Terms of Service

1. Acceptance of Terms

By accessing, browsing, or using the ko.io website, API, MCP server, or any related services (collectively, the “Service”), you acknowledge that you have read, understood, and agree to be bound by these Terms of Service (“Terms”). These Terms constitute a legally binding agreement between you (“User,” “you,” or “your”) and ko.io (“Company,” “we,” “us,” or “our”), a company organized under the laws of the European Union.

You must be at least eighteen (18) years of age to use the Service. By using the Service, you represent and warrant that you are at least 18 years old and have the legal capacity to enter into a binding agreement. If you are accessing or using the Service on behalf of a company, organization, or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms, in which case “you” and “your” shall refer to that entity.

If you do not agree to all of these Terms, you must immediately cease using the Service. Your continued use of the Service following the posting of any changes to these Terms constitutes your acceptance of those changes.

2. Description of Service

ko.io is a financial data platform that aggregates, processes, and serves data derived from public filings submitted to the United States Securities and Exchange Commission (SEC). The Service provides programmatic and visual access to this data through several channels:

• REST API — A structured HTTP API at api.ko.io with 39 endpoints covering institutional holdings, insider trades, congressional stock activity, company financials, stock prices, and more.
• MCP Server — A Model Context Protocol server (@ko-io/mcp-sec-data) enabling integration with AI assistants such as Claude and Cursor, available via both stdio and HTTP transports.
• Web Dashboard — An interactive web application at ko.io providing visual exploration of SEC data, including institution profiles, stock analysis, insider trading timelines, and congressional trade tracking.
• SQL Explorer — A tool within the developer console that allows direct SQL queries against the underlying dataset.

The data served through the platform is sourced from SEC EDGAR public filings and covers the following filing types and datasets:

• 13F Institutional Holdings — Quarterly position reports filed by institutional investment managers with over $100 million in qualifying assets under management.
• Form 4 Insider Trades — Transactions by corporate officers, directors, and 10%+ beneficial owners, including executive-level trade analysis and ranking.
• Congressional Trades — Stock transactions disclosed by members of the U.S. Congress under the STOCK Act, sourced from House and Senate financial disclosure reports.
• Company Financials — Annual (10-K) and quarterly (10-Q) financial statements extracted from SEC XBRL filings.
• Daily Stock Prices — Historical and current price data for publicly traded securities.
• Form 144 — Notices of proposed sale of restricted securities.
• SC 13D/13G — Beneficial ownership reports for shareholders acquiring more than 5% of a class of equity securities.
• 8-K Events — Material event disclosures including share buyback announcements and management changes.
• DEF 14A — Definitive proxy statements containing executive compensation data.
• N-PORT — Monthly portfolio holdings reports filed by registered investment companies (mutual funds and ETFs).

The platform currently maintains 23 analytical tables containing over 74.4 million records, processed and optimized for high-performance querying. The underlying infrastructure operates across dual geographic regions (Europe and Asia-Pacific) to provide low-latency access worldwide.

3. Account Registration

To access certain features of the Service, including the developer console, API key management, and subscription plans, you must create an account. You may register using Google Single Sign-On or an email and password combination.

When creating an account, you agree to provide accurate, current, and complete information. You are responsible for maintaining the accuracy of your account information and for updating it promptly if it changes. Each individual may maintain only one account. Creating multiple accounts to circumvent rate limits, abuse free-tier allocations, or evade enforcement actions is strictly prohibited and grounds for immediate termination.

You are solely responsible for safeguarding your account credentials, including your password and any API keys issued to your account. API keys follow the format ko_live_* and should be treated as sensitive secrets. You must not share your API keys in public repositories, client-side code, or any other location where they may be exposed to unauthorized parties. You are responsible for all activity that occurs under your account or through your API keys, whether or not you have authorized such activity.

You agree to notify us immediately at admin@ko.io if you become aware of any unauthorized use of your account or API keys, or any other breach of security. We will not be liable for any loss or damage arising from your failure to protect your account credentials.

4. Subscription Plans & Billing

The Service is offered under the following subscription tiers, each with defined API request allocations and feature access:

• Free — 100 API requests per day. Access to all public data endpoints. No credit card required.
• Developer ($29/month) — 10,000 API requests per day. Full API access including the SQL Explorer and SQL Explorer. Priority support via email.
• Enterprise ($99/month) — 100,000 API requests per day. Full API access with enhanced rate limits. Data redistribution rights for processed results. Dedicated support.
• Custom — For organizations requiring higher volumes, custom data feeds, or specific contractual terms. Contact admin@ko.io to discuss.

All paid subscriptions are billed on a monthly cycle through Stripe, our third-party payment processor. By subscribing to a paid plan, you authorize us to charge your designated payment method on a recurring basis at the beginning of each billing period. Subscriptions automatically renew at the end of each billing cycle unless cancelled before the renewal date.

Plan upgrades and downgrades take effect at the start of the next billing cycle. When upgrading, you will not be charged a prorated amount for the remainder of the current cycle; the new plan rate applies from the next renewal. When downgrading, you will retain access to your current plan's features until the end of the current billing period.

All sales are final. No refunds will be issued for subscription payments. Use the Free plan to evaluate data quality and API functionality before upgrading to a paid plan. If you have questions about plan features, contact admin@ko.io before subscribing.

We reserve the right to modify pricing with at least thirty (30) days' notice. Price changes will not affect the current billing cycle and will take effect at the next renewal. If you do not agree with a price change, you may cancel your subscription before the new price takes effect.

5. API Usage & Rate Limits

Access to the ko.io API is subject to rate limits that correspond to your subscription plan. Rate limits are enforced on a per-day basis and reset at midnight UTC. Requests exceeding your plan's daily allocation will receive an HTTP 429 (Too Many Requests) response. Current rate limit status is communicated via standard HTTP response headers.

The API also offers a demo mode, accessible by passing demo=true as a query parameter. Demo mode does not require an API key and is limited to 100 requests per day per IP address. Demo mode is intended for evaluation purposes only and must not be used in production applications.

You expressly agree not to:

• Circumvent, bypass, or attempt to defeat rate limits through any means, including but not limited to creating multiple accounts, rotating IP addresses, or exploiting demo mode to exceed your allocation.
• Resell, sublicense, or redistribute raw API data to third parties without explicit written authorization under an Enterprise or Custom plan.
• Engage in automated scraping, crawling, or bulk extraction of data from the ko.io website beyond what is provided through the documented API endpoints.
• Use the API, data, or any component of the Service to build, operate, or market a product or service that directly competes with ko.io.
• Share, publish, or embed your API keys in any publicly accessible location, including source code repositories, browser-side JavaScript, mobile application binaries, or public documentation.
• Make API requests at a frequency or volume designed to degrade, disrupt, or test the limits of the Service's infrastructure.

We reserve the right to throttle, suspend, or revoke API access for any account that violates these usage policies, with or without prior notice depending on the severity of the violation.

7. Intellectual Property

The ko.io platform, including but not limited to its API design, endpoint structure, query processing logic, data transformation pipelines, documentation, website design, user interface, brand identity, logos, and all associated software, is the intellectual property of ko.io and is protected by applicable copyright, trademark, and other intellectual property laws.

The underlying data served through the platform is derived from public filings submitted to the U.S. Securities and Exchange Commission and other government sources. Such raw government data is in the public domain and is not claimed as our intellectual property. However, our specific selection, arrangement, processing, enrichment, and presentation of that data constitutes a compilation and derivative work that is protected under applicable law.

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service and its API solely for your authorized purposes as defined by your subscription plan. This license does not include the right to sublicense, modify, adapt, reverse engineer, decompile, or create derivative works of the Service itself (as distinct from applications you build that consume the API).

You retain full ownership of any applications, tools, analyses, or other works you create using data obtained through the ko.io API. We claim no intellectual property rights over your applications or the outputs you produce, provided that your use complies with these Terms and the data redistribution provisions set forth in Section 9.

