QuikForms Legal

Policies, agreements, and legal information for QuikForms.

Acceptable Use Policy

Effective Date: February 11, 2026 | Last Updated: February 11, 2026

This Acceptable Use Policy ("AUP" or "Policy") governs the use of all products, services, software, and related offerings (collectively, the "Service") provided by QuikForms, LLC ("QuikForms," "we," "us," or "our"). This Policy applies to all individuals and entities ("Customer," "you," or "your") that install, configure, access, or otherwise use the QuikForms managed package, as well as to any end-users who interact with forms created using the Service.

This AUP is incorporated into and forms part of the QuikForms Terms of Service. Capitalized terms not defined in this AUP have the meanings ascribed to them in the Terms of Service.

By installing, configuring, or using the Service, you acknowledge that you have read, understood, and agree to be bound by this AUP. If you are accepting this AUP on behalf of an organization, you represent and warrant that you have the authority to bind that organization to the terms herein.

1. Purpose and Scope

1.1 Purpose

The purpose of this AUP is to promote the safe, lawful, and responsible use of the QuikForms Service, to protect QuikForms, its Customers, end-users, and the broader Salesforce ecosystem from harmful, abusive, or unlawful activities, and to establish clear standards of acceptable conduct.

1.2 Scope

This AUP applies to:

  • All Customers who install or use the QuikForms managed package on any Salesforce org, regardless of edition, tier, or licensing arrangement;
  • All forms, surveys, chat integrations, and other public-facing interfaces created, configured, or deployed using the Service;
  • All content published through the Service, including form fields, custom HTML injections, uploaded files, plugin code, and any other material transmitted through or displayed by the Service;
  • All uses of the QuikForms Plugin Framework;
  • All interactions between end-users and forms created using the Service; and
  • All associated documentation, APIs, REST endpoints, static resources, custom metadata configurations, and ancillary tools provided as part of the Service.

1.3 Customer Responsibility

As the Customer, you are solely responsible for all uses of the Service under your Salesforce org and account, including uses by your administrators, authorized users, and any third parties to whom you grant access. You are further responsible for all content displayed to end-users through forms you create and for the data collected from end-users through those forms.

2. General Conduct Requirements

2.1 Lawful Use

You shall use the Service only for lawful purposes and in compliance with all applicable local, state, national, and international laws, regulations, and ordinances, including but not limited to laws governing data protection and privacy, consumer protection, anti-spam, intellectual property, export controls, and anti-discrimination.

2.2 Good Faith

You shall use the Service in good faith and in a manner consistent with its intended purpose as a no-code form builder for the Salesforce platform. You shall not use the Service in any manner that is deceptive, fraudulent, or misleading, or that could damage, disable, overburden, or impair the Service or any Salesforce org.

2.3 Accuracy

You shall not use the Service to collect, transmit, or publish information that you know or reasonably should know to be false, inaccurate, or misleading in a manner intended to deceive end-users or third parties.

2.4 Cooperation

You agree to cooperate promptly and fully with QuikForms in connection with any investigation of suspected violations of this AUP.

3. Prohibited Uses

The following uses of the Service are strictly prohibited. This list is illustrative and not exhaustive; QuikForms reserves the right to determine, in its reasonable discretion, whether any particular use violates this AUP.

3.1 Fraud, Phishing, and Impersonation

  • Creating forms that impersonate, mimic, or misrepresent affiliation with any person, business, organization, or government entity;
  • Using forms to conduct phishing attacks, including fraudulently collecting credentials, passwords, financial information, or other sensitive data under false pretenses;
  • Using the Service's styling and custom HTML capabilities to replicate another entity's legitimate forms or websites for deceptive purposes;
  • Misrepresenting the identity of the form operator, the purpose of the form, or how submitted data will be used; and
  • Using forms to facilitate identity theft, financial fraud, social engineering attacks, or any other fraudulent scheme.

3.2 Spam and Unsolicited Communications

  • Using the Service to generate, facilitate, or transmit unsolicited bulk communications in violation of applicable anti-spam laws (including CAN-SPAM, TCPA, and the EU ePrivacy Directive);
  • Configuring forms primarily for harvesting email addresses or contact information for unsolicited communications;
  • Submitting automated, scripted, or bulk form submissions; and
  • Using the Service to operate or support any spam operation.

