Acceptable Use Policy


The purpose of this Acceptable Use Policy (this “Policy”) is to outline the acceptable usage of products and services of Cognito Forms (“Cognito Forms” or the “Service”), or of any third party which are subscribed through Cognito Forms. All Cognito Forms users (or “you”) must follow this Policy in their use of our Service. We may modify this Policy at any time. If you violate this Policy, we may suspend or terminate your use of Cognito Forms.

Prohibited Uses

If you find a form or organization that violates the terms listed in this Policy, please submit an abuse report. We ask that you provide as much information as possible regarding the alleged violation(s).

Do not use Cognito Forms to violate laws or in ways prohibited by these terms:

Illegal, Harmful, or Offensive Use or Content

You may not use, or encourage, facilitate or instruct others to use, the Service for any illegal, harmful, fraudulent, infringing or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, fraudulent, infringing or offensive. Prohibited activities or content include:

  • Illegal, Harmful or Fraudulent Activities. Any activities that are illegal, that violate the rights of others, or that may be harmful to others, our operations or reputation, including disseminating, promoting or facilitating child pornography, offering or disseminating fraudulent goods, services, schemes, or promotions, make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming.
  • Infringing Content. You may not use the Service to infringe the intellectual property rights of others.
  • Offensive Content. Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable.
  • Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.

Prohibited Businesses

By registering with us, you are confirming that you will not use Cognito Forms in connection with the following businesses, business activities or business practices:

  • Collecting Credit Card Information. Collection of credit card information outside of our designated payment providers is prohibited. When collecting payment through our payment providers, you are responsible for adhering to the prohibited business policies of PayPal, Stripe, or Square.
  • Selling Virtual Currencies. Virtual currency that can be monetized, resold, or converted to physical or digital products and services or otherwise exit the virtual world (e.g., Bitcoin); sale of stored value or credits maintained, accepted and issued by anyone other than the seller.
  • Fake/Novelty IDs. Sale of counterfeit or novelty IDs intended to resemble a real ID card.
  • Cash Advance Services/Quick Loans. Sale of short-term cash loans.
  • Gift Card exchanges. Sale of gift cards in exchange for cash or other gift cards.
  • Video game or virtual world credits. Sale of in-game currency unless the merchant is the operator of the virtual world.
  • Social media activity. Sale of Twitter followers, Facebook likes, YouTube views, and other forms of social media activity.
  • Personal Shopper Services. Sale of services to help another to purchase goods, either by accompanying them while shopping or by shopping on their behalf.


You may not misuse our Service by interfering with its normal operation or attempting to access it using a method other than through the interfaces and instructions that we provide.

  • Unauthorized Access. Accessing or using our Service without permission, including attempting to probe, scan, or test the vulnerability of our Service or to breach any security or authentication measures used by our Service.
  • Sensitive Information. You may not use Cognito Forms to collect sensitive information from other users, including but not limited to social security numbers and driver’s license numbers, without enabling the data encryption feature in the application. See our help topic for more information about enabling data encryption.
  • Phishing. We will suspend any use of Cognito Forms which come to our attention that is intended to deceive or mislead respondents, including by linking to websites with malicious software such as malware.


You may not send out spam. We define spam as any message that violates CAN SPAM law. Emails you send via Cognito Forms must have a valid reply-to email address owned or managed by you. We prohibit the use of harvested, third-party, purchased, or rented mailing lists.

Other Prohibited Activities

We reserve the right to take whatever lawful actions we may deem appropriate in response to actual or suspected violations of the prohibited uses, including, without limitation, the suspension or termination of your access to Cognito Forms.

HIPAA Compliance

We offer a HIPAA-compliant solution for customers subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Our HIPAA-compliant solution is only supported on our Enterprise plan level. All other plan levels (including the Individual, Pro, and Team plans) are not designed to offer HIPAA regulations and safeguards.

You are solely responsible for selecting the appropriate type of account and for any applicable compliance with federal or state laws as they pertain to personal, medical, or other sensitive data. It is your responsibility to assess whether your usage of Cognito Forms is appropriate for the storage or control of sensitive data.

If you would like to learn more about our HIPAA-Compliance solution, please contact us or visit our HIPAA compliance page.

Modified on May 9, 2018