Skip to content
RateStack
Legal · Acceptable use

Acceptable use policy

Our hard rules. Most of these are what you'd expect; the platform is built for residential mortgage capital-markets work and we want it to stay useful for that.

Last updated:

Encouraged

  • Loan-level pricing, eligibility, and lock management for legitimate residential mortgage business.
  • Importing your own ratesheets, your own loans, your own scenarios.
  • Building integrations that respect documented rate limits and idempotency contracts.
  • Sharing rule traces with your borrowers, your compliance team, and your auditors.
  • Reporting bugs, security issues, and suggestions to support@ratestack.com or security@ratestack.com.

Prohibited — security & integrity

  • Probing or attacking the platform's authentication, authorization, rate limit, or audit-chain mechanisms outside an explicit, written security-research agreement.
  • Using the platform to launch attacks against third parties, including via the webhook target field, the scrape allowlist, or the email-in path.
  • Using stolen or fraudulently obtained credentials.
  • Distributing malware via uploads, webhook responses, or any input field.
  • Attempting to circumvent SSRF defense, allowlist restrictions, or rate limits.

Prohibited — content & legality

  • Submitting data you do not have the right to submit.
  • Using the platform to violate fair-lending laws (ECOA, Fair Housing Act, state analogs). The rule engine considers only the inputs you provide; if you provide rules that discriminate on a protected basis, you bear that liability and we may suspend.
  • Submitting borrower data without a lawful basis.
  • Misrepresenting investor pricing or pricing decisions to consumers.
  • Using the platform to facilitate any activity that is illegal in the jurisdiction where you operate.

Prohibited — fair use

  • Resale of the service or significant portions of it without our written consent.
  • Scraping the marketing site, blog, glossary, or docs at a rate that materially affects availability.
  • Use of the API in ways that materially exceed the rate-limit budget intentionally.
  • Sharing API keys across distinct organizations or external parties.
  • Creating multiple Sandbox accounts to circumvent quota limits.

Prohibited — content classes (regardless of context)

  • Child sexual abuse material — reported immediately to NCMEC and law enforcement.
  • Content that incites imminent violence.
  • Trafficking in persons.
  • Distribution of non-consensual intimate imagery.

Enforcement

Suspected violations are investigated by our trust & safety function. We may, at our discretion: (i) request more information; (ii) require remediation; (iii) suspend the offending account, key, or webhook subscription; (iv) terminate the agreement. Severe violations (security, legality, restricted content classes) may be acted on immediately, without notice.

We will notify Customer of any suspension via the standard contact channels. Where a suspension affects production traffic, we will offer a remediation window proportionate to the severity.

Reports: security@ratestack.com for security and abuse; legal@ratestack.com for legal inquiries.

Acceptable use policy | RateStack