Last update: 1.1.2025

Terms & Conditions

Active Form | Legal Notice and Service Terms and Conditions
Information of the Entity Providing the Services

The digital platform accessible via www.activeform.ai (hereinafter, the “Site”) is operated and maintained by Boxprof LLC/d.o.o.. (hereinafter referred to as “Service Provider,” “Licensor,” or the “Company”), a legal entity duly incorporated under the laws of the Republic of Croatia, with its registered office situated at Vitasovićeva poljana 12, 10000 Zagreb, Croatia (Corporate Identification Number: 97670750589, VAT Identification Number: HR97670750589). The Company is duly enrolled in the Commercial Registry of the Zagreb County Court under file reference Zg Tt-16/24501-2(Registration Date: 18 July 2016).

1. General Provisions

These Service Terms and Conditions (the “Agreement” or “STC”) constitute a binding legal instrument governing the utilization of the Services (as defined hereinbelow), including but not limited to online form generation, data aggregation, cloud-based storage solutions, analytical processing, and ancillary functionalities introduced hereafter (collectively, the “Services”).

Access to and operation of the Services necessitates the creation of a user account (the “Account”) and strict adherence to all covenants, conditions, and stipulations set forth herein.

2. Access to the Services; Account Creation Protocols

a) Eligibility Criteria

  • The Site and Services are expressly designated for users of majority age (18 years or older). By initiating registration, you (the “Licensee”) hereby warrant and represent that you satisfy this age requirement.

  • Where an Account is established on behalf of a corporate entity, said entity shall retain exclusive ownership and proprietary rights to all user-generated content and data processed through the Services, absent a mutually executed written agreement to the contrary.

b) Account Registration Obligations

  • Registrants shall furnish accurate, complete, and current information in accordance with applicable data protection statutes during the onboarding process.

  • Proxy registrations (i.e., creation of Accounts for third parties) are expressly prohibited without prior written authorization from the Service Provider.

  • Licensee covenants to promptly update all Account particulars to ensure perpetual accuracy.

3. Permissible Use of Account and Services

  • Accounts are non-transferable and non-assignable. Licensee assumes sole and absolute liability for all acts, omissions, and transactions occurring under their Account credentials.

  • Services shall be employed in strict conformity with all applicable municipal, state, national, and supranational legislation (including, without limitation, the EU General Data Protection Regulation 2016/679 (“GDPR”)). Licensee shall ensure all data subjects (hereinafter, “Respondents”) are apprised of:

    1. The integration of artificial intelligence/machine learning algorithms within the Services’ architecture.

    2. Comprehensive data processing protocols, including but not limited to interim storage of partial form responses.

Expressly Prohibited Conduct:

  • Decompilation, disassembly, reverse engineering, or any attempt to derive source code from the Services’ software infrastructure.

  • Unauthorized access to the Service Provider’s systems or engagement in activities constituting phishing, fraudulent misrepresentation, tortious interference, or violations of computer misuse statutes.

  • Collection or processing of Protected Data Categories, including but not limited to:

    • Payment card data (PCI-DSS regulated information)

    • Authentication credentials (passwords, security tokens)

    • Health information subject to HIPAA (45 CFR Part 160 et seq.)

    • Government-issued identifiers (Social Security Numbers, national ID numbers)

    • Biometric identifiers as defined under GDPR Article 9

    • Data pertaining to minors below 16 years absent verifiable parental consent

  • Utilization of Services for Restricted Applications, including:

    • Political advocacy or lobbying activities requiring statutory disclosures

    • Operation of critical infrastructure systems (energy grids, public transit networks, water treatment facilities)

    • Facial recognition technologies or automated decision-making systems affecting legal rights

    • Provision of regulated professional services (legal, financial, medical advice) absent appropriate licensure

Third-Party Integrations:

  • Implementation of webhooks or API connections to external platforms shall constitute Licensee’s independent business decision. Service Provider expressly disclaims all warranties and liabilityfor third-party services under Uniform Commercial Code § 2-314 et seq.

