End-User Notice Templates & Compliance Guide

Last Updated: February 11, 2026

This document provides ready-to-use notice templates for QuikForms customers -- the Salesforce administrators and businesses that build and deploy forms using QuikForms. Customize these templates and add them to your forms so that form submitters (end-users) understand how their data is collected, used, and stored.

The Three-Party Relationship

When someone submits a QuikForms form, three parties are involved:

Party	Role	Description
You (the Customer)	Data Controller	You decide what data to collect, why to collect it, and how to use it. You configure the form fields, enable or disable optional tracking, and store the submitted data in your Salesforce org. Under GDPR, CCPA, and most other privacy laws, you are the party responsible for providing notice and obtaining consent when required.
QuikForms, LLC	Data Processor	QuikForms provides the form-building platform. We process form submissions on your behalf and store them in your Salesforce org. We do not independently decide what data to collect or how to use it -- that is your decision. We act solely under your instructions.
End-User (Form Submitter)	Data Subject	The person who fills out and submits the form. Under privacy regulations, this person has rights regarding their personal data, and they are owed clear notice about what happens to the information they provide.

Why You Need to Provide Notice

As the data controller, you are legally obligated to inform end-users about the data you collect through your forms. At a minimum, you should tell people:

Who is collecting their data (your organization, not QuikForms)
What data is being collected (form fields, analytics, files)
Why you are collecting it (the purpose)
How it will be stored and for how long
Who it may be shared with (sub-processors like Cloudflare)
What rights they have regarding their data

What QuikForms Collects from Form Submitters

Every form submission through QuikForms involves the following data collection. Use this as a reference when customizing the templates below.

Always Collected (for all form submissions)

Form field values -- All fields you define on your form (text inputs, dropdowns, checkboxes, etc.)
Cloudflare Turnstile CAPTCHA verification -- A token is sent to Cloudflare for bot protection. Cloudflare receives the submitter's IP address as part of this verification. (Can be disabled per form via the Disable_Captcha__c setting.)
Form submission timestamp -- The date and time the form was submitted

Collected for Analytics (when analytics is enabled)

IP address hash -- A SHA-256 hash of the submitter's IP address combined with a daily rotating salt. This is a one-way hash used only for approximate unique visitor counting; the raw IP address is not stored in analytics.
Device category -- Desktop, Mobile, or Tablet (derived from the user agent string but stored only as a category, not the raw string)
Browser type -- Chrome, Safari, Firefox, Edge, or Other (derived from the user agent string but stored only as a category)
Referrer domain -- The hostname of the referring page only (e.g., google.com), not the full URL
Time to complete -- How long the user spent filling out the form (in seconds)

Collected Only When You Enable Them

Raw IP address -- Stored in the Quik_User_IP__c field on the target Salesforce object. Only collected when you enable the Log_User_Browser_Info__c setting on the form AND the target object has the Quik_User_IP__c field.
Browser user agent string -- Stored in the Quik_Browser_User_Agent__c field on the target Salesforce object. Only collected when you enable the Log_User_Browser_Info__c setting AND the target object has the Quik_Browser_User_Agent__c field.

Collected When the Form Includes File Upload Fields

File upload contents -- The files the end-user attaches to the form, stored as Attachments or ContentDocuments in your Salesforce org.

Data Storage and Retention

All submitted data is stored in your Salesforce org. QuikForms does not maintain a separate copy.
Analytics rollup data is retained for 365 days by default. This retention period is configurable via the Analytics_Retention_Days__c custom metadata setting.
You control data retention and deletion for all form submission records in your Salesforce org.

Template 1: Short Privacy Notice (Form Footer)

This brief notice is designed to be placed in your form footer using the customFooterHTML__c field. It provides essential information in a compact format and links to your full privacy policy for details.

Plain Text Version

Privacy Notice: By submitting this form, you are providing your information to
[YOUR COMPANY NAME]. We use Cloudflare for bot protection and collect basic analytics
(device type, browser category, and referrer domain) to improve our services. Your
data is stored securely and handled in accordance with our Privacy Policy
([YOUR PRIVACY POLICY URL]). For questions, contact us at [YOUR CONTACT EMAIL].

HTML Version (for `customFooterHTML__c`)

<div style="margin-top: 16px; padding: 12px 16px; background-color: #f8f9fa;
     border: 1px solid #e0e0e0; border-radius: 6px; font-size: 13px;
     line-height: 1.5; color: #555;">
  <strong>Privacy Notice:</strong> By submitting this form, you are providing your
  information to [YOUR COMPANY NAME]. We use Cloudflare for bot protection and collect
  basic analytics (device type, browser category, and referrer domain) to improve our
  services. Your data is stored securely and handled in accordance with our
  <a href="[YOUR PRIVACY POLICY URL]" target="_blank" rel="noopener noreferrer"
     style="color: #0066cc; text-decoration: underline;">Privacy Policy</a>.
  For questions, contact us at
  <a href="mailto:[YOUR CONTACT EMAIL]"
     style="color: #0066cc; text-decoration: underline;">[YOUR CONTACT EMAIL]</a>.
</div>

Customization Instructions

Placeholder	Replace With	Example
`[YOUR COMPANY NAME]`	Your organization's legal name	Acme Corporation
`[YOUR PRIVACY POLICY URL]`	Full URL to your privacy policy page	https://www.acme.com/privacy
`[YOUR CONTACT EMAIL]`	Your privacy or general contact email	[email protected]

Template 2: Detailed Privacy Notice (Full Page)

This comprehensive notice is suitable for use as a standalone page that you link to from your forms. It provides detailed information about all data collection, processing, and rights. You can host this as a page on your website and link to it from the short notice in Template 1.

Full Template

Instructions: Copy the template below, replace all bracketed placeholders with your organization's information, and remove sections that do not apply to your business.

# Privacy Notice for Online Forms

**Effective Date:** [EFFECTIVE DATE]
**Last Updated:** [LAST UPDATED DATE]
**Data Controller:** [YOUR COMPANY NAME]

## Who We Are

This privacy notice explains how [YOUR COMPANY NAME] ("[YOUR COMPANY SHORT NAME],"
"we," "us," or "our") collects, uses, and protects information submitted through our
online forms. Our forms are built using QuikForms, a Salesforce-based form platform.

## What Information We Collect

### Information You Provide Directly
- The data you enter into form fields (such as your name, email address, phone number,
  or any other fields displayed on the form)
- Any files you upload through the form

### Information Collected Automatically
- **Bot Protection:** We use Cloudflare Turnstile to verify that submissions come from
  real people. Cloudflare receives your IP address as part of this verification.
- **Form Analytics (Aggregated):**
  - Device category (Desktop, Mobile, or Tablet)
  - Browser type (Chrome, Safari, Firefox, Edge, or Other)
  - Referrer domain (only the domain name, not the full URL)
  - An anonymized identifier (SHA-256 hash with daily rotating salt) for approximate
    unique visitor counting -- cannot be reversed to recover your IP address
  - Time to complete the form
  - Form submission timestamp

[IF YOU HAVE ENABLED IP/BROWSER LOGGING, INCLUDE:]
- **Detailed Browser Information:** On certain forms, we additionally collect:
  - Your IP address
  - Your browser's user agent string
  This information is used for [STATE YOUR PURPOSE].

## How We Use Your Information
- [LIST YOUR SPECIFIC PURPOSES]
- To respond to your inquiry or process your request
- To communicate with you about your submission
- To improve our forms and website experience (using aggregated analytics)
- To prevent spam, fraud, and abuse (using Cloudflare bot protection)

## Legal Basis for Processing (EEA/UK Visitors)
- **Consent:** Where you have given explicit consent
- **Contractual Necessity:** Where processing is necessary for a contract
- **Legitimate Interest:** For fraud prevention and analytics
- **Legal Obligation:** Where required by law

## How We Store Your Information
- Form data is stored in our Salesforce CRM system
- Analytics data is retained for [365 days by default], then automatically deleted
- Submission records are retained per our data retention policy

## Who We Share Your Information With
- **Salesforce:** CRM platform (data processor)
- **Cloudflare:** Bot protection (receives IP for verification)
- **QuikForms, LLC:** Form platform (data processor, does not retain your data)

We do not sell your personal information.

## Your Rights
- Right of Access, Rectification, Erasure, Restriction, Portability, Objection
- Right to Withdraw Consent
- Contact: [YOUR CONTACT EMAIL]

## California Residents (CCPA)
- Right to Know, Delete, Opt-Out of Sale/Sharing, Non-Discrimination
- We do not sell or share personal information as defined under the CCPA.

## Contact Us
[YOUR COMPANY NAME]
[YOUR MAILING ADDRESS]
Email: [YOUR CONTACT EMAIL]

Placeholder Reference

Placeholder	Replace With
`[YOUR COMPANY NAME]`	Your organization's full legal name
`[YOUR COMPANY SHORT NAME]`	Abbreviated name or trade name
`[EFFECTIVE DATE]`	The date this notice takes effect
`[LAST UPDATED DATE]`	The date you last revised the notice
`[YOUR PRIVACY POLICY URL]`	URL to your main privacy policy page
`[YOUR CONTACT EMAIL]`	Privacy or general contact email
`[YOUR PRIVACY REQUEST URL]`	URL for privacy rights requests (if applicable)
`[YOUR MAILING ADDRESS]`	Your organization's physical address
`[YOUR PHONE NUMBER]`	Your contact phone number
`[ANALYTICS RETENTION PERIOD]`	Your configured retention period (default: 365 days)
`[STATE YOUR PURPOSE]`	The reason you enabled IP/browser logging

Use these templates when your form requires explicit consent from the end-user. Common scenarios include marketing opt-in, GDPR explicit consent for processing sensitive data, or any time you want affirmative consent rather than relying on legitimate interest.

In QuikForms, you can add a checkbox field to your form and use these as the label text. Alternatively, you can add consent language in the customFooterHTML__c field.

Plain text:

I consent to [YOUR COMPANY NAME] collecting and processing the information I provide
in this form for the purpose of [STATE PURPOSE, e.g., "responding to my inquiry"].
I have read and agree to the Privacy Policy ([YOUR PRIVACY POLICY URL]).

HTML (for checkbox label or footer):

<label style="display: flex; align-items: flex-start; gap: 8px; font-size: 14px;
       line-height: 1.5; color: #333; cursor: pointer;">
  <input type="checkbox" name="consent_processing" required
         style="margin-top: 4px; min-width: 18px; min-height: 18px; cursor: pointer;">
  <span>I consent to [YOUR COMPANY NAME] collecting and processing the information
  I provide in this form for the purpose of [STATE PURPOSE]. I have read and agree
  to the <a href="[YOUR PRIVACY POLICY URL]" target="_blank" rel="noopener noreferrer"
     style="color: #0066cc; text-decoration: underline;">Privacy Policy</a>.</span>
</label>

Plain text:

I would like to receive marketing communications (such as newsletters, product
updates, and promotional offers) from [YOUR COMPANY NAME]. I understand I can
unsubscribe at any time by contacting [YOUR CONTACT EMAIL] or using the unsubscribe
link in any email.

HTML:

<label style="display: flex; align-items: flex-start; gap: 8px; font-size: 14px;
       line-height: 1.5; color: #333; cursor: pointer;">
  <input type="checkbox" name="consent_marketing"
         style="margin-top: 4px; min-width: 18px; min-height: 18px; cursor: pointer;">
  <span>I would like to receive marketing communications (such as newsletters,
  product updates, and promotional offers) from [YOUR COMPANY NAME]. I understand
  I can unsubscribe at any time by contacting
  <a href="mailto:[YOUR CONTACT EMAIL]"
     style="color: #0066cc;">[YOUR CONTACT EMAIL]</a>
  or using the unsubscribe link in any email.</span>
</label>

This template is intended for forms that collect sensitive personal data (special category data under GDPR Article 9) or where you specifically need explicit consent as your legal basis.

Plain text:

I explicitly consent to [YOUR COMPANY NAME] collecting and processing the personal
data I submit through this form. I understand that:

- My data will be stored in [YOUR COMPANY NAME]'s Salesforce CRM system
- My data will be used for [STATE SPECIFIC PURPOSES]
- Cloudflare processes my IP address for bot verification
- Basic analytics (device type, browser category, referrer domain) are collected
- I can withdraw my consent at any time by contacting [YOUR CONTACT EMAIL]
- Withdrawing consent does not affect the lawfulness of processing performed before
  withdrawal
- I have the right to access, correct, delete, or port my personal data

I have read the Privacy Policy ([YOUR PRIVACY POLICY URL]) and understand how my
data will be processed.

HTML:

<div style="margin: 16px 0; padding: 16px; border: 1px solid #ccc;
     border-radius: 6px; background-color: #fafafa;">
  <label style="display: flex; align-items: flex-start; gap: 10px; font-size: 14px;
         line-height: 1.6; color: #333; cursor: pointer;">
    <input type="checkbox" name="consent_gdpr" required
           style="margin-top: 4px; min-width: 20px; min-height: 20px; cursor: pointer;">
    <div>
      <p style="margin: 0 0 8px 0;">I explicitly consent to [YOUR COMPANY NAME]
      collecting and processing the personal data I submit through this form.
      I understand that:</p>
      <ul style="margin: 0 0 8px 0; padding-left: 20px;">
        <li>My data will be stored in [YOUR COMPANY NAME]'s Salesforce CRM system</li>
        <li>My data will be used for [STATE SPECIFIC PURPOSES]</li>
        <li>Cloudflare processes my IP address for bot verification</li>
        <li>Basic analytics (device type, browser category, referrer domain)
            are collected</li>
        <li>I can withdraw my consent at any time by contacting
            <a href="mailto:[YOUR CONTACT EMAIL]"
               style="color: #0066cc;">[YOUR CONTACT EMAIL]</a></li>
        <li>Withdrawing consent does not affect the lawfulness of processing
            performed before withdrawal</li>
        <li>I have the right to access, correct, delete, or port
            my personal data</li>
      </ul>
      <p style="margin: 0;">I have read the
        <a href="[YOUR PRIVACY POLICY URL]" target="_blank" rel="noopener noreferrer"
           style="color: #0066cc; text-decoration: underline;">Privacy Policy</a>
        and understand how my data will be processed.</p>
    </div>
  </label>
</div>

HTML:

<div style="margin: 16px 0; font-size: 14px; line-height: 1.5; color: #333;">
  <p style="margin: 0 0 12px 0;">By submitting this form, I acknowledge that
  [YOUR COMPANY NAME] will process my information as described in the
  <a href="[YOUR PRIVACY POLICY URL]" target="_blank" rel="noopener noreferrer"
     style="color: #0066cc; text-decoration: underline;">Privacy Policy</a>.</p>
  <label style="display: flex; align-items: flex-start; gap: 8px; cursor: pointer;">
    <input type="checkbox" name="consent_marketing"
           style="margin-top: 4px; min-width: 18px; min-height: 18px; cursor: pointer;">
    <span>I also consent to receiving marketing communications from
    [YOUR COMPANY NAME]. I can opt out at any time.</span>
  </label>
</div>

Template 4: IP & Browser Logging Disclosure

Use this template as an addition to Template 1 or Template 2 when you have enabled the Log_User_Browser_Info__c setting on your form. This setting causes the end-user's raw IP address and browser user agent string to be stored directly on the submitted record (in the Quik_User_IP__c and Quik_Browser_User_Agent__c fields).

