Nordpuls
Sign in

Privacy policy

Last updated: 2026-05-26

Nordpuls is a public web app at nordpuls.app operated by Olav Koefoed as a natural person. This policy describes what data Nordpuls processes when you visit the site, why it processes that data, who else sees it, and how to exercise the rights GDPR gives you.

What data we process

You can use the public parts of Nordpuls — Equity Overview pages, privacy, terms — completely anonymously. If you want to use the AI panel, you can optionally create an account (email-only, no password) and supply your own API key for an LLM provider (currently Anthropic). The data that flows during normal operation:

Cookies

Nordpuls sets no tracking cookies and loads no third-party tracking script. The only cookies that may appear in your browser are strictly necessary for the service you requested:

Both cookies fall under the ePrivacy Directive's exemption for "services explicitly requested by the user". For that reason no consent banner is shown.

Sub-processors

The following parties may process data on Nordpuls' behalf:

Financial-data providers (Finnhub, Financial Modeling Prep, OpenFIGI, SEC EDGAR, Twelve Data) are not GDPR sub-processors because no personal data of users is sent to them — only ticker symbols, which are identifiers of public companies.

LLM providers under BYOK(Anthropic in v1): when you use the AI panel, your prompt reaches the provider you chose, under your own API key. You are the provider's direct customer for that interaction — the data-controller relationship is between you and them, governed by their own policies. Nordpuls forwards the call but does not log the prompt body or the response stream on its side. The streaming response is rendered to your browser as tokens arrive and is then discarded.

Legal bases

Nordpuls does not rely on consent for any processing in v1.

Your rights

Under GDPR you have rights of access, rectification, erasure, restriction of processing, data portability, and objection.

Erasure. If you have an account, the fastest way to erase your data is the self-serve flow on /account — the "Delete account" card runs a triple confirmation and then atomically destroys your user row, every active session, and the encrypted copy of your AI provider key. You do not need to email anyone to exercise this right.

For everything else — or if you cannot sign in — email privacy@nordpuls.app. The default response time under GDPR is 30 days; an interim acknowledgement will arrive within five business days.

If you believe Nordpuls is mishandling your data, you have the right to lodge a complaint with the data-protection supervisory authority of your country of residence. In Norway, that is Datatilsynet.

Changes to this policy

This policy is updated when sub-processors change, when new categories of data are processed, or when applicable law changes. The "Last updated" date at the top of the page reflects the most recent change.

Contact

privacy@nordpuls.app