3.3 Malicious Software and Harmful Content

  • Distributing, hosting, or transmitting malware, viruses, trojans, ransomware, spyware, or other malicious software;
  • Using file upload functionality to upload files containing malicious code or harmful content;
  • Injecting malicious JavaScript, HTML, or other code through custom HTML fields for the purpose of attacking or exploiting end-users;
  • Redirecting end-users to malicious websites or drive-by download sites; and
  • Exploiting the Service to launch or facilitate denial-of-service attacks.

3.4 Illegal Data Collection

  • Collecting personal information from children under 13 without verifiable parental consent as required by COPPA and equivalent international laws;
  • Collecting payment card data without PCI DSS compliance (the Service is not designed or certified for payment card data processing);
  • Collecting protected health information (PHI) without full HIPAA compliance;
  • Collecting biometric or genetic data without all required consents and safeguards; and
  • Collecting data in a manner that violates any applicable privacy law (GDPR, CCPA/CPRA, VCDPA, CPA, etc.).

3.5 Harassment, Threats, and Harmful Activities

  • Using the Service to harass, bully, threaten, stalk, intimidate, or abuse any person;
  • Creating forms that solicit or facilitate violence, terrorism, self-harm, or harm to others;
  • Collecting or disseminating hate speech or content that incites discrimination based on protected characteristics;
  • Facilitating illegal activities including drug trafficking, weapons trafficking, human trafficking, money laundering, or sale of counterfeit goods; and
  • Displaying, distributing, or collecting child sexual abuse material (CSAM) or content that exploits minors.

3.6 Intellectual Property Infringement

  • Using the Service to infringe, misappropriate, or violate any third party's intellectual property rights;
  • Using forms to distribute pirated software or copyrighted materials without authorization; and
  • Using logos, trademarks, or branding within forms without the express permission of the intellectual property owner.

4. Form Content and Design Standards

4.1 Transparency

All forms must clearly identify the entity operating the form and the purpose for which data is being collected.

4.2 Accurate Representation

Forms must accurately represent their purpose. Form titles, subtitles, field labels, and confirmation messages must not be misleading or deceptive.

4.3 Privacy Disclosures

If your form collects personal information, you must provide a clear, accessible privacy notice or link to your privacy policy.

4.4 Consent Mechanisms

Where required by applicable law, forms must include appropriate consent mechanisms before collecting personal data. Pre-checked consent checkboxes are prohibited where such pre-checking would violate applicable law.

4.5 Multi-Language Compliance

If you deploy forms in multiple languages, all legally required disclosures and consent mechanisms must be provided in each language in which the form is made available.

4.6 Survey Forms

Survey forms must comply with all applicable laws regarding survey administration. Survey links distributed via email must comply with applicable anti-spam laws.

5. Security Controls and Anti-Abuse Mechanisms

5.1 CAPTCHA and Bot Protection

The Service provides Cloudflare Turnstile CAPTCHA integration to prevent automated abuse:

  • Customers must not disable CAPTCHA on publicly accessible forms without implementing equivalent alternative anti-abuse measures;
  • Customers must not expose Cloudflare Turnstile secret keys or Named Credential configurations publicly; and
  • Customers must not use any technique to bypass or circumvent the CAPTCHA verification system.

5.2 Honeypot Protection

Customers must not knowingly instruct end-users or third parties on how to circumvent honeypot-based spam detection, and must not publish technical details of the honeypot implementation that would facilitate circumvention.

5.3 Rate Limiting

The Service implements configurable rate limiting to prevent abuse:

  • Customers must not attempt to circumvent rate limiting controls;
  • Customers must configure rate limits at levels reasonably calculated to prevent abuse; and
  • Customers must not exploit rate limiting configurations to deny service to legitimate end-users.

5.4 Origin and Referrer Verification

Customers are strongly encouraged to configure valid referrers for all production forms. Failure to configure origin verification does not constitute a defense to any resulting abuse.

5.5 Prohibition on Security Circumvention

You must not probe, scan, or test the vulnerability of the Service; breach security or authentication measures; access non-public areas of the Service; reverse engineer security mechanisms; or publish exploits or bypass methods for the Service's security controls.