This is a more invasive level of data collection than the default analytics (which only store a hashed IP and categorized device/browser data), so additional disclosure is strongly recommended.

Short Version (for form footers)

<div style="margin-top: 12px; padding: 10px 14px; background-color: #fff8e1;
     border: 1px solid #ffe082; border-radius: 6px; font-size: 13px;
     line-height: 1.5; color: #555;">
  <strong>Additional Data Notice:</strong> This form records your IP address and
  browser information alongside your submission for [STATE PURPOSE: e.g., "security
  and fraud prevention"]. This data is stored securely and handled per our
  <a href="[YOUR PRIVACY POLICY URL]" target="_blank" rel="noopener noreferrer"
     style="color: #0066cc; text-decoration: underline;">Privacy Policy</a>.
</div>

Detailed Version (for privacy policy page)

Add this section to your detailed privacy notice (Template 2) when IP/browser logging is enabled:

## IP Address and Browser Logging

In addition to the aggregated analytics described above, this form collects and stores
the following information directly with your form submission record:

- **Your IP address** -- Your Internet Protocol (IP) address, which may indicate your
  approximate geographic location and internet service provider
- **Your browser user agent string** -- A string sent by your browser that typically
  includes your browser name and version, operating system, and device type

### Why We Collect This Information
- Fraud prevention and detection
- Security monitoring and abuse prevention
- Regulatory and legal compliance
- Identifying and preventing duplicate or fraudulent submissions

### How Long We Keep This Information
IP addresses and browser information are retained for [STATE YOUR RETENTION PERIOD]
as part of the form submission record. You may request deletion by contacting us at
[YOUR CONTACT EMAIL].

### Your Choices
If you do not wish to have your IP address and browser information recorded, you may:
- Choose not to submit the form
- Contact us at [YOUR CONTACT EMAIL] to request deletion after submission

Combined Footer Example

You can combine multiple templates in a single footer. Here is an example combining the short privacy notice with the IP/browser logging disclosure:

<div style="margin-top: 16px; font-size: 13px; line-height: 1.5; color: #555;">
  <!-- Short Privacy Notice -->
  <div style="padding: 12px 16px; background-color: #f8f9fa;
       border: 1px solid #e0e0e0; border-radius: 6px; margin-bottom: 8px;">
    <strong>Privacy Notice:</strong> By submitting this form, you are providing your
    information to [YOUR COMPANY NAME]. We use Cloudflare for bot protection and
    collect basic analytics to improve our services. Your data is handled in
    accordance with our
    <a href="[YOUR PRIVACY POLICY URL]" target="_blank" rel="noopener noreferrer"
       style="color: #0066cc; text-decoration: underline;">Privacy Policy</a>.
  </div>

  <!-- IP/Browser Logging Disclosure -->
  <div style="padding: 10px 14px; background-color: #fff8e1;
       border: 1px solid #ffe082; border-radius: 6px;">
    <strong>Additional Data Notice:</strong> This form records your IP address and
    browser information alongside your submission for security and fraud prevention.
  </div>
</div>

Compliance Guidance for Customers

This section provides general guidance on your obligations as a data controller when using QuikForms to collect personal data. This is not legal advice. Consult a qualified attorney for guidance specific to your business and jurisdiction.

If you collect data from individuals located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) applies to you as the data controller.

