← FORM4API

// legal

Privacy Policy

Last updated: May 2026

1. Who we are

Form4API (“we”, “us”) operates the API and website at form4api.com. We provide programmatic access to publicly available SEC Form 4 insider trading filings. Contact: contact form

2. Data we collect

Account data

When you sign up, Clerk (our authentication provider) collects your email address and manages your session. We store your Clerk user ID linked to your API key and plan.

API usage data

We log every API request: timestamp, endpoint, HTTP status code, and your API key identifier. We use this to enforce rate limits, display your usage stats, and debug issues. Individual request logs are retained for 90 days.

Payment data

Payments are processed by Stripe. We do not store card numbers or bank details. We receive confirmation of your subscription plan and billing status from Stripe.

Technical data

Standard server logs may include IP addresses and user-agent strings. Vercel Analytics collects anonymised, cookieless page-view data. We also use Google Analytics 4 (see Section 4 and the Cookies section below), which sets cookies and collects data such as your approximate IP address, browser type, device, and pages visited. Google Analytics data is only collected after you give explicit consent via our cookie banner.

3. How we use your data

  • To authenticate you and serve your API key
  • To enforce rate limits and plan quotas
  • To process payments and manage your subscription
  • To display usage statistics in your dashboard
  • To send transactional emails (e.g. account confirmation) via Clerk
  • To investigate abuse or security incidents

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 4.

4. Third-party processors

ProcessorPurposeData shared
ClerkAuthenticationEmail, session tokens
StripePayment processingEmail, billing info
VercelHosting & analyticsAnonymised page views
Google LLCAnalytics (GA4)IP address, device, browsing behaviour — consent required
HetznerAPI server hostingAPI request logs
SentryError monitoringStack traces (no PII)

5. Data retention

  • Account data is retained while your account is active and for 30 days after deletion.
  • API request logs are retained for 90 days.
  • Payment records are retained as required by law (typically 7 years).

6. Cookies

We use one category of cookies:

CookieProviderPurposeExpiry
_gaGoogle AnalyticsDistinguishes users2 years
_ga_*Google AnalyticsSession state2 years
cookie_consentForm4APIStores your consent choice (localStorage)Until cleared

Google Analytics cookies are only set after you accept via our cookie banner. You can withdraw consent at any time by clearing your browser's local storage or cookies, which will cause the banner to reappear on your next visit.

Google LLC processes analytics data in the United States under Standard Contractual Clauses. Google's Privacy Policy.

7. Your rights

You can request access to, correction of, or deletion of your personal data at any time via our contact form. We will respond within 30 days. You can delete your account at any time from the Clerk account settings.

8. Security

All data is transmitted over HTTPS. API keys are stored hashed. We do not store plaintext credentials. If you believe your API key has been compromised, contact us immediately and we will rotate it.

9. Changes

We may update this policy. Material changes will be communicated by email to registered users. Continued use of the service after changes constitutes acceptance.