optionally provide: date, discipline, score, rounds fired, weapon, location/club, and private notes — all stored encrypted. For each registered weapon you may provide: name, type, caliber, and notes — all stored encrypted.
3. How your email is stored
Your email address is never stored in plaintext. It is encrypted with AES-256-GCM at the application level. A one-way HMAC-SHA-256 lookup hash is stored separately to enable login without ever decrypting the full address in the database layer.
4. Application-level encryption
Sensitive fields (session details, weapon details, display name, email) are encrypted in PHP using OpenSSL AES-256-GCM before reaching MySQL. Each record stores ciphertext, a random nonce/IV and an authentication tag separately. The encryption master key is stored only in server-side environment configuration and never transmitted to clients.
5. No public profiles
Your sessions, weapons and personal data are only visible to your authenticated account. There are no public profiles, public statistics pages, leaderboards, or social sharing features.
6. Security logging
For login security we may log events such as failed login attempts and account changes. IP addresses and user agents are not stored as plaintext; they are hashed with HMAC-SHA-256 before storage.
7. Cookies
RangeJournal.com uses necessary session cookies for authentication and CSRF protection. These are set with Secure, HttpOnly and SameSite=Strict flags. No analytics or advertising cookies are set by default. Optional cookie categories require your explicit consent via the cookie consent banner.
8. Legal basis (GDPR)
Processing of your data is based on your explicit consent at registration (Art. 6(1)(a) GDPR) and on the performance of the service you requested (Art. 6(1)(b) GDPR).
9. Data retention
Your data is retained until you delete your account or submit a deletion request. Upon account deletion, all associated sessions, weapons, settings and logs are permanently deleted via cascade.
10. Your rights (GDPR)
You have the right to access, rectify, and erase your personal data. You can export all your session data as CSV at any time from the Export page. You can delete your account from your profile page. For further requests, contact us at the email address on this page.
11. Data portability
You can download all your session data at any time in CSV format from the Export page in your account.
12. Third parties
We do not sell, rent, or share your personal data with third parties for their own purposes. We do not use third-party advertising networks. CDN-served Bootstrap and Bootstrap Icons load CSS and icon assets but do not set cookies and do not receive your session data.
13. Data security
We implement application-level AES-256-GCM encryption, HTTPS, secure session configuration, CSRF protection, rate-limited login, and prepared SQL statements to protect your data. No security measure is perfect; we encourage you to use a strong, unique password.
14. Sensitive information
Avoid entering firearms serial numbers, permit or license numbers, or exact home storage details in any journal field. The platform is designed for sporting and administrative records, not as a storage facility for legally sensitive firearm registration data.
15. Children
RangeJournal.com is not directed to persons under 18 years of age. If you believe a minor has created an account, please contact us for removal.
16. Changes to this policy
We may update this Privacy Policy. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance.