Last updated June 4, 2026
Privacy
How betspread handles customer account data, API usage records, billing metadata, and support requests.
Data we collect
For account access we store email, name, password hash, OAuth account links, session metadata, organization name, and API key metadata. API key plaintext is never stored server-side; betspread stores the API key hash, prefix, and last four characters so keys can be verified and shown safely in the dashboard.
Usage, logs, and retention
REST and WebSocket usage is recorded in aggregated daily usage rows for billing and support. Request-level support logs are retained for 90 days by default and capped at 180 days; IP and user agent values in api_request_logs are stored as hashed IP and hashed user agent values, not raw browser identifiers. Odds data and raw market history are operational product data and do not contain customer account PII.
Processors
Stripe processes billing identity, invoices, subscriptions, and customer-portal access. Resend processes transactional email recipients, subjects, bodies, and tokenized action links for flows such as password reset or verification. Netcup hosts the production application and database infrastructure. Raw API keys, Stripe secrets, and long-lived secrets must not be sent to Resend, support tickets, or smoke evidence.
Deletion and export
You can request account deletion or Data export through the contact page. We confirm account ownership before acting. Deletion and export requests are handled within 30 days of the confirmed request; operational acknowledgement is targeted within 5 business days. Some records may remain for documented billing, security, fraud, or legal audit windows, and Stripe-side records follow Stripe's own retention policy.
Admin access
Customer data is scoped by authenticated session or API key organization. Internal administrative access is restricted to an explicit allowlist of authorized staff and is denied by default when no one is authorized. Operator actions that touch customer data go through audited application paths.
Questions about these terms? Contact betspread.