8. Acceptable Use Policy

You agree to use the Service only for lawful purposes and in compliance with all applicable local, national, and international laws and regulations. The following activities are expressly prohibited:

• Illegal activity. Using the Service in connection with any activity that violates applicable law, including but not limited to securities fraud, insider trading, market manipulation, money laundering, or any other financial crime.
• Securities law violations. Using data from the Service to facilitate front-running, wash trading, spoofing, layering, or any other form of market manipulation prohibited under the Securities Exchange Act of 1934, EU Market Abuse Regulation, or equivalent legislation in any jurisdiction.
• Unauthorized access. Attempting to access accounts, systems, or data that you are not authorized to access. Probing, scanning, or testing the vulnerability of the Service or any related infrastructure without written permission.
• Reverse engineering. Decompiling, disassembling, reverse engineering, or otherwise attempting to derive the source code, algorithms, or architecture of the Service, API, or any related software.
• Service disruption. Conducting denial-of-service attacks, distributed denial-of-service attacks, or any other action designed to impair, overload, or disrupt the Service or its underlying infrastructure.
• Malware distribution. Uploading, transmitting, or distributing viruses, worms, trojans, ransomware, or any other malicious code through or in connection with the Service.
• Impersonation. Misrepresenting your identity or affiliation, or impersonating any person or entity, including ko.io employees or representatives.
• Harassment. Using the Service to harass, threaten, stalk, or intimidate any individual, including other users of the Service.

Violations of this Acceptable Use Policy may result in immediate suspension or termination of your account, revocation of API keys, and, where appropriate, referral to law enforcement authorities.

9. Data Redistribution

Your right to redistribute data obtained through the ko.io API depends on your subscription plan:

• Free and Developer plans. Data is licensed for personal and internal business use only. You may display data within your own internal tools, dashboards, and research. You may not redistribute raw or minimally processed API responses to third parties, whether for commercial or non-commercial purposes, without prior written authorization.
• Enterprise plan. You may redistribute processed results, analyses, visualizations, and derivative works that incorporate ko.io data, provided that you do not redistribute raw API response data in its original or substantially similar format. The intent is to permit you to build and distribute products that add meaningful value beyond the raw data itself.
• Custom plan. Data redistribution terms are negotiable and will be defined in a separate written agreement.

Attribution. When displaying or publishing data obtained from ko.io in any public-facing context, you must provide reasonable attribution indicating that the data was sourced from ko.io. Acceptable forms of attribution include a visible text credit (“Data provided by ko.io”) or a link to ko.io. Attribution is not required for purely internal use.

10. Service Availability & SLA

We target 99.9% uptime for the ko.io API, measured on a monthly basis. The platform operates on a dual-region infrastructure with active servers in Europe and Asia-Pacific, with geographic load balancing that automatically routes requests to the nearest healthy origin. If one region becomes unavailable, traffic is automatically failed over to the remaining region.

Notwithstanding our uptime target, we do not guarantee uninterrupted, error-free, or continuously available service. The Service may be temporarily unavailable due to scheduled maintenance, infrastructure upgrades, data pipeline processing, third-party service outages (including SEC EDGAR, Cloudflare, or payment processors), or other factors beyond our reasonable control.

We will make reasonable efforts to provide advance notice of scheduled maintenance that is expected to cause service disruption. Such notice may be provided via the ko.io status page, email to registered users, or API response headers.

Force majeure. We shall not be liable for any failure or delay in performing our obligations under these Terms to the extent that such failure or delay is caused by circumstances beyond our reasonable control, including but not limited to: natural disasters, acts of government, war, terrorism, pandemics, power failures, internet outages, third-party service failures, or SEC EDGAR system unavailability.

11. Termination

You may terminate your account and stop using the Service at any time by cancelling your subscription through the account settings page or by contacting admin@ko.io. If you have a paid subscription, cancellation will take effect at the end of the current billing period, and you will retain access to your plan's features until that date.

We reserve the right to suspend or terminate your account and revoke your API keys, with or without notice, for any of the following reasons:

• Violation of these Terms, including the Acceptable Use Policy or API usage restrictions.
• Non-payment of subscription fees after reasonable attempts to collect payment.
• Abuse of the Service, including excessive load, circumvention of rate limits, or behavior that degrades the experience for other users.
• Requests from law enforcement or government agencies.
• Extended periods of inactivity (12 months or more with no API requests or logins).