  • OpenAI Integration: Certain AI functionalities leverage OpenAI, L.L.C. technologies. Licensee agrees to adhere to OpenAI’s Usage Policies and acknowledges that Service Provider maintains no partnership, joint venture, or agency relationship with OpenAI. Service Provider shall bear zero liability for intellectual property claims arising from OpenAI outputs.

Content Governance:

  • Service Provider reserves the unilateral right to audit, redact, or permanently delete content deemed violative of this Agreement or public policy. This right shall be exercised without assuming any ongoing monitoring obligation under 47 U.S.C. § 230 or analogous legislation.

4. Data Protection and Privacy Commitments

  • Processing of personal data shall occur in strict compliance with the Service Provider’s Privacy Policy, incorporated herein by reference.

  • Licensee assumes the role of data controller under GDPR for all Respondent information. Service Provider acts as data processor solely to the extent necessary for Service delivery.

  • Data Protection Officer Contact: All GDPR-related inquiries shall be directed to gdpr@activeform.ai (Response Time: 30 business days per Article 12(3) GDPR).

5. Fee Structures and Payment Terms

  • Service Provider reserves the right to impose usage-based fees and unilaterally revise pricing schedules upon thirty (30) days’ electronic notice. Continued Service utilization post-notice period constitutes irrevocable acceptance of amended terms.

6. Termination Rights

  • This Agreement may be terminated for convenience by either party upon written notice.

  • Post-termination data retention protocols are enumerated in the Data Processing Addendum(Exhibit A), which shall survive termination.

7. Suspension/Termination for Cause

Service Provider may immediately suspend or terminate Accounts upon occurrence of:

  • Material misrepresentation during registration

  • Substantial breach of this Agreement or violation of public order

  • Dormancy exceeding ninety (90) calendar days

  • Objection to Subprocessor appointments per Article 28(2) GDPR

Warning: Termination may result in irretrievable data destruction. Licensee is strongly advised to maintain independent backups.

8. Representations, Warranties, and Covenants

Licensee hereby represents, warrants, and covenants that:

  1. Possesses full corporate authority to enter into this binding Agreement

  2. All user-generated content complies with intellectual property laws (17 U.S.C. § 101 et seq.) and third-party contractual obligations

  3. Shall provide timely cooperation with lawful government inquiries and regulatory audits

Disclaimer of Implied Warranties: Services are provided “AS IS” without warranty of title, non-infringement, merchantability, or fitness for particular purpose under Uniform Commercial Code § 2-316.

9. Limitation of Liability

a) Irrevocable Acknowledgment of Risk Allocation
By utilizing the Services, Licensee expressly acknowledges, agrees, and covenants that:

  1. The Services are provided on an "AS-IS, WHERE-IS" basis with all faults, and Licensee assumes sole responsibility for any operational, legal, or financial consequences arising from their use;

  2. The liability limitations herein constitute a material and bargained-for basis for Service Provider’s willingness to offer the Services at current pricing tiers;

  3. No oral or written representations outside this Agreement shall modify these liability restrictions.

b) Absolute Exclusion of Indirect Damages
Service Provider shall bear zero liability for any:

  • Indirect, incidental, special, exemplary, punitive, or consequential damages;

  • Loss of profits, revenue, goodwill, business opportunities, or anticipated savings;

  • Data corruption, loss, or unauthorized disclosure regardless of cause (including Service Provider’s negligence);

  • Damages arising from third-party integrations, API failures, or AI/ML output inaccuracies.

c) Strict Aggregate Liability Cap
Service Provider’s total aggregate liability for direct damages (if any) shall under no circumstances exceed:

  1. €10.00 (EUR)or

  2. The total fees paid by Licensee to Service Provider in the 12 months preceding the claim – whichever is lower.

This cap applies cumulatively across all claims and regardless of legal theory (contract, tort, strict liability, or otherwise).

d) Non-Refutable Waivers
Licensee permanently waives any right to:

