Acceptable Use Policy

Last updated: Jul 15, 2026

Deliverability and trust are shared responsibilities. Heapform is a form-building platform designed to securely capture, process, and deliver submissions on behalf of our customers. To protect senders, recipients, and our infrastructure, this Acceptable Use Policy ("AUP") defines the rules that govern how you may use Heapform. By accessing or using our services, you agree to abide by this AUP in addition to our Terms of Service and Privacy Policy.

Appropriate Submission Quality

We continuously monitor platform usage to maintain a healthy ecosystem for everyone. Keep your forms focused on legitimate, opt-in conversations, and avoid practices that generate excessive complaints, delivery failures, or spam signals.

If we detect patterns that threaten deliverability or platform stability, we may suspend or disable impacted accounts without prior notice. When possible, we will work with you to investigate and remediate the issue.

Permitted Use

You may use Heapform to:

  • Collect messages from visitors who voluntarily submit information through your websites or applications.
  • Receive notifications, route submissions to trusted destinations, and store data in your integrated services.
  • Send transactional responses triggered by a user's form submission when the user reasonably expects a reply.

Prohibited Sending Purposes

You may not use Heapform for any of the following:

  • Spamming: Collecting leads or sending non-consensual, mass, or deceptive communications.
  • Phishing or fraud: Attempting to impersonate another person, company, or brand, or soliciting sensitive information under false pretenses.
  • Illegal activity: Promoting or facilitating any activity that is unlawful in the jurisdictions where you or your users reside.
  • Malicious content: Delivering malware, spyware, ransomware, or any code designed to harm or disrupt systems.
  • Harassment: Sending threatening, discriminatory, or abusive material to any individual or group.
  • Network interference: Taking actions that could degrade, disrupt, or overload Heapform infrastructure or third-party services.

Prohibited Submission Content

The following categories of content are not permitted through Heapform:

  • Illegal products or services.
  • Content that violates CAN-SPAM, GDPR, or other applicable laws.
  • Pornography or sexually explicit material.
  • Escort or prostitution services.
  • Unapproved pharmaceutical or controlled substances.
  • Gambling services, betting tips, or online casinos.
  • Multi-level marketing, pyramid, or Ponzi schemes.
  • Get-rich-quick or deceptive financial opportunities.
  • Credit repair, debt elimination, or payday loan offers.
  • Lists for sale, list rentals, or unsolicited lead generation.
  • Services promising artificial engagement (followers, likes, views).
  • Any other content we determine to be harmful to our reputation, users, or deliverability.

Appropriate Form Collection Practices

You are responsible for ensuring that the forms routed through Heapform comply with applicable consent and data protection laws. This includes:

  • Collecting submissions only from users who have knowingly opted in or initiated contact.
  • Providing clear disclosure about how the submitted information will be used and stored.
  • Offering a simple way for users to revoke consent or request deletion of their data within statutory timelines.
  • Avoiding the collection of highly sensitive personal data unless strictly necessary and legally permissible.
  • Honoring unsubscribe or opt-out requests within seven days.

Account Integrity

Users are prohibited from creating multiple accounts to bypass plan limits, rate limits, or other restrictions. We reserve the right to apply usage limits, throttle requests, or terminate accounts engaged in evasion tactics.

Security Responsibilities

You must safeguard API keys, form endpoints, and webhook URLs associated with your account. Promptly rotate credentials if you suspect unauthorized access. Heapform is not responsible for breaches stemming from compromised customer credentials or misconfigured integrations.

Monitoring and Enforcement

We monitor platform activity to detect abuse. We may suspend, throttle, or terminate accounts that violate this AUP. Depending on severity, we may notify affected parties and cooperate with law enforcement or regulators.

Reporting Violations

To report abuse or suspected violations of this AUP, please contact us at legal@heapform.com or through our contact page.

Changes to This Policy

We may revise this AUP as our services evolve or legal requirements change. Updates will be posted on this page with a new effective date. Continued use of Heapform after updates constitutes acceptance of the revised policy.

Thank you for helping us keep Heapform safe and reliable for all.