Notice

Silhouettes & line art delayed.Capacity is tight right now. We add new firearms in regular batches every few weeks. Verifying data takes time. Thanks for your patience.

Firearms

Data Processing Agreement

Last Updated: June 3, 2026

This Data Processing Agreement ("DPA") describes how Buun Group processes personal data on behalf of business customers of GunSpec.io where data protection law, such as the GDPR, applies. It forms part of our Terms of Service.

The firearms specification data we publish is reference data and is not personal data. This DPA is therefore mainly relevant to account, billing, and API-usage data connected to your use of the Services.

1. Roles & Scope

For personal data you provide to operate your account and use the API, you act as the controller and Buun Group acts as the processor, processing that data only on your documented instructions and as needed to provide the Services. For our own purposes, such as billing and securing the platform, Buun Group acts as a controller as described in our Privacy Policy.

2. Nature of Processing

The personal data processed under this DPA is typically limited to account contact details, authentication identifiers, subscription and billing records, and API request logs. We process it for the purpose of providing, securing, billing, and supporting the Services.

3. Subprocessors

You authorize Buun Group to engage the subprocessors listed on our Subprocessors page, which we keep current. We impose data-protection obligations on each subprocessor that are no less protective than those in this DPA.

4. Security Measures

We maintain appropriate technical and organizational measures to protect personal data, including encryption in transit, secured credential and API-key storage, access controls, and logging. Further detail is available in our Privacy Policy and on request.

5. Assistance With Requests

Taking into account the nature of the processing, we will provide reasonable assistance to help you respond to requests from data subjects exercising their rights, and to meet your obligations regarding security, breach notification, and impact assessments.

6. Breach Notification

We will notify you without undue delay after becoming aware of a personal data breach affecting personal data we process on your behalf, and will provide the information you reasonably need to meet your own notification obligations.

7. International Transfers

Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's standard contractual clauses, together with compliance with the Australian Privacy Principles.

8. Return & Deletion

On termination of the Services, we will delete or return personal data processed on your behalf in line with our Privacy Policy and applicable retention requirements, unless we are required by law to retain it.

9. Requesting a Signed DPA

If your organization requires a countersigned copy of this DPA, including the standard contractual clauses, contact us at [email protected] and we will arrange one.

Product

Browse

Demo

Company

Legal

© GunSpec 2026
All systems operational
Buun Group