Acceptable Use Policy

ParlayAPI, Inc.

Effective Date: May 7, 2026

Last Updated: May 7, 2026

1. Purpose and Scope

This Acceptable Use Policy ("AUP") governs all use of the ParlayAPI service, including the API endpoints served from parlay-api.com, our documentation, dashboards, customer keys, and any associated SDKs or sample code (collectively, the "Service"). By generating an API key, integrating the Service, or otherwise accessing parlay-api.com, you ("Customer," "you") agree to comply with this AUP. This AUP supplements, and does not replace, our Terms of Service and Privacy Policy.

ParlayAPI distributes real-time sports betting odds, line movement, and play-by-play data aggregated from licensed US sportsbooks. The data we serve is operationally sensitive, contractually constrained, and time-decaying. Misuse imposes direct costs on us, on our upstream sources, and on other customers who depend on stable rate-limit budgets. The rules below exist for that reason.

2. Prohibited Content and Geographies

You may not use the Service, or allow any downstream user of your application to use the Service, to:

• Provide gambling-related assistance, recommendations, picks, or wagering tools to any person you know or should reasonably know to be under the age of 21 (or under the local minimum gambling age, whichever is higher).
• Facilitate, enable, or promote unlicensed sportsbook activity, illegal bookmaking, or wagering in any US state or foreign jurisdiction where sports betting is not legally permitted, including but not limited to states with active prohibitions on online sports wagering.
• Distribute the Service or its outputs into jurisdictions subject to US sanctions (including OFAC-restricted countries) or to any individual or entity on the Specially Designated Nationals list.
• Promote match-fixing, insider information trading, or any conduct that would violate sports integrity rules of the leagues whose data passes through the Service.
• Knowingly serve users who have been self-excluded from gambling activity in a state with a registered self-exclusion program, where such information is reasonably available to your application.

You are responsible for performing geo-verification, age-verification, and self-exclusion checks at your application layer. The Service is not a compliance service.

3. Prohibited Technical Actions

You may not, and may not permit any third party to:

• Circumvent, disable, or attempt to evade any rate limit, quota, throttling rule, IP allowlist, or fingerprinting control we apply to your account or to the Service generally. Rotating through multiple keys, residential proxies, distributed runners, or shell accounts to exceed your contracted quota is a material breach.
• Share, lease, transfer, sub-license, or resell your API key. Each key is bound to a single legal entity and a single application. If you operate multiple products, each requires its own key under your account.
• Reverse-engineer, probe, or systematically map our rate-limit logic, authentication flow, internal endpoint structure, or upstream source identity for the purpose of bypassing controls, replicating our infrastructure, or building a competing aggregator.
• Conduct automated extraction, harvesting, or wholesale copying of our data sources, including but not limited to parlay-api.com/docs, internal admin surfaces, our blog content, our cached data files, or any non-API surface we operate. The Service is the only authorized means of bulk data access, and only within your contracted quota.
• Obscure or misrepresent your identity, including by spoofing User-Agent headers to imitate browsers, stripping required client identification headers we mandate in documentation, hiding your originating IP behind an anonymizing network for the purpose of evading enforcement, or registering accounts under false business identities.
• Probe for security vulnerabilities outside the scope of our published security disclosure program, attempt unauthorized access to other customers' data, or deliberately submit malformed requests intended to cause service degradation.
• Cache or persist responses in violation of the cache-control directives we serve, particularly for time-sensitive in-play markets where stale data poses harm to downstream users.

4. Prohibited Business Uses

The following business uses are prohibited under all tiers below the Enterprise tier, and in some cases under all tiers:

• Re-distributing our exact data feed (whether labeled as ours, white-labeled, or relabeled) to your own customers as a competing API product, data syndication service, or bulk dataset. Customer applications that consume our data internally and present derived insights to end users are permitted; rebroadcasting the raw feed is not.
• Selling, licensing, or providing access to historical archives derived from our Service to third parties without a separate written redistribution agreement.
• Using the Service as a primary upstream for any product that you market as a "real-time odds API" or "sports data API" without disclosing the dependency and obtaining an Enterprise license.
• Combining our outputs with another aggregator's outputs and offering the union as a single feed without our written consent.

5. Per-Tier Rules

Tier-specific obligations apply in addition to the rules above:

Free Tier (10,000 requests / calendar month): Personal, evaluation, and non-commercial research use only. You may not deploy a Free-tier key into a revenue-generating product, monetized website, paid mobile application, or any service where the API output is gated behind payment, advertising, or subscription. Educational and academic use is permitted.

Starter Tier and Pro Tier: Commercial use is permitted within the contracted request budget. Single legal entity, single production application per key. Burst above the documented per-second cap is permitted only within the published burst window.

Enterprise Tier: Multi-application use, white-label rights, and redistribution rights are available only as expressly granted in your signed Enterprise order form. Absent that signed grant, all redistribution restrictions in Section 4 continue to apply.

6. Enforcement and Penalties

We escalate enforcement proportionate to the violation. Typical sequence:

1. Warning. First-instance, low-severity violations result in a written warning to the account email on file, with a remediation deadline (typically 7 days for technical violations, 14 days for business-use violations).
2. Key Revocation. Continued violation, or any first-instance high-severity violation (e.g., key sharing, rate-limit evasion, redistribution), results in immediate revocation of the offending API key. A replacement key may be issued at our discretion after remediation.
3. Account Termination. Repeat violation, refusal to remediate, or any first-instance critical violation (e.g., serving minors, sanctioned-geography distribution, data exfiltration) results in termination of all keys and the customer account. Pre-paid amounts are non-refundable in termination-for-cause scenarios.
4. IP and ASN Blocking. Where account termination is followed by attempts to re-register or to access the Service from related infrastructure, we will block the originating IP ranges and ASNs at our edge.
5. Civil Action. For violations involving willful infringement, contractual breach causing measurable damages, or interference with our upstream agreements, we reserve all rights to pursue civil remedies including injunctive relief, damages, and attorneys' fees.

We may also suspend Service immediately, without prior notice, where continued operation poses an active risk to the Service, to other customers, or to our upstream relationships.

7. Reporting Violations

Suspected violations of this AUP, security vulnerabilities, or abusive use of the Service should be reported to security@parlay-api.com. Reports may be submitted anonymously. We treat all good-faith reports confidentially and do not retaliate against reporters who follow our published disclosure process.

For urgent matters involving active abuse, include "URGENT" in the subject line. Routine policy questions should be sent to support@parlay-api.com.