Skip to content Skip to footer
Find A dealer
Find A dealer
Find A dealer
Close

Privacy Policy

CheyTac USA

 Effective Date: October 16, 2025

 Last Updated: October 16, 2025

 

Introduction

CheyTac USA (“CheyTac,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information in compliance with applicable U.S. and international data protection laws.

This Privacy Policy explains how we collect, use, disclose, retain, and secure your information when you visit cheytac.com, use our M200 Configurator, or otherwise interact with CheyTac USA.

By using our website or services, you acknowledge that you have read and understood this Policy and consent to its terms.

 

1. Information We Collect

1.1 Information You Provide

When you use our M200 Configurator, make an inquiry, or communicate with us, we may collect:

  • Personal Information: Name, email address, phone number
  • Configuration Data: Rifle customization preferences, finishes, and component selections
  • Communication Preferences: Marketing opt-in status
  • Additional Information: Any data you voluntarily submit via contact forms or emails

1.2 Information Collected Automatically

When you visit our site, we automatically collect:

  • Technical Data: IP address, browser type, device ID, and operating system
  • Usage Data: Pages visited, session duration, and clickstream patterns
  • Cookies and Similar Technologies: As explained in the “Cookies and Tracking” section

1.3 Configuration Tool Data

Our M200 Configurator may temporarily capture visual screenshots of rifle configurations, finish selections, and time/date metadata.

 

2. How We Use Your Information

We use your information for:

  • Order Fulfillment: Responding to configurator submissions, inquiries, or orders
  • Customer Service: Providing product support and communication
  • Product Improvement: Enhancing our configurator and design tools
  • Marketing (With Consent): Sending promotional or product update emails
  • Legal Compliance: Ensuring adherence to ITAR/EAR export controls and other laws
  • Fraud and Security: Detecting and preventing unauthorized activity or misuse

We will not use your personal information for materially different purposes without prior notice or consent.

 

3. Legal Basis for Processing (EEA/UK GDPR)

For users in the EEA or UK, our processing bases include:

  • Consent: For marketing and cookies where required
  • Contractual Necessity: To fulfill product requests or service interactions
  • Legitimate Interests: For security, fraud prevention, and internal analytics
  • Legal Obligation: To comply with U.S. and international laws, including ITAR/EAR

 

4. How We Share Your Information

We do not sell your data. We may disclose information only as follows:

4.1 Authorized Service Providers

We use vetted vendors under binding Data Processing Agreements (DPAs), including:

  • Email Delivery: Postmark (U.S.)
  • Hosting and Infrastructure: DigitalOcean or AWS (U.S. data centers)
  • Analytics Providers: Google Analytics or equivalent, using anonymized tracking

All service providers are contractually required to maintain appropriate security and confidentiality measures.

4.2 Legal Disclosures

We may disclose data to law enforcement or regulatory bodies when required to:

  • Comply with lawful orders, subpoenas, or export regulations
  • Protect CheyTac’s rights, property, or safety
  • Enforce our Terms of Service or prevent fraud

4.3 Business Transfers

In case of a merger, acquisition, or restructuring, personal data may be transferred under equivalent safeguards.

 

5. Data Retention

Data Type

Retention Period

Purpose

Configuration Data

1 hour (temporary), then securely stored

System logs and customer service

Email and Orders

7 years

Legal and accounting compliance

Marketing Data

Until opt-out or deletion request

Voluntary communications

Anonymized Analytics

Indefinite

Aggregate insights only

Upon expiration, data is securely deleted or anonymized.

 

6. Your Privacy Rights

6.1 Universal Rights

You may:

  • Request access, correction, or deletion of your data
  • Withdraw marketing consent
  • Request restriction or objection to processing
  • Receive data portability (structured format)

6.2 U.S. Residents (CCPA/CPRA and State Laws)

Residents of California, Virginia, Colorado, Connecticut, and Utah may:

  • Request disclosure of collected information
  • Request deletion (subject to legal retention)
  • Opt-out of personal data sale (CheyTac does not sell data)
  • Exercise rights free of discrimination

Verification: We may request proof of identity before fulfilling requests to prevent unauthorized access.

