Legal

1.1 Introduction

These Terms of Service ("Terms") govern your use of Dandex ("Service"), operated by Cortina Capital ApS, CVR 42666777, Tallinngade 4, 2150 Nordhavn, Denmark ("we", "us", "our"). By accessing or using the Service, you agree to be bound by these Terms. If you disagree with any part of these Terms, you may not use the Service.

1.2 Service Description

Dandex provides access to Danish Business Registry (CVR) data through the Model Context Protocol (MCP). The Service enables AI assistants and applications to search companies, find people, and analyze financial data from the Danish Central Business Register maintained by Erhvervsstyrelsen (Danish Business Authority).

1.3 Account and Access

• Access is provided via API tokens obtained through email signup or user account registration
• Tokens are personal and non-transferable
• You are responsible for maintaining the security of your tokens
• You must notify us immediately of any unauthorized use
• We reserve the right to revoke tokens for violations of these Terms

1.4 Acceptable Use

You may use the Service for:

• Research and analysis purposes
• Integration with AI assistants and applications
• Business intelligence and due diligence

You may NOT use the Service for:

• Automated mass scraping or data harvesting beyond API rate limits
• Reselling or redistributing raw CVR data
• Direct marketing without appropriate legal basis under GDPR
• Harassment, stalking, or any illegal purpose
• Building discriminatory profiles or blacklists
• Circumventing rate limits or access controls
• Any activity that violates applicable law

1.5 Data Accuracy Disclaimer

Important: CVR data is sourced from Erhvervsstyrelsen and other official Danish registers. While we strive to provide accurate data, we do not guarantee the accuracy, completeness, timeliness, or reliability of any information provided through the Service. Data may be outdated or contain errors. You should independently verify any critical information from official sources. We are not liable for any decisions made based on data obtained through the Service.

1.6 Intellectual Property

The Dandex name, logo, website design, and software are the property of Cortina Capital ApS. CVR data originates from public Danish registers and is subject to applicable Danish and EU law regarding public data reuse. You may use retrieved data in accordance with applicable law and these Terms.

1.7 Payment Terms

• Free tier: 50 requests/hour, 100 requests/day, 1,000 requests/month
• Pro tier: Higher limits, billed monthly via Polar.sh
• All prices are exclusive of VAT unless otherwise stated
• Subscriptions renew automatically unless cancelled
• You may cancel at any time; no refunds for partial billing periods
• We reserve the right to modify pricing with 30 days notice

1.8 Limitation of Liability

THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES. OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT PAID BY YOU IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

1.9 Termination

Either party may terminate this agreement at any time. We may suspend or terminate your access immediately for violations of these Terms. Upon termination, your tokens will be revoked and access will cease.

1.10 Governing Law

These Terms are governed by Danish law. Any disputes shall be resolved by the courts of Copenhagen, Denmark. Nothing in these Terms affects your statutory rights as a consumer under EU law.

2.1 Data Controller

Cortina Capital ApS
CVR: 42666777
Tallinngade 4
2150 Nordhavn, Denmark
Email: jonathan@feilberg.dk

2.2 Personal Data We Collect

We do NOT collect: Payment card details (handled by Polar.sh), sensitive personal data (health, religion, political opinions, etc.).

2.3 How We Use Your Data

• Provide and maintain the Service
• Send service-related communications
• Respond to support requests
• Monitor usage and enforce rate limits
• Improve the Service
• Comply with legal obligations

2.4 Data Sharing

• We do not sell your personal data
• We share data with sub-processors listed in Section 4
• We may disclose data if required by law or court order

2.5 Your Rights Under GDPR

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interest
• Restriction: Request limited processing
• Withdraw consent: Where processing is based on consent

To exercise your rights, contact us at jonathan@feilberg.dk. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

2.6 Data Security

• API tokens are stored as SHA-256 hashes (not plaintext)
• All communications use HTTPS encryption
• Access controls and authentication protect our systems
• Regular security reviews and updates

2.7 International Transfers

Your data may be processed in the EU/EEA and the United States. Transfers to the US are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and sub-processor compliance certifications.

2.8 Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children.

3.1 About CVR Data

CVR (Det Centrale Virksomhedsregister) is the Danish Central Business Register maintained by Erhvervsstyrelsen. It contains information about all registered businesses in Denmark, including:

• Company names, addresses, and registration numbers
• Industry classifications and legal forms
• Personal data: Names and sometimes addresses of directors, owners, and authorized signatories
• Financial reports and annual accounts

3.2 Our Role

Dandex provides access to public CVR data. We are not the data controller for the personal data contained in CVR records. Erhvervsstyrelsen is the authoritative source and controller of CVR data.

3.3 User Responsibilities

When you retrieve CVR data containing personal information, you become a data controller for that data under GDPR. You must:

• Have a valid legal basis for processing (GDPR Article 6)
• Process data fairly and transparently
• Respect data subject rights
• Implement appropriate security measures
• Comply with data minimization principles
• Not use data for prohibited purposes

3.4 Prohibited Uses of CVR Personal Data

• Direct marketing without consent or legitimate interest
• Building profiles for discriminatory purposes
• Creating blacklists or surveillance databases
• Harassment, stalking, or intimidation
• Any illegal purpose

3.5 Data Subject Rights for CVR Data

Individuals whose data appears in CVR records should contact Erhvervsstyrelsen directly regarding access, rectification, or erasure of their data in the official register. We cannot modify or delete CVR source data. In exceptional circumstances, we may restrict access to specific records upon valid legal request.

5.1 Essential Cookies

We use strictly necessary cookies for session management and authentication. These cookies are essential for the Service to function and do not require consent.

5.2 Analytics

We currently do not use third-party analytics cookies. If we implement analytics in the future, we will update this policy and request your consent where required.

5.3 Third-Party Cookies

Our payment processor (Polar.sh) may set cookies when you access payment pages. These are subject to Polar.sh's privacy policy.