← FORM4API

// legal

Privacy Policy

Last updated: June 2026

1. Who we are

Form4API (“we”, “us”) operates the API and website at form4api.com. We provide programmatic access to publicly available SEC Form 4 insider trading filings. Contact: contact form

2. Data we collect

Account data

When you sign up, Clerk (our authentication provider) collects your email address and manages your session. We store your Clerk user ID linked to your API key and plan.

API usage data

We log every API request: timestamp, endpoint, HTTP status code, and your API key identifier. We use this to enforce rate limits, display your usage stats, and debug issues. Individual request logs are retained for 90 days.

Payment data

Payments are processed by Stripe. We do not store card numbers or bank details. We receive confirmation of your subscription plan and billing status from Stripe.

Technical data

Standard server logs may include IP addresses and user-agent strings. Vercel Analytics collects anonymised, cookieless page-view data. We also use Google Analytics 4 (see Section 4 and the Cookies section below), which sets cookies and collects data such as your approximate IP address, browser type, device, and pages visited. Google Analytics data is only collected after you give explicit consent via our cookie banner.

Testimonial submissions

If you choose to submit a testimonial, we collect the name, title, company, and email address you provide, your star rating, your written quote, and any optional video or link. Where you give your consent, your testimonial together with your name, title, and company may be displayed publicly on our website and in marketing materials. Submitting a testimonial is entirely optional and is not required to use the Service.

3. How we use your data

  • To authenticate you and serve your API key
  • To enforce rate limits and plan quotas
  • To process payments and manage your subscription
  • To display usage statistics in your dashboard
  • To send transactional emails (e.g. account confirmation) via Clerk
  • To send occasional service and product-update emails about features relevant to your account — you can opt out at any time via the unsubscribe link in each email
  • To publicly display testimonials you submit, where you have given consent, on our website and in marketing materials
  • To investigate abuse or security incidents

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 4.

4. Third-party processors

ProcessorPurposeData shared
ClerkAuthenticationEmail, session tokens
StripePayment processingEmail, billing info
VercelHosting & analyticsAnonymised page views
Google LLCAnalytics (GA4)IP address, device, browsing behaviour — consent required
HetznerAPI server hostingAPI request logs
SentryError monitoringStack traces (no PII)

5. Data retention

  • Account data is retained while your account is active and for 30 days after deletion.
  • API request logs are retained for 90 days.
  • Payment records are retained as required by law (typically 7 years).

6. Cookies

We use one category of cookies:

CookieProviderPurposeExpiry
_gaGoogle AnalyticsDistinguishes users2 years
_ga_*Google AnalyticsSession state2 years
cookie_consentForm4APIStores your consent choice (localStorage)Until cleared

Google Analytics cookies are only set after you accept via our cookie banner. You can withdraw consent at any time by clearing your browser's local storage or cookies, which will cause the banner to reappear on your next visit.

Google LLC processes analytics data in the United States under Standard Contractual Clauses. Google's Privacy Policy.

7. Your rights

You can request access to, correction of, or deletion of your personal data at any time via our contact form. We will respond within 30 days. You can delete your account at any time from the Clerk account settings. If you have submitted a testimonial, you can request its removal from public display at any time via the contact form.

8. Security

All data is transmitted over HTTPS. API keys are stored hashed. We do not store plaintext credentials. If you believe your API key has been compromised, contact us immediately and we will rotate it.

9. Changes

We may update this policy. Material changes will be communicated by email to registered users. Continued use of the service after changes constitutes acceptance.