Privacy Policy

Effective May 13, 2026. Ablon Group, LLC, 250 20th Street, Santa Monica, CA 90402.

1. Summary

FilingFirehose collects only the personal data needed to operate the service: your email address (for account / API key delivery), your IP address (for rate limiting and analytics), and payment information (handled by Stripe, not stored on our servers). We do not sell personal data to third parties. We use only first-party, privacy-friendly analytics. We do not set non-essential cookies.

2. What we collect and why

• Email address — for account creation, API key delivery, service updates (welcome, trial expiry, billing). Required.
• IP address — for per-IP rate limiting on the free tier and aggregate analytics. Logged in /data/pageviews.jsonl for 90 days, then deleted.
• API request metadata — endpoint, query parameters, response size, timestamp. Used for usage-based billing on metered tiers and for debugging service issues. Retained for 90 days.
• Payment information — handled by Stripe. We receive only the customer ID, subscription status, and last-four digits. Full card details never reach our servers.
• Trial email — stored to prevent trial abuse (one trial per email address). Deleted on request.

3. Cookies and analytics

We use Cloudflare Web Analytics, which is cookie-free and does not collect personal data — it records only aggregate page-view counts and referrer domains. We do not embed Google Analytics, Facebook Pixel, or any third-party advertising or tracking pixels on filingfirehose.com.

4. Third-party services we use

To operate the service, we share minimal data with these processors:

• Stripe — payment processing
• Mailgun — outbound email delivery (transactional and 1:1 outreach)
• Resend — transactional email delivery (welcome, trial, billing)
• Brevo — newsletter and outreach email (legacy)
• Cloudflare — DNS, CDN, web analytics, email forwarding
• Fly.io — application hosting (US data center)

We do not share your data with any other third parties except as required by law (subpoena, court order, etc.). We do not sell data to advertisers or data brokers.

5. The SEC data itself

The SEC EDGAR filings we serve are public records. We do not collect or store any personal data about the subjects of those filings beyond what is already publicly disclosed by the filers themselves.

6. Data retention

• Account data — for the lifetime of your account, plus 90 days after deletion
• API request logs — 90 days
• Pageview / analytics logs — 90 days
• Email delivery logs (welcome, trial, etc.) — 60 days, then deleted
• Stripe billing records — retained per Stripe's policy and applicable tax law

7. Your rights

Regardless of jurisdiction, we honor the following requests via email to info@filingfirehose.com:

• Access — receive a copy of all data we hold about you
• Deletion — delete your account and associated data
• Portability — receive your data in machine-readable format (JSON)
• Correction — fix inaccurate data we hold about you
• Opt-out — unsubscribe from non-essential emails (one click in any email)

We respond to requests within 30 days. EU/UK residents have additional rights under GDPR. California residents have additional rights under CCPA.

8. B2B outreach emails

We send a small volume of personalized 1:1 outreach emails to publicly listed business contacts (e.g., compliance officers at small RIAs whose contact emails are published on the firm's website). Recipients can unsubscribe with one click in the email or by replying. We do not purchase email lists or send bulk unsolicited mail.

9. Children

FilingFirehose is a B2B service intended for finance professionals, developers, and journalists. We do not knowingly collect data from individuals under 18. If we learn we have such data, we will delete it.

10. Security

API keys are stored hashed. Payment data is handled by Stripe (PCI-DSS Level 1). Hosting is in U.S. data centers (Fly.io, IAD region). All HTTP traffic is HTTPS-only with HSTS. We do not have a SOC 2 audit yet — appropriate for B2B clients with sensitive data should evaluate accordingly.

11. International transfers

The service is operated from the United States. If you are outside the U.S., your data will be transferred to and processed in the U.S.

12. Changes to this policy

We may update this policy; material changes will be communicated via email to active accounts at least 14 days before taking effect. The current version is always at filingfirehose.com/privacy.

13. Contact

Privacy questions: info@filingfirehose.com