Key obligations:

Lawful Basis: You must have a lawful basis for processing each category of personal data. The most common bases for form submissions are:
- Consent (Article 6(1)(a)) -- freely given, specific, informed, and unambiguous consent
- Contractual Necessity (Article 6(1)(b)) -- processing necessary to perform or prepare for a contract
- Legitimate Interest (Article 6(1)(f)) -- processing necessary for your legitimate interests, provided they do not override the individual's rights
Transparency: Provide clear, accessible information about your data processing before or at the time data is collected. Use the templates in this document to satisfy this requirement.
Data Minimization: Only collect the data you actually need. Review your form fields and disable Log_User_Browser_Info__c if you do not have a specific need for IP addresses and browser user agent strings.
Data Processing Agreement (DPA): You should have a DPA in place with QuikForms, Salesforce, and any other processors. QuikForms' DPA is available on our Data Processing Agreement page.
Data Subject Rights: Be prepared to respond to data subject access requests (DSARs), deletion requests, and other rights requests within 30 days. Since all data is stored in your Salesforce org, you have full control over fulfilling these requests.
Records of Processing Activities (ROPA): Maintain a record of your processing activities that includes QuikForms form submissions as a category of processing.
Data Protection Impact Assessment (DPIA): Consider whether a DPIA is required, particularly if you are collecting sensitive data or processing data on a large scale.

Your Obligations Under CCPA

If you collect personal information from California residents and meet the CCPA's applicability thresholds, the California Consumer Privacy Act applies.

Key obligations:

Notice at Collection: Inform California consumers at or before the point of collection about the categories of personal information collected, the purposes, whether it is sold or shared, and retention periods. Use Template 1 or Template 2 to provide this notice.
Privacy Policy: Maintain a comprehensive privacy policy that includes all CCPA-required disclosures. Use Template 2 as a starting point and include the California Residents section.
Consumer Rights: Honor requests to know, delete, opt out of sale/sharing, and correct inaccurate personal information.
Do Not Sell/Share: If you do not sell or share personal information, state this clearly. QuikForms does not sell or share end-user data.
Service Provider Agreements: Ensure your agreements with processors (including QuikForms and Salesforce) include CCPA-compliant service provider terms.

One of the most common questions is whether you need explicit consent for form data collection or whether you can rely on legitimate interest.

When Consent Is Typically Required

Scenario	Why Consent Is Needed
Marketing communications opt-in	GDPR and many other laws require explicit opt-in consent for marketing emails and communications
Collecting sensitive/special category data	Health information, racial/ethnic origin, political opinions, religious beliefs, biometric data, etc. require explicit consent under GDPR Article 9
Sharing data with third parties for their own purposes	If you plan to share the submitted data with partners who will use it for their own purposes
Profiling or automated decision-making	If form submissions feed into profiling or automated decisions that significantly affect the individual
Processing children's data	Most jurisdictions require parental consent for children under a specified age

When Legitimate Interest May Apply

Scenario	Why Legitimate Interest May Work
Contact/inquiry forms	Processing a person's inquiry is a clear legitimate interest, and the individual reasonably expects their data to be used for this purpose
Job application forms	Processing applications for employment is a legitimate interest of the employer
Customer service forms	Responding to support requests is a legitimate interest
Basic analytics	Aggregated, non-identifying analytics for service improvement is generally a legitimate interest, especially when data is minimized (as QuikForms does)
Bot protection (Cloudflare Turnstile)	Security measures are a legitimate interest
Order/registration forms	Where the form is part of a contractual relationship, contractual necessity may apply

Best Practices

When in doubt, get consent. Consent is never wrong; relying on legitimate interest when you should have obtained consent is a compliance risk.
Document your basis. Whatever basis you rely on, document it. If you rely on legitimate interest, conduct and document a Legitimate Interest Assessment (LIA).
Keep consent records. If you use consent checkboxes, store the consent response in a Salesforce field so you have a record of what the user agreed to and when.
Make consent granular. Do not bundle consent for data processing with consent for marketing. Use separate checkboxes (see Templates 3a and 3b).
Do not use pre-checked boxes. Under GDPR, consent requires an affirmative action. Pre-checked checkboxes do not constitute valid consent.

