Last updated June 4, 2026

DPA

Customer-readable processing notes for using betspread API accounts, logs, billing, and support workflows.

Processing scope

betspread processes business contact details, authenticated account identifiers, organization metadata, API key hash metadata, support communication, billing state, entitlement state, aggregated usage counters, and bounded request logs needed to operate the REST, Live, and History products.

Sub-processors

Active launch sub-processors are Stripe for billing and customer portal flows, Resend for transactional email delivery, and Netcup for production hosting and database infrastructure. Any additional production sub-processor is reflected on this DPA page before it begins processing customer data.

Security controls

API keys are scoped and revocable, raw key values are shown once and not persisted, request IP and user agent values are hashed in support logs, and customer data is scoped by authenticated session or API key organization. Internal administrative access is restricted to an explicit allowlist of authorized staff and is fail-closed when no one is authorized.

Customer rights

Deletion and export requests are submitted through the contact page and handled after account-owner confirmation. The current operator-assisted turnaround target is 30 days for confirmed deletion or export requests. Billing records, security records, and processor-side records may remain for the documented legal or audit retention window.

Questions about these terms? Contact betspread.