Privacy Policy

How Arkolith processes account data and public-record market data

Last updated: June 12, 2026

1. Who We Are

Balthazar Project AB, a limited company (aktiebolag) registered in Sweden, is the controller for personal data processed through the Arkolith API, MCP server, and website. You can contact us at privacy [at] arkolith.com.

2. Account and Usage Data

When you create an account or use the API/MCP, we process your name, email address, organization details if provided, API-key metadata, billing records, and usage logs such as calls made, endpoints, timestamps, IP-derived security data, and error events.

We use this data to provide, secure, meter, bill, debug, and improve the Service, and to communicate with you about the Service. Legal bases: contract performance under GDPR Art. 6(1)(b) and our legitimate interests in operating and securing the Service under Art. 6(1)(f).

3. Public-Record Data About Named Individuals

The Service includes factual data about identified natural persons obtained from public official registers. This includes corporate insiders named in U.S. SEC Form 4 and related filings, and members of the U.S. Congress named in STOCK Act financial disclosures.

Categories include name, role or position, issuer or entity concerned, reported transaction type, date, and amount range as disclosed in the public filing. Sources include SEC EDGAR and U.S. House/Senate financial-disclosure systems. This notice is provided under GDPR Art. 14 because the data is not collected from the named person.

Purposes: financial-market transparency, accountability of mandatory public disclosures, and market-data infrastructure for customers. Legal basis: legitimate interests under GDPR Art. 6(1)(f), balanced against data-subject interests in our documented assessment. Recipients include API and MCP customers. We do not knowingly process special-category data under GDPR Art. 9.

4. Do We Sell Data?

We provide factual data drawn from public official registers to customers as part of the Service. We do not sell account-holder personal data such as names, emails, account details, or billing data for marketing or advertising. We do not use third-party advertising or tracking networks.

5. Your Rights

You have the rights of access, rectification, erasure, restriction, objection, and data portability under the GDPR. You also have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY), at imy.se. To exercise rights, contact privacy [at] arkolith.com. We respond within one month.

For public-record data, we may decline an erasure or objection request in whole or in part where processing is necessary for freedom of expression and information, archiving in the public interest, research or statistics, legal claims under GDPR Art. 17(3), or compelling legitimate grounds under Art. 21. We will correct demonstrably inaccurate data and propagate corrections through the Service.

6. International Transfers

The Service is hosted in the EEA, including Google Cloud in europe-west1. Where a sub-processor or upstream source is outside the EEA, transfers are protected by an adequacy decision, EU Standard Contractual Clauses, or another lawful transfer mechanism.

7. Retention

Account and billing data is retained for the life of the account and as required by Swedish bookkeeping, tax, and legal obligations after that. Usage logs are retained for a limited period for security, abuse prevention, debugging, and billing. Public-record data is retained as historical financial record data consistent with the transparency and point-in-time archive purpose.

8. Cookies and Tracking

We use essential cookies for authentication and core functionality. We use first-party, cookieless traffic analytics to understand visits and crawler activity. We do not use third-party advertising cookies or advertising networks.

With your consent (GDPR Art. 6(1)(a)), we additionally use session replay, a recording of how the interface is used, to find and fix usability problems. Session replay is off by default and only starts after you accept it in the consent banner. You can give or withdraw that consent at any time here, and withdrawing stops future recording immediately:

9. Contact

Privacy questions and rights requests: privacy [at] arkolith.com.