Submit requests via:

  • Email: info@cheytac.com
  • Phone: +1 (731) 535-6029
  • Mail: CheyTac USA, Privacy Department, 24070 Highway 70, Huntingdon, TN 38344, United States

We will acknowledge requests within 10 business days and respond within 30 calendar days.

 

7. Cookies and Tracking

We use cookies to improve user experience and security.

7.1 Cookie Types

  • Essential Cookies: Required for configurator operation
  • Analytics Cookies: Aggregate usage data
  • Preference Cookies: Store language and configuration settings
  • Marketing Cookies: Used only if you provide consent

7.2 Consent Management

Visitors from the EEA or UK will see a consent banner allowing acceptance or rejection of non-essential cookies.

You can manage cookies via browser settings. Disabling them may limit website functionality.

 

8. Security

CheyTac maintains comprehensive security controls to protect data:

  • Encryption: All transmissions secured via HTTPS/TLS
  • Storage: Access-controlled databases within U.S. facilities
  • Authentication: Role-based user access and password complexity enforcement
  • Auditing: Regular penetration testing and vulnerability assessments
  • Breach Notification: In the event of a data breach, affected users and regulators will be notified as required by law

Despite best efforts, no method of electronic storage is completely secure; users acknowledge residual risk inherent in online communications.

 

9. International Data Transfers

Data may be processed in the United States. For EEA/UK users, transfers rely on standard contractual clauses (SCCs) ensuring adequate protection under GDPR Articles 44-49.

 

10. ITAR/EAR Compliance

CheyTac USA manufactures and sells defense articles governed by 22 C.F.R. §§ 120–130 (ITAR) and 15 C.F.R. §§ 730–774 (EAR).

To comply with these laws:

  • Data may be collected to confirm eligibility for export-controlled information
  • Access to export-controlled materials is restricted to authorized U.S. persons
  • All transmissions are monitored for export compliance and subject to audit

Unauthorized disclosure of export-controlled data is strictly prohibited.

 

11. Children’s Privacy

Our services are not directed toward minors under 18. We do not knowingly collect data from children. If such data is inadvertently obtained, it will be deleted immediately upon discovery.

 

12. Data Subject Verification

Before granting access, correction, or deletion, we verify identity through reasonable means, such as confirming prior communications or requiring authentication tokens. Requests from authorized agents must include written authorization.

 

13. Changes to This Policy

CheyTac may update this Policy periodically to reflect regulatory or operational changes. Updated versions will display a revised “Last Updated” date. Significant changes will be posted prominently on our website and, where appropriate, notified via email.

 

14. Contact Information

CheyTac USA – Privacy Department

 Address: 24070 Highway 70, Huntingdon, TN 38344, United States

 Email: info@cheytac.com

 Phone: +1 (731) 535-6029

 Website: https://cheytac.com/contact

We respond to verified privacy inquiries within 30 calendar days.

 

15. State-Specific Disclosures

Nevada

We do not sell personal data as defined under Nevada law.

Virginia, Colorado, Connecticut, Utah

Residents of these states may exercise rights to access, delete, correct, or opt out of targeted advertising or profiling by contacting info@cheytac.com.

 

16. Glossary

Personal Information: Any data identifying or linkable to an individual.

 Processing: Any operation performed on data, including collection, storage, or disclosure.

 Controller: Entity determining purposes and means of data processing (CheyTac USA).

 Processor: Entity processing data on behalf of CheyTac (service providers).

 

17. Consent

By using our website, configurator, or services, you consent to the collection and use of information in accordance with this Policy. For marketing communications, explicit opt-in consent is required and can be withdrawn at any time.

© 2025 CheyTac USA. All rights reserved. Unauthorized reproduction or distribution of this document is prohibited.