Legal

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy describes how TheOddsAPI ("we," "us," or "our") collects, uses, and shares information when you use our developer API and visit theoddsapi.com (together, the "Service"). By using the Service, you agree to the practices described here.

1. Information We Collect

Information you provide

• Email address — when you sign up, contact us, or subscribe.
• Name — when you use the contact form or sign up for a paid tier.
• Payment information — collected and processed by Stripe. We do not store full card numbers; we receive a token and the last four digits, brand, and country from Stripe.
• Use case description — when you describe your project in a contact form, we keep the text to help us route the conversation.

Information collected automatically

• API request logs — endpoint, timestamp, response status, your API key identifier, IP address, and user agent. Used for rate limiting, abuse prevention, and operational debugging.
• Web analytics — aggregated visitor data via Google Analytics 4 on theoddsapi.com (page views, referrer, anonymized IP, device type). We do not use Analytics to identify individuals.
• Cookies — minimal use, primarily for analytics and to remember UI preferences. No advertising cookies, no cross-site tracking.

2. How We Use Information

• To provide and operate the Service, including authenticating API requests and enforcing rate limits
• To process payments and manage subscriptions
• To send you transactional emails (account creation, payment receipts, subscription changes, security alerts)
• To respond to support requests and inquiries
• To monitor and improve the Service, including diagnosing performance issues and detecting abuse
• To comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your information to train machine learning models. We do not share API request logs with third parties for marketing.

3. Third-Party Services

We use the following third-party services to operate the Service. Each handles your information under its own privacy policy:

• Stripe — payment processing. stripe.com/privacy
• Supabase — database and account storage. supabase.com/privacy
• Railway — application hosting. railway.com/legal/privacy
• Google Analytics 4 — aggregated web analytics. policies.google.com/privacy
• RapidAPI — when you access the Service via the RapidAPI marketplace, RapidAPI handles authentication and billing on its side under its own terms. rapidapi.com/privacy

4. Data Retention

• Account information (email, API key) is retained while your account is active and for up to 90 days after cancellation, then deleted unless required by law.
• Billing records are retained as required by tax and accounting law (typically 7 years).
• API request logs are retained for up to 90 days for operational and security purposes, then aggregated or deleted.
• Analytics data retention follows the configured Google Analytics 4 retention setting (currently 14 months).

5. Security

We use industry-standard practices to protect your information: TLS for all network traffic, hashed API keys at rest, restricted access to production systems, and minimal data collection. No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur. If we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

6. Your Rights

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, delete, or export it, and to object to or restrict certain processing. To exercise these rights, email us at hello@theoddsapi.com from the address associated with your account. We will respond within a reasonable time and in accordance with applicable law.

7. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us with information, contact us and we will delete it.

8. International Users

The Service is operated from the United States. If you access the Service from outside the US, your information may be transferred to, stored in, and processed in the US. By using the Service, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page and, where reasonable, notify you by email. Your continued use of the Service after the updated Policy takes effect constitutes acceptance of the changes.

10. Contact

Questions about this Privacy Policy can be sent to hello@theoddsapi.com.