ApiToll

Legal.

Short, plain-language terms. We keep this honest and current. Material changes will be dated and announced.

Terms of service

By making a paid request against an ApiToll endpoint, you agree that:

  • You're paying for a single response to a single request. Payments are final once the on-chain settlement confirms.
  • Responses are provided as-is. We warrant our uptime and the freshness of our data as stated on each product page, and nothing more.
  • You won't use ApiToll endpoints to break the law, harm third parties, or as a component of a system that does.
  • You accept the acceptable-use rules below.

Acceptable use

You may not:

  • Send personally identifying information (PII), full card numbers, health data, or other regulated data types through our endpoints unless a product page explicitly invites it. Most of our endpoints are deliberately out of scope for PCI, HIPAA, and similar regimes. Don't drag them in.
  • Attempt to bypass rate limits, payment validation, or the PCI digit-limit checks.
  • Redistribute bulk copies of responses in ways that would constitute a substitute for the API itself. This is about the product economy; individual caching for your own application is fine.
  • Use our service to target or profile individuals in ways that violate local law where those individuals live.

Refunds and disputes

If we return a 200 with data that turns out to be corrupt, incomplete beyond what the product page promises, or otherwise broken by us, email [email protected] with the request tx hash. We credit or refund in USDC to the originating wallet within two business days.

If a payment settles but the network fails before the response reaches you, same process. Email us with the tx hash.

Refunds for "I didn't mean to pay that" are not available. That is the entire point of consent per call. Your client authorized, the network confirmed, the money moved.

Partner data

When a partner's data is surfaced through ApiToll, that partner retains ownership. ApiToll acts as the billing and distribution gateway. If you have a dispute specifically about data accuracy or licensing from a partner-provided endpoint, we will connect you with them.

Privacy

What we collect:

  • On-chain: the public wallet address that paid, the amount, the resource path. This is public regardless of us.
  • In our logs: request path, timestamp, HTTP status, payer wallet, settlement tx hash, IP (for rate-limiting), truncated to /24 after 7 days. No cookies. No referrer tracking. No analytics pixels.
  • In transactions.log: same structured data as above, appended per paid call, for reconciliation and variance auditing.

What we do not collect: any HTTP request body beyond the URL parameters required for the endpoint, any identifying information about the human or agent operator, any third-party trackers.

We do not sell any of this. We don't even have a way to.

Data sources

Our BIN Lookup product redistributes data from iannuttall/binlist-data under CC-BY-4.0. Attribution is provided in every response's meta.source field.

Changes

We keep the last date-of-change on this page. Big changes go to [email protected] announcements; subscribe by emailing us.

Last updated 2026-04-15.

Contact

[email protected]