6. Custom HTML and Code Injection

6.1 Overview

The Service permits Customers to inject custom HTML content into forms through three injection points: the <head> section, the header area, and the footer area, as well as through Custom HTML field types.

6.2 Permitted Uses

Custom HTML injection may be used for legitimate purposes, including:

  • Adding analytics tracking scripts;
  • Injecting custom CSS styles for branding;
  • Adding meta tags for SEO;
  • Embedding informational content, disclaimers, and legal notices;
  • Adding custom fonts; and
  • Embedding legitimate third-party widgets.

6.3 Prohibited Uses

The following uses of custom HTML injection are strictly prohibited:

  • Injecting malicious code designed to steal or exfiltrate end-user data;
  • Injecting XSS payloads, clickjacking frames, or browser exploit code;
  • Injecting code that interferes with the Service's security controls;
  • Injecting cryptocurrency miners or resource-consuming code without consent;
  • Injecting code that redirects users to malicious websites;
  • Injecting code that collects data beyond what is disclosed in the privacy notice; and
  • Injecting code that interferes with the proper functioning of the form, Salesforce platform, or end-user's device.

6.4 Customer Responsibility

You are solely responsible for all custom HTML content injected into your forms. QuikForms does not review, approve, or guarantee the safety of custom HTML content.

7. File Upload Responsibilities

The Service supports file attachments with a maximum file size of 9MB and permitted formats including jpg, png, gif, pdf, doc, and txt. Customers who enable file uploads are responsible for:

  • Implementing content moderation processes for uploaded files;
  • Ensuring adequate antivirus and malware scanning;
  • Communicating permitted file types and limitations to end-users;
  • Complying with data retention and disposal requirements; and
  • Promptly removing uploaded files identified as containing malicious or illegal content.

8. Plugin Framework Usage

8.1 Permitted Plugin Uses

Plugins may be used for legitimate purposes including custom field types, authorized external integrations, custom validation logic, business logic execution, and Flow-based integrations.

8.2 Prohibited Plugin Activities

  • Developing plugins that exfiltrate or misappropriate end-user data;
  • Developing plugins containing malware, backdoors, or logic bombs;
  • Developing plugins that bypass or disable the Service's security controls;
  • Using the plugin callout mechanism to attack third-party systems;
  • Developing plugins that consume excessive Salesforce governor limits;
  • Distributing plugins that violate this AUP or applicable law; and
  • Using the Plugin Framework to create competing functionality.

8.3 Plugin Security Requirements

Customers developing plugins must:

  • Use Named Credentials for all external API callouts;
  • Implement proper XSS prevention by escaping all user input;
  • Validate all input on both client and server side;
  • Follow security best practices documented in the QuikForms Plugin Developer Guide; and
  • Regularly review and update plugin code to address security vulnerabilities.

8.4 Plugin Liability

You are solely responsible for all plugins you develop, deploy, or install. QuikForms is not responsible for the functionality, security, performance, or legal compliance of third-party or Customer-developed plugins.

9. Data Collection and Privacy Compliance

9.1 Customer as Data Controller

When you use the Service to collect personal data from end-users, you are the data controller. QuikForms acts as a data processor to the extent it processes personal data on your behalf. You are responsible for determining the purposes and means of processing, providing legally required notices, and obtaining all required consents.

9.2 Privacy Law Compliance

You must comply with all applicable privacy and data protection laws, including:

  • Providing end-users with a clear privacy notice before collecting personal data;
  • Obtaining all consents required by applicable law;
  • Honoring end-user rights (access, correction, deletion, portability, opt-out);
  • Implementing appropriate technical and organizational measures to protect personal data;
  • Notifying QuikForms promptly of any data breach; and
  • Entering into required data processing agreements.

9.3 Browser Information Logging

If you enable the browser information logging feature (which captures IP addresses and browser user agent strings), you must disclose this collection in your privacy notice, ensure a lawful basis for processing, implement appropriate retention schedules, and respond to end-user requests regarding this data.