Upon termination, whether initiated by you or by us: (a) your right to access the Service immediately ceases; (b) all API keys associated with your account are permanently revoked; (c) any cached or stored data in your console (favorites, query history) may be deleted. We are not obligated to retain any of your account data following termination.

If your account is terminated for cause (i.e., violation of these Terms), you are not entitled to a refund for any remaining prepaid subscription period. Sections of these Terms that by their nature should survive termination shall survive, including but not limited to: Data Disclaimer (Section 6), Intellectual Property (Section 7), Limitation of Liability (Section 12), Indemnification (Section 13), and Governing Law (Section 15).

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL KO.IO, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO: LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF BUSINESS OPPORTUNITY, OR INVESTMENT LOSSES, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE SERVICE, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF KO.IO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Without limiting the foregoing, ko.io shall have no liability whatsoever for:

• Investment losses or financial damages resulting from investment decisions made in reliance on data obtained through the Service.
• Inaccuracies, errors, or omissions in the data, including but not limited to incorrect ticker mappings, stale holdings data, or erroneous financial calculations.
• Service interruptions, downtime, or latency, whether planned or unplanned.
• Actions taken by third parties, including SEC EDGAR outages, payment processor failures, or network disruptions.
• Unauthorized access to your account resulting from your failure to safeguard your credentials or API keys.

TO THE EXTENT PERMITTED BY LAW, OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR YOUR USE OF THE SERVICE SHALL NOT EXCEED THE TOTAL AMOUNT YOU HAVE PAID TO KO.IO IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM. IF YOU HAVE NOT PAID ANY FEES DURING THAT PERIOD, OUR MAXIMUM LIABILITY SHALL BE ONE HUNDRED SWEDISH KRONOR (100 SEK).

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, our liability shall be limited to the maximum extent permitted by applicable law.

13. Indemnification

You agree to defend, indemnify, and hold harmless ko.io, its officers, directors, employees, contractors, and agents from and against any and all claims, demands, actions, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

• Your use of the Service, including any data retrieved through the API or displayed on the website.
• Your violation of these Terms, including any breach of the representations and warranties you have made herein.
• Any application, product, service, or content you develop, distribute, or operate using data obtained from ko.io.
• Your violation of any applicable law, regulation, or third-party right, including securities regulations and data protection laws.
• Any claim by a third party that your use of the Service or data obtained through it caused damage to that third party.

This indemnification obligation shall survive the termination of your account and these Terms. We reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of such claims.

14. Modifications to Terms

We reserve the right to modify these Terms at any time. For material changes — including changes to pricing, data redistribution rights, liability provisions, or governing law — we will provide at least thirty (30) days' advance notice via email to the address associated with your account. Non-material changes (such as typographical corrections or clarifications) may be made without advance notice.

The “Last updated” date at the top of this page will be revised to reflect the effective date of the most recent version. We encourage you to review these Terms periodically.

Your continued use of the Service after the effective date of any modification constitutes your acceptance of the revised Terms. If you do not agree with the changes, you must stop using the Service and cancel your subscription before the effective date. In such case, termination will be treated as a voluntary cancellation and any applicable refund policies will apply.

15. Governing Law & Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the the European Union, without regard to its conflict of laws principles.

In the event of any dispute, controversy, or claim arising out of or relating to these Terms or the Service, the parties agree to first attempt to resolve the matter through good-faith negotiation. Either party may initiate the negotiation process by sending written notice to the other party describing the nature of the dispute and the relief sought. The parties shall have thirty (30) days from receipt of such notice to reach a mutually acceptable resolution.

If the dispute cannot be resolved through negotiation within that period, either party may submit the matter to the exclusive jurisdiction of the courts of the European Union. You consent to the personal jurisdiction of such courts and waive any objection to venue in such courts.

Notwithstanding the foregoing, ko.io retains the right to seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of our intellectual property rights or confidential information.