Privacy Policy

1. Introduction

Odds API ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API service at odds-api.io ("Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect information that you voluntarily provide to us when you register for an account or use our Service:

• Account Information: Email address, name, and password
• Billing Information: Payment details processed through Stripe (see Section 4.1)
• Communication Data: Information you provide when contacting our support team
• API Keys: Unique identifiers generated for your account

2.2 Automatically Collected Information

When you access our Service, we automatically collect certain information:

• Usage Data: API request logs, endpoint accessed, request timestamps, response status codes
• Technical Data: IP address, browser type, operating system, device information
• Analytics Data: Page views, traffic sources, user journeys (via Plausible Analytics - see Section 4.2)

2.3 Cookies and Tracking Technologies

We use minimal cookies and similar tracking technologies to maintain your session and analyze website traffic. We prioritize privacy-friendly analytics (see Section 4.2 about Plausible).

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve the API service
• Account Management: To create and manage your account, process subscriptions
• Billing and Payments: To process transactions and send billing-related communications
• Customer Support: To respond to your inquiries and provide technical assistance
• Security: To monitor for fraudulent activity, abuse, and unauthorized access
• Service Improvement: To analyze usage patterns and optimize performance
• Compliance: To comply with legal obligations and enforce our Terms of Service
• Communications: To send service announcements, updates, and security alerts

4. Third-Party Services

We use select third-party services to operate our business. These services have access to limited personal information only as necessary to perform their functions:

4.1 Stripe (Payment Processing)

Purpose: Payment processing and subscription management

Data Shared: Billing information, email address, transaction details

Data Processing: Stripe processes and stores payment card information securely. We do not store full credit card numbers on our servers.

Privacy Policy: https://stripe.com/privacy

Security: Stripe is PCI-DSS Level 1 compliant, the highest level of certification in the payments industry.

4.2 Plausible Analytics

Purpose: Privacy-friendly website analytics

Data Shared: Anonymized page views, traffic sources, device types

Privacy Features: Plausible does not use cookies, does not collect personal data, and does not track users across websites.

Data Location: All analytics data is processed within the EU

Privacy Policy: https://plausible.io/privacy

GDPR Compliance: Plausible is fully GDPR compliant and does not require cookie consent banners.

4.3 Vercel Analytics

Purpose: Performance monitoring and web vitals tracking

Data Shared: Page load times, performance metrics

Privacy Policy: https://vercel.com/legal/privacy-policy

4.4 Featurebase (Customer Support Messenger)

Purpose: Customer support messenger widget with live chat, help articles, feedback, and changelog

Data Shared: Chat messages, email address (if provided), user ID (if provided)

Privacy Policy: https://featurebase.app/privacy

4.5 Hosting and Infrastructure

Our Service is hosted on secure cloud infrastructure. Server logs may contain IP addresses and request data for security and performance monitoring purposes.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for up to 90 days after account closure
• Billing Records: Retained for 7 years to comply with tax and accounting requirements
• API Usage Logs: Retained for 90 days for debugging and security purposes
• Support Communications: Retained for 2 years for quality assurance

After the retention period, data is securely deleted or anonymized.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Strict access controls limit who can view personal information
• API Security: API keys are hashed and can be regenerated at any time
• Infrastructure Security: Regular security audits and monitoring for vulnerabilities
• Incident Response: Procedures in place to respond to data breaches

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: With third-party vendors who assist in operating our Service (as detailed in Section 4)
• Legal Requirements: When required by law, subpoena, or other legal process
• Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• With Your Consent: When you explicitly authorize us to share specific information

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing of your personal information
• Restriction: Request restriction of processing in certain circumstances

8.2 GDPR Rights (EU/EEA Users)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority.

8.3 CCPA Rights (California Users)

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to opt-out of the sale of personal information (note: we do not sell personal information).

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at hello@odds-api.io. We will respond to your request within 30 days. You may be required to verify your identity before we process your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure that such transfers are conducted in compliance with applicable data protection laws and that appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

11. Do Not Track Signals

We do not track users across third-party websites. Our analytics provider (Plausible) respects user privacy and does not engage in cross-site tracking. We do not respond to Do Not Track (DNT) browser signals as our tracking is already minimal and privacy-focused.

12. Email Communications

We may send you emails related to:

• Service announcements and updates (essential communications)
• Billing and payment confirmations
• Security alerts and account notifications
• Feature updates and product news (you may opt-out)

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link at the bottom of the email. You cannot opt-out of essential service communications related to your account.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification for significant changes

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Privacy Inquiries: hello@odds-api.io
General Contact: hello@odds-api.io
Website: https://odds-api.io

Data Protection Officer: For GDPR-related inquiries, you may contact our Data Protection Officer at hello@odds-api.io

16. Legal Basis for Processing (GDPR)

If you are located in the EU/EEA, we process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: For fraud prevention, security, and service improvement
• Legal Obligation: To comply with applicable laws and regulations
• Consent: Where you have provided explicit consent (which you may withdraw at any time)