Email & Form Usage Policy

This page explains how our website forms and email delivery system operate, including security controls, verification mechanisms, and compliance practices.

Overview

Our platform provides a secure, permission-based form submission system designed exclusively for legitimate business communication.

All emails sent through our infrastructure are triggered only by explicit, user-initiated actions. We do not support spam, unsolicited messages, or automated bulk email sending.

Form Submission Flow

The standard workflow is as follows:

User voluntarily submits a form on our website.
All public forms are protected by Cloudflare Turnstile.
Form data is transmitted securely to our backend API.
Server-side validation and abuse checks are performed.
A transactional or confirmation email is sent when appropriate.

Emails are sent only as a direct result of a verified user request.

Backend Integration

Our system supports common backend environments and modern API architectures, including:

PHP (custom handlers or frameworks such as Laravel)
Node.js (Express or serverless APIs)
Python (Flask, FastAPI, or Django)

Each backend endpoint enforces HTTPS, validates input data, verifies CAPTCHA tokens, and applies rate limiting before any email is triggered.

Cloudflare Turnstile Protection

To prevent automated abuse and bot-driven submissions, all forms are protected by Cloudflare Turnstile.

Invisible verification with no user friction
Server-side token verification
Blocks scripted and automated submissions
Prevents form and email endpoint abuse

Email Usage Policy

We follow strict, responsible email sending practices:

Emails are transactional or confirmation-based
No purchased, rented, or scraped email lists
No cold outreach or unsolicited marketing
No bulk or mass email campaigns

Typical use cases include contact confirmations, support replies, and user-requested notifications.

Compliance & Anti-Abuse Measures

Our infrastructure includes multiple layers of protection:

Rate limiting per IP and per session
CAPTCHA verification on all public endpoints
Server-side validation and logging
Continuous abuse monitoring

These measures are designed to align with SendGrid’s Acceptable Use Policy and industry-standard anti-spam practices.

Why This Is Safe for Email Providers

Our email architecture minimizes risk and protects sender reputation:

All emails are user-triggered
No automated or scheduled campaigns
Abuse vectors are blocked at both form and backend levels
Clear user intent is required before sending any email

Contact

If you have any questions regarding our email workflow, security controls, or compliance practices, please contact us at:

support@qbclct.com