Palpaca Palpaca Coming Soon

Acceptable Use Policy

Palpaca Platform

Effective Date: February 16, 2026 Last Updated: February 16, 2026

1. Overview

This Acceptable Use Policy (the “Policy”) sets out the rules governing your use of the Palpaca platform (the “Service”), operated by Sagewill S.r.l., trading as Palpaca, with registered office at Via Panciatichi 16, 50141 Florence (FI), Italy, VAT No. IT07481150485.

This Policy forms part of the Palpaca Terms of Service and applies to all users of the Service, including visitors, registered users, and paying customers. HubSpot’s Developer Terms require that applications in its ecosystem maintain an Acceptable Use Policy; this document fulfils that requirement.

By using the Service, you agree to comply with this Policy. If you violate this Policy, we may suspend or terminate your access to the Service in accordance with the Terms of Service.

2. Intended Use

Palpaca is designed to enable businesses to create custom HubSpot UI Extensions and backend server functions through AI-powered code generation. The Service is intended for lawful business purposes, including:

  • building custom user interfaces within HubSpot CRM;

  • creating backend server functions that extend HubSpot’s capabilities;

  • automating workflows and business processes within the HubSpot ecosystem;

  • displaying, organising, and interacting with CRM data through custom UI components;

  • integrating third-party data sources and services into HubSpot through custom extensions.

You are responsible for ensuring that the extensions and functions you build through the Service comply with all applicable laws, regulations, and HubSpot’s own terms of service and developer policies.

3. Prohibited Content

You may not use the Service to generate, deploy, or distribute code that:

3.1 Illegal or Harmful Content

  • facilitates, promotes, or enables any illegal activity in any applicable jurisdiction;

  • is designed to harass, threaten, defame, or intimidate any individual or group;

  • promotes discrimination or hatred based on race, ethnicity, gender, religion, sexual orientation, disability, or any other protected characteristic;

  • contains or distributes child sexual abuse material or any content that exploits minors;

  • facilitates human trafficking, forced labour, or any form of exploitation.

3.2 Malicious Code

  • introduces malware, viruses, worms, trojans, ransomware, or any other malicious software into HubSpot or any third-party system;

  • creates backdoors, unauthorised access points, or hidden administrative functions;

  • is designed to exfiltrate, scrape, or harvest data from HubSpot portals beyond the scope authorised by the portal owner;

  • exploits known or unknown vulnerabilities in HubSpot’s platform, APIs, or infrastructure;

  • performs denial-of-service attacks or intentionally degrades the performance of HubSpot or any connected system;

  • intercepts, redirects, or tampers with communications between HubSpot and its users.

3.3 Privacy-Violating Code

  • collects, stores, or processes personal data without a valid legal basis under the GDPR, UK GDPR, or other applicable data protection laws;

  • tracks, monitors, or profiles HubSpot users or CRM contacts without appropriate consent or authorisation;

  • transmits personal data to unauthorised third parties;

  • circumvents privacy settings, consent mechanisms, or data access controls within HubSpot;

  • processes special categories of personal data (as defined in Article 9 GDPR) without the additional safeguards required by law.

3.4 Deceptive Code

  • misleads users about its functionality, data collection, or purpose;

  • impersonates HubSpot’s native interface or official features in a way that could confuse users;

  • presents false or misleading information to CRM users or contacts;

  • hides its true functionality or performs undisclosed actions.

4. Prohibited Conduct

In addition to the content restrictions above, you may not:

4.1 Platform Abuse

  • attempt to reverse-engineer, decompile, disassemble, or otherwise derive the source code or underlying algorithms of the Palpaca platform;

  • circumvent, disable, or interfere with any security, rate-limiting, authentication, or access-control features of the Service;

  • use automated tools, bots, or scripts to access the Service or generate code in bulk, except through the Service’s intended interface;

  • access or attempt to access another user’s account, data, or generated code without authorisation;

  • probe, scan, or test the vulnerability of the Service or any related system without prior written consent from Palpaca;

  • intentionally submit prompts designed to cause the AI model to produce harmful, offensive, or policy-violating output.

4.2 Commercial Restrictions

  • resell, redistribute, or sublicense access to the Service itself (this does not restrict your right to use, sell, or distribute your generated code);

  • use the Service to build a product or service that competes directly with Palpaca by offering AI-powered code generation for HubSpot UI Extensions;

  • frame, mirror, or scrape any part of the Service or its content;

  • use the Service to benchmark or evaluate the Service for the purpose of developing a competing product.

4.3 Misrepresentation

  • claim or imply that you are an employee, agent, or official representative of Palpaca;

  • use Palpaca’s trademarks, logos, or branding in a manner that suggests official endorsement or affiliation beyond your status as a customer;

  • misrepresent the capabilities, limitations, or nature of the Service to third parties;

  • present AI-generated code as human-written in contexts where such a distinction is material (e.g., in response to procurement requirements that specify human-authored code).