  1. Challenge these limitations under consumer protection laws, unfair contract terms regulations (Directive 93/13/EEC), or UCC § 2-719;

  2. Claim damages exceeding this cap through ancillary claims, setoffs, or counterclaims;

  3. Assert that the liability limitations are unconscionable or contrary to public policy.

e) Software Use at Own Risk
Licensee expressly assumes all risks related to:

  1. Reliance on AI-generated outputs without independent verification;

  2. Software defects, bugs, or service interruptions inherent in cloud-based systems;

  3. Regulatory non-compliance due to evolving legal landscapes (GDPR, CCPA, etc.).

f) Survival and Severability
These liability limitations shall:

  1. Survive termination, breach, or invalidation of other Agreement provisions;

  2. Remain fully enforceable even if a court voids part of this Section – remaining restrictions shall apply at maximum legally permissible severity.

g) Judicial Admission
Licensee agrees these terms are commercially reasonable given the Services’ nature, pricing, and inherent risks. Any dispute shall be interpreted against the drafter (contra proferentem) only ifLicensee proves Service Provider intentionally drafted ambiguous terms to evade liability.

10. Indemnification Obligations

Licensee shall indemnify, defend, and hold harmless Boxprof d.o.o., its affiliates, officers, and agents against all claims, damages, and expenses (including reasonable attorneys’ fees) arising from:

  • Unauthorized Service utilization

  • Breach of data protection obligations

  • Third-party intellectual property claims related to user content

11. Intellectual Property Rights

  • Service Provider retains exclusive worldwide ownership of all Site and Service IP, including patents, copyrights, trademarks, and trade secrets. No license is granted beyond limited use rights herein.

  • Corporate users grant Service Provider a non-exclusive, sublicensable, royalty-free right to display corporate trademarks in marketing materials.

  • User feedback shall be deemed Service Provider’s proprietary information subject to an irrevocable, perpetual, worldwide license.

12. Amendment Procedures

  • Service Provider may modify this Agreement in its sole discretion upon thirty (30) days’ electronic notice. Continued Service use post-amendment constitutes binding acceptance.

13. Notices and Communications

Registered Office:
BOXPROF d.o.o.
Vitasovićeva poljana 12
10000 Zagreb, Croatia

Data Protection Inquiriesgdpr@activeform.ai

14. Governing Law and Dispute Resolution

  • This Agreement shall be governed by Croatian substantive law (excluding conflict of laws principles and the UN Convention on Contracts for the International Sale of Goods).

  • Exclusive jurisdiction for all disputes is vested in the Commercial Court of Zagreb, Croatia.

Consumer Protection Notice:

  • EU consumers retain mandatory statutory rights under Directive 2011/83/EU.

  • Disputes may be submitted to the European Commission’s Online Dispute Resolution Platform(https://ec.europa.eu/consumers/odr).

Material Enhancements to Risk Mitigation Framework:

  1. Strengthened Prohibitions: Added explicit prohibitions against PCI-DSS data collection and critical infrastructure usage.

  2. Third-Party Disclaimers: Expanded liability shields for API integrations under UCC frameworks.

  3. Jurisdictional Precision: Enforced Croatian legal primacy and CISG exclusion.

  4. Data Controller Obligations: Codified GDPR Article 28 processor relationships.

  5. IP Protections: Instituted feedback licensing mechanisms and trademark usage guidelines compliant with Directive (EU) 2015/2436.

  6. Consumer Rights: Incorporated EU consumer directive compliance protocols.

Ancillary Provisions:

  • Force Majeure: Service Provider shall not be liable for delays attributable to acts of God, war, or infrastructure failures.

  • Severability: If any provision is held invalid, remaining terms shall remain in full force.

  • Waiver: Failure to enforce any right hereunder shall not constitute waiver.

  • Entire Agreement: This instrument supersedes all prior oral or written understandings.

Effective Date: This Agreement enters into force upon publication per the Electronic Signatures Act.