9.4 Prohibited Data Categories

Unless you have independently verified full regulatory compliance, you must not use the Service to collect:

  • Payment card industry data (credit/debit card numbers, CVVs, PINs);
  • Protected health information (PHI) as defined by HIPAA;
  • Government-issued identification numbers (except where specifically required and permitted);
  • Biometric identifiers;
  • Financial account credentials; and
  • Personal information of children in violation of COPPA or equivalent laws.

10. Intellectual Property Protections

10.1 Managed Package Protections

The QuikForms managed package is proprietary software owned by QuikForms, LLC. Decompiling, reverse engineering, modifying, copying, distributing, or creating derivative works of the Service is strictly prohibited except as expressly permitted by applicable law or the Plugin Framework documentation.

10.2 Competitive Use Prohibition

You must not use the Service, the Plugin Framework, or knowledge gained from the Service to develop, market, or operate any product or service that competes with QuikForms.

10.3 Trademarks

"QuikForms" and associated logos are trademarks of QuikForms, LLC. You must not use these marks without prior written consent, except for nominative, non-misleading reference.

11. Resource Consumption and Platform Limits

The Service operates within the Salesforce platform and is subject to Salesforce governor limits. You must not use the Service in a manner that consumes excessive resources, degrades performance, generates excessive log data, or exploits the Service's architecture to circumvent Salesforce governor limits.

While QuikForms does not impose hard limits on form counts or submission volume, usage must not adversely affect the stability of your Salesforce org or the Service.

12. Monitoring, Enforcement, and Remedies

12.1 Right to Monitor

QuikForms reserves the right to monitor use of the Service for compliance with this AUP, including review of form configurations, submission patterns, custom HTML content, plugin deployments, and usage metrics.

12.2 Enforcement Actions

If QuikForms determines a violation of this AUP has occurred, QuikForms may:

  • Issue a written warning requiring remediation;
  • Temporarily suspend access to the Service;
  • Permanently terminate the Customer's license;
  • Remove or disable violating forms, plugins, or content;
  • Report the violation to law enforcement, regulatory bodies, or Salesforce; and
  • Pursue available legal remedies.

12.3 Notice and Cure

Except in cases involving imminent threats to security or safety (such as phishing, malware, or illegal content), QuikForms will provide notice and a reasonable opportunity to cure violations before taking enforcement action beyond a written warning. The cure period shall be five (5) business days from the date of notice unless a shorter period is required by the nature of the violation.

13. Reporting Violations

If you become aware of any use of the Service that you believe violates this AUP, please report it to us at:

Email: [email protected]
Subject Line: "AUP Violation Report"

Please include the URL or form identifier at issue, a detailed description of the suspected violation, any supporting evidence, and your contact information. QuikForms will acknowledge receipt of violation reports within three (3) business days.

14. Modifications to This Policy

QuikForms reserves the right to modify this AUP at any time. Material modifications will become effective thirty (30) days after notice is provided. Non-material modifications will become effective upon posting. Your continued use of the Service after the effective date constitutes acceptance of the modified AUP.

If you object to a material modification, you may terminate your use of the Service in accordance with the Terms of Service.

15. Definitions

  • "Customer" means any individual or entity that installs, configures, accesses, or uses the QuikForms managed package on a Salesforce org.
  • "End-User" means any individual who interacts with or submits data through a form created using the Service.
  • "Form" means any web form, survey, chat interface, or data collection instrument created using the Service.
  • "Managed Package" means the QuikForms software distributed as a Salesforce AppExchange managed package.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Plugin" means any custom code, configuration, or extension developed using the QuikForms Plugin Framework.
  • "Service" means the QuikForms managed package, all associated documentation, APIs, Plugin Framework, support services, and any other products or services provided by QuikForms, LLC.

16. Contact Information

For questions about this Acceptable Use Policy, please contact:

QuikForms, LLC

General Inquiries: [email protected]
Website: www.sfquikforms.com

Acknowledgment

By installing, configuring, or using the QuikForms Service, you acknowledge that you have read this Acceptable Use Policy in its entirety, that you understand its terms, and that you agree to comply with all provisions herein. This AUP is a binding component of the Terms of Service between you and QuikForms, LLC.

Copyright 2026 QuikForms, LLC. All rights reserved.