5. HubSpot Ecosystem Obligations

As a user of Palpaca, you are building within the HubSpot ecosystem. You must comply with HubSpot’s terms and policies, including but not limited to:

  • HubSpot Developer Terms: Your use of HubSpot’s APIs and developer tools is subject to HubSpot’s Developer Terms of Service. You are responsible for reviewing and complying with those terms.

  • OAuth scope limitations: Extensions generated through Palpaca should request only the minimum HubSpot OAuth scopes necessary for their intended functionality. Do not build extensions that request overly broad permissions.

  • Data handling: When your extensions access, display, or process HubSpot CRM data, you must handle that data in accordance with the data protection obligations applicable to your organisation and the expectations of the data subjects whose data you process.

  • User experience: Extensions should provide a clear, honest, and professional user experience within HubSpot. Do not build extensions that degrade the HubSpot user experience, interfere with native HubSpot functionality, or confuse users about the source of information or actions.

  • Incident reporting: If you discover a security vulnerability or data breach related to an extension built through Palpaca, you must notify both Palpaca (at support@palpaca.dev) and HubSpot in accordance with their respective incident reporting requirements.

Palpaca is not responsible for ensuring your compliance with HubSpot’s terms. Violations of HubSpot’s developer policies that result in the removal of your application or restrictions on your HubSpot developer account are your responsibility.

6. Resource Usage and Fair Use

The Service operates on shared infrastructure. To ensure a consistent experience for all users, you agree to:

  • use credits for genuine code generation purposes, not to artificially consume resources or test the limits of the platform;

  • not submit excessively large, repetitive, or meaningless prompts designed to consume credits or AI resources without productive intent;

  • not use the Service to generate code for purposes unrelated to HubSpot UI Extensions or backend server functions (e.g., generating general-purpose software, scripts, or content unrelated to HubSpot);

  • report any bugs, errors, or unintended behaviour in the Service that could be exploited, rather than exploiting them for personal gain.

Palpaca reserves the right to implement rate limits, usage caps, or other measures to ensure fair use of the platform. We will communicate any such measures in advance where practicable.

7. Your Responsibility for Generated Code

You own 100% of the code generated by Palpaca for you, as set out in the Terms of Service. With ownership comes responsibility:

  • Review and testing: You must review and test all generated code before deploying it to a production HubSpot environment. AI-generated code may contain errors, inefficiencies, or security vulnerabilities.

  • Compliance: You are responsible for ensuring that your deployed extensions comply with all applicable laws, regulations, industry standards, and your organisation’s internal policies.

  • Data protection: If your extensions process personal data, you are the data controller and are responsible for ensuring lawful processing, obtaining necessary consents, and implementing appropriate technical and organisational measures.

  • Maintenance: After deployment, you are responsible for maintaining, updating, and patching your extensions, including responding to changes in HubSpot’s platform or APIs.

  • Third-party impact: You are responsible for any impact your extensions have on third parties, including HubSpot users, CRM contacts, and connected systems.

8. Monitoring and Enforcement

8.1 Monitoring

Palpaca may monitor use of the Service to detect violations of this Policy, ensure platform stability, and comply with legal obligations. Monitoring may include analysis of usage patterns, prompt content, generated code metadata, and resource consumption. We do not routinely review the content of your generated code, but we reserve the right to do so where we have reasonable grounds to suspect a violation of this Policy.

8.2 Reporting Violations

If you become aware of any use of the Service that violates this Policy, please report it to support@palpaca.dev. We take all reports seriously and will investigate promptly.

8.3 Enforcement Actions

If we determine, in our reasonable discretion, that you have violated this Policy, we may take one or more of the following actions:

  • issue a warning and request that you cease the violating conduct;

  • temporarily suspend your access to the Service while we investigate;

  • permanently terminate your account and access to the Service;

  • revoke referral credits or other benefits obtained through or in connection with the violating conduct;

  • report the violation to HubSpot, law enforcement, or other relevant authorities where we believe it is necessary or appropriate;

  • pursue any other remedies available under applicable law or the Terms of Service.

8.4 Process

Except where immediate action is necessary to protect the Service, our users, or third parties, we will generally follow this process:

(a) notify you of the suspected violation and the specific provision(s) of this Policy at issue;

(b) provide you with a reasonable opportunity (typically five (5) business days) to explain or cure the violation;

(c) if the violation is confirmed, notify you of the enforcement action we intend to take and the reasons for it.

In cases involving immediate threats (e.g., malicious code, active data exfiltration, or illegal activity), we may suspend your account first and investigate afterwards.

9. Changes to This Policy

We may update this Policy from time to time to reflect changes in the Service, legal requirements, or best practices. Changes will be communicated via the email address associated with your account at least fifteen (15) days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

The latest version of this Policy is always available at palpaca.dev/legal/acceptable-use.

10. Contact

For any questions regarding this Policy, or to report a violation, please contact:

Sagewill S.r.l., trading as Palpaca

Via Panciatichi 16, 50141 Florence (FI), Italy

support@palpaca.dev