How to Add Notices Using QuikForms

QuikForms provides two custom HTML injection points on every form:

Field	Location	Best Use
`customHeaderHTML__c`	Renders above the form fields	Company branding, introductory text, or brief data collection notice
`customFooterHTML__c`	Renders below the form fields, above the submit button	Privacy notices, consent checkboxes, legal disclaimers

Adding a Privacy Notice to Your Form Footer

Navigate to your Form Configuration in QuikForms Builder within Salesforce.
Open the Settings tab for your form.
Locate the customFooterHTML__c field (labeled "Custom Footer HTML" in the UI).
Paste the HTML from Template 1 (Short Privacy Notice) or any other template from this document.
Replace all bracketed placeholders with your actual values.
Save and publish the form configuration.
Preview the form to verify the notice renders correctly and all links work.

Adding a Consent Checkbox

If you want the consent checkbox to be a required form field, you have two options:

Option A: Use a QuikForms Checkbox Field

Add a Checkbox field to your form in QuikForms Builder.
Set the field label to your consent text (from Template 3).
Mark the field as Required.
Map it to a Checkbox field on your Salesforce object (e.g., Privacy_Consent__c).
This stores the consent response as a field value on the record.

Option B: Use Custom Footer HTML

Paste the HTML consent checkbox template from Template 3 into customFooterHTML__c.
Note that custom HTML checkboxes placed in the footer are not automatically validated by QuikForms as required fields. For required consent, Option A is recommended.

Recommended Privacy Practices for Form Builders

Minimize data collection. Only add fields to your form that you genuinely need. Every additional field increases your compliance burden and the potential impact of a data breach.
Review the Log_User_Browser_Info__c setting. This setting causes raw IP addresses and browser user agent strings to be stored on the submission record. Only enable it if you have a documented, specific need. The default analytics (hashed IP, device category, browser type) are sufficient for most use cases.
Set an appropriate analytics retention period. The default is 365 days. If you do not need a full year, reduce the Analytics_Retention_Days__c value.
Always link to your privacy policy. Use Template 1 (Short Privacy Notice) at minimum on every form that collects personal data.
Use separate consent checkboxes. If you need consent for data processing and separately for marketing, use two distinct checkboxes. Map each to a separate Salesforce field.
Do not collect sensitive data without explicit consent. If your form collects health information, financial data, government IDs, or other sensitive categories, use Template 3c and ensure you have a strong legal basis.
Plan for data subject requests. Know how to find, export, and delete a specific person's form submission data in Salesforce.
Keep your privacy notice up to date. If you change what data your form collects or how you use it, update your privacy notice accordingly.
Test your notice rendering. After adding HTML to customFooterHTML__c, preview your form on both desktop and mobile to ensure the notice is legible and links are functional.
Consider cookie and tracking implications. QuikForms itself does not set cookies on the end-user's browser. However, Cloudflare Turnstile may set cookies as part of bot protection. If your website has a cookie consent banner, ensure it accounts for any cookies set by embedded QuikForms forms.

Quick Reference

Data Collection Summary

Data Point	Stored Where	Default	Optional	Purpose
Form field values	Customer's Salesforce org	Always	No	Core form functionality
Cloudflare Turnstile token	Sent to Cloudflare API	Always (unless CAPTCHA disabled)	Configurable per form	Bot protection
IP address hash (SHA-256 + daily salt)	`QuikForms_Analytics__c`	When analytics enabled	Yes	Unique visitor approximation
Device category	`QuikForms_Analytics__c`	When analytics enabled	Yes	Usage analytics
Browser type	`QuikForms_Analytics__c`	When analytics enabled	Yes	Usage analytics
Referrer domain (hostname only)	`QuikForms_Analytics__c`	When analytics enabled	Yes	Traffic source analytics
Time to complete	`QuikForms_Analytics__c`	When analytics enabled	Yes	Usage analytics
Submission timestamp	Customer's Salesforce org	Always	No	Record metadata
Raw IP address	`Quik_User_IP__c`	Off	Yes (`Log_User_Browser_Info__c`)	Customer-defined purpose
Browser user agent string	`Quik_Browser_User_Agent__c`	Off	Yes (`Log_User_Browser_Info__c`)	Customer-defined purpose
File uploads	Attachments or ContentDocuments	Only on file upload forms	Yes	File collection

