Acceptable Use Policy (AUP)

Version 1.0 · Effective: May 23, 2026

The Czech version is the controlling version. This AUP is an integral part of the Terms of Service (simplyforms.app/legal/terms) operated by Adam Todt, IČO 19197438. In case of conflict between this AUP and the Terms, the stricter provision prevails.

1. Purpose

This AUP defines prohibited uses of the SimplyForms Service and provides legal basis for immediate suspension or termination of an Account in case of breach. It protects: other customers, the IP reputation of our SMTP servers, compliance with applicable law (GDPR, Czech Act 480/2004, anti-spam, DSA), and Submitters.

2. Prohibited uses

Customer shall NOT use the Service for:

2.1 Anti-spam / unsolicited communications

• (a) Unsolicited commercial communications (spam) in breach of Czech Act 480/2004 §7, CAN-SPAM Act (US), PECR (UK), CASL (Canada) or analogous laws.
• (b) Commercial communications without prior provable consent (opt-in) of the recipient.
• (c) Use of the autoresponder for newsletter-style messaging (autoresponder is for confirmation emails only).
• (d) Mass automated submissions without provable Submitter consent.
• (e) Emails with false identification, deceptive subject lines, or forged From / Reply-To headers.

2.2 Security threats

• (a) Malware, ransomware, viruses, trojans in any form.
• (b) Phishing pages or forms designed to steal credentials, payment data, or other sensitive information.
• (c) Fraudulent forms (fake giveaways, fake support, fake job offers, fake invoices).
• (d) Distribution of phishing/malware links via form submissions.
• (e) Exploitation attempts, brute-force, fuzzing of the API without express Operator consent.

2.3 Infrastructure abuse

• (a) Scraping the Service or its endpoints.
• (b) Automated overload beyond plan limits.
• (c) Bypassing CAPTCHA, rate-limits, or other security measures.
• (d) Sharing Account / API key with unauthorized third parties beyond plan specification.
• (e) Reverse engineering, decompilation, disassembly beyond what §66 of Czech Act 121/2000 mandatorily allows.
• (f) Using the Service to build a competing product or replicate its functionality.
• (g) Creating multiple Accounts to bypass FREE-plan limits.

2.4 Illegal and harmful content

• (a) Content promoting terrorism, violence, hatred based on race, ethnicity, religion, gender, sexual orientation, age, or disability.
• (b) Child sexual abuse material (CSAM) — immediate report to law-enforcement authorities.
• (c) Doxxing, blackmail, threats, disclosure of third-party private information without consent.
• (d) Unlawful discrimination.
• (e) Content infringing copyrights or other IP rights.
• (f) Covering criminal activity, money laundering, terrorist financing.
• (g) Promotion of illegal goods or services (drugs, weapons, counterfeit goods, stolen data).

2.5 Personal data protection

• (a) Collection of Art. 9 GDPR special categories (health, race/ethnicity, political opinions, religious beliefs, sexual orientation, biometric, genetic) without explicit Submitter consent and a documented DPIA.
• (b) Collection of Art. 10 GDPR criminal-conviction data without lawful basis.
• (c) Collection of data from minors under 16 without legal-guardian consent (Art. 8 GDPR).
• (d) Processing personal data without a valid Art. 6 lawful basis.
• (e) Failure to inform Submitters about Operator as processor (breach of Customer's own Art. 13 GDPR duties).

2.6 Sanctions and export controls

• (a) Use by a person on EU, UN, or US sanctions lists (OFAC, EU sanctions list).
• (b) Use for activities subject to WMD/dual-use export controls.
• (c) Use to circumvent international embargoes.

3. Consequences of breach

3.1 Immediate suspension

On reasonable suspicion of breach, Operator may without prior notice:

• suspend the Account,
• block the API key,
• drop pending email queues,
• retain technical logs for evidence,
• notify competent authorities (in case of suspected crime, CSAM, terrorism).

3.2 Termination

On proven breach, Operator may immediately terminate the Agreement per Terms §11.3 without refund of Fees.

3.3 Contractual penalty

For each proven case of egregious AUP breach (spam, malware distribution, phishing, CSAM) Customer shall pay a contractual penalty of CZK 50,000. This does not preclude damage claims (Terms §14).

3.4 Law-enforcement cooperation

In case of suspected crime, terrorism, CSAM, or serious legal violation, Operator will cooperate with law-enforcement authorities and provide available data (Account, logs, IP addresses) upon lawful request.

4. Notice-and-action mechanism (DSA Art. 16)

Per Regulation (EU) 2022/2065 (Digital Services Act) Art. 16:

Third parties may report unlawful content transmitted via the Service to:

abuse@simplyforms.app

The report should include: description of unlawful content, reasons why content is unlawful, specific location (URL, email, identifier), and contact for confirmation of receipt.

Response time: Operator responds without undue delay, no later than 48 hours.

5. Customer's own incident reporting

If Customer detects Account or API-key compromise:

• report to security@simplyforms.app without undue delay,
• rotate the API key in the dashboard,
• request Account freeze if needed.

Operator will assist in investigation.

6. Interpretation and changes

6.1 In case of doubt whether a particular use falls under a prohibition, Customer shall consult Operator (legal@simplyforms.app) before such use. Operator responds within 7 business days.

6.2 Operator may unilaterally extend the AUP for new prohibitions when required by: legal developments, protection against newly identified abuse types, or protection of other customers/third parties. Changes are notified per Terms §3 (30 days in advance for material changes).

7. Relationship to other documents

7.1 This AUP is integral to the Terms of Service.

7.2 Breach of the AUP is always a breach of the Terms, with consequences per Terms §11 and §14.

7.3 Some AUP provisions (especially §2.5) overlap with Customer's obligations as controller under the DPA.

Contacts:

• Abuse reports (DSA notice): abuse@simplyforms.app
• Security incidents: security@simplyforms.app
• General AUP queries: legal@simplyforms.app

Version 1.0 · Effective: May 23, 2026

Document hash (SHA-256): b85130924a70513ef5ebde89dc34411a62c9f15d768ac5edf1b36652b308b274