Template Selection Guide

Situation	Recommended Templates
Standard contact/inquiry form	Template 1 (footer) + Template 2 (linked page)
Form with marketing opt-in	Template 1 (footer) + Template 3b (marketing checkbox)
Form serving EU/UK visitors	Template 1 (footer) + Template 2 (linked page) + Template 3a or 3c (consent)
Form with IP/browser logging enabled	Template 1 (footer) + Template 4 (IP disclosure) + Template 2 (linked page with IP section)
Form collecting sensitive data	Template 1 (footer) + Template 2 (linked page) + Template 3c (explicit consent)
Simple feedback or survey form	Template 1 (footer)
Form serving California residents	Template 1 (footer) + Template 2 (linked page with CCPA section)

Relevant QuikForms Settings Reference

Setting / Field	Location	Effect on Data Collection
`Analytics_Enabled__c`	`QuikForms_Setting__mdt` (default)	Master toggle for all analytics collection
`Analytics_Retention_Days__c`	`QuikForms_Setting__mdt` (default)	Number of days analytics records are kept (default: 365)
`Log_User_Browser_Info__c`	`FormConfigVersion__c` (per form)	Enables raw IP and user agent storage on submission records
`Disable_Captcha__c`	`FormConfigVersion__c` (per form)	Disables Cloudflare Turnstile for the form
`customHeaderHTML__c`	`FormConfigVersion__c` (per form)	Custom HTML rendered above form fields
`customFooterHTML__c`	`FormConfigVersion__c` (per form)	Custom HTML rendered below form fields (ideal for privacy notices)
`Honeypot_Enabled__c`	`QuikForms_Setting__mdt` (default)	Enables hidden honeypot field for additional bot protection (no user-visible data collected)

Contact: [email protected] | Website: www.sfquikforms.com

This document is provided by QuikForms, LLC as customer guidance material. Customers are responsible for ensuring their forms comply with all applicable privacy laws and regulations in their jurisdictions.

QuikForms Legal

End-User Notice Templates & Compliance Guide

The Three-Party Relationship

Why You Need to Provide Notice

What QuikForms Collects from Form Submitters

Always Collected (for all form submissions)

Collected for Analytics (when analytics is enabled)

Collected Only When You Enable Them

Collected When the Form Includes File Upload Fields

Data Storage and Retention

Template 1: Short Privacy Notice (Form Footer)

Plain Text Version

HTML Version (for customFooterHTML__c)

Customization Instructions

Template 2: Detailed Privacy Notice (Full Page)

Full Template

Placeholder Reference

Template 3: Consent Checkbox Text

3a: General Data Processing Consent

3b: Marketing Communications Opt-In

3c: GDPR-Specific Explicit Consent

3d: Combined Processing + Marketing Consent

Template 4: IP & Browser Logging Disclosure

Short Version (for form footers)

Detailed Version (for privacy policy page)

Combined Footer Example

Compliance Guidance for Customers

Your Obligations Under GDPR

Your Obligations Under CCPA

Consent vs. Legitimate Interest

When Consent Is Typically Required

When Legitimate Interest May Apply

Best Practices

How to Add Notices Using QuikForms

Adding a Privacy Notice to Your Form Footer

Adding a Consent Checkbox

Recommended Privacy Practices for Form Builders

Quick Reference

Data Collection Summary

Template Selection Guide

Relevant QuikForms Settings Reference

HTML Version (for `customFooterHTML__c`)