ultimate-jekyll-manager 0.0.269 → 0.0.271

package/CHANGELOG.md

@@ -14,6 +14,19 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
+---
+## [Unreleased]
+### Added
+- Quick boot mode (`UJ_QUICK=true`) for faster dev server startup (~5s vs ~20s) by skipping clean, slow setup operations, and deferring webpack/sass compilation until after Jekyll's first build
+
+### Changed
+- Add `onsubmit="return false"` to all JS-managed forms as a safety net against native submission before FormManager loads
+- Checkout payment method buttons start hidden and are revealed via `data-wm-bind` when payment methods load
+- Remove development-only guard from click prevention logging in body.html
+
+### Fixed
+- Add dev-only artificial pre-delay support to checkout page for testing form protection timing
+
 ---
 ## [1.0.0] - 2024-06-19
 ### Added

package/CLAUDE.md

@@ -595,6 +595,42 @@ Selectively protect non-standard elements that trigger important actions:
 - **Click Prevention:** `src/defaults/dist/_includes/core/body.html` - Inline script
 - **State Removal:** `src/assets/js/core/complete.js` - Removes loading state
 
+### Form Protection Standards
+
+All JS-managed forms use a layered protection strategy to prevent native form submission before JavaScript takes control:
+
+#### Layer 1: `onsubmit="return false"` on ALL JS-managed forms
+
+Every `<form>` that will be managed by FormManager MUST include `onsubmit="return false"`:
+
+```html
+<form id="my-form" onsubmit="return false">
+```
+
+This is a zero-cost safety net that prevents native form submission if a user clicks submit before FormManager attaches its `e.preventDefault()` handler. FormManager's own submit handling overrides this — there is no conflict.
+
+**Exception:** Traditional forms with an `action` attribute that intentionally navigate (e.g., search forms, external form submissions) should NOT include this.
+
+#### Layer 2: Button initial state based on use case
+
+| Use Case | Initial State | Mechanism |
+|----------|---------------|-----------|
+| Buttons dependent on async data (checkout payment methods) | `hidden` | `data-wm-bind="@show ..."` reveals when data loads |
+| Buttons on auth/sensitive forms | `disabled` | FormManager's `ready()` removes `disabled` |
+| Buttons on simple forms (contact, newsletter) | Default (visible) | FormManager's `autoReady: true` enables quickly |
+
+#### Layer 3: FormManager `autoReady` configuration
+
+| Scenario | `autoReady` | `ready()` call |
+|----------|-------------|----------------|
+| No async work before form init | `true` (default) | Automatic on DOM ready |
+| Async work before form init (API calls, redirects) | `false` | Explicit call after async completes |
+
+**Reference implementations:**
+- Simple form: `src/assets/js/pages/contact/index.js`
+- Auth form: `src/assets/js/libs/auth.js`
+- Async data form: `src/assets/js/pages/payment/checkout/index.js`
+
 ## Lazy Loading System
 
 Ultimate Jekyll uses a custom lazy loading system powered by web-manager.

package/README.md

@@ -314,6 +314,16 @@ Add the `.btn-action` class to protect custom elements that trigger important ac
 **Use `.btn-action` for:** API calls, form submissions, data modifications, payments, destructive actions
 **Don't use for:** Navigation, UI toggles, modals, accordions, harmless interactions
 
+#### Form Protection Standards
+
+All JS-managed forms use a layered protection strategy:
+
+1. **`onsubmit="return false"`** on every `<form>` managed by FormManager — prevents native submission before JS loads
+2. **Button initial state** — buttons dependent on async data start `hidden` (revealed by `data-wm-bind`); auth buttons start `disabled` (enabled by FormManager's `ready()`)
+3. **FormManager `autoReady`** — use `autoReady: false` when async work happens before form init, call `ready()` explicitly after
+
+**Exception:** Traditional forms with an `action` attribute that intentionally navigate should NOT include `onsubmit="return false"`.
+
 ### Ad Units (Verts)
 
 UJ provides ad unit includes that display Google AdSense ads with automatic fallback to in-house promo-server ads when AdSense is blocked or unfilled.

package/dist/assets/css/pages/account/index.scss

@@ -64,21 +64,38 @@
   }
 }
 
-// Delete account section styles
+// Shared styles for data-request and delete sections
+#data-request-section,
 #delete-section {
-  .card.border-danger {
+  .card-form-border {
     border-width: 2px;
   }
 
+  .form-check-label {
+    user-select: none;
+  }
+
+  .accordion-trigger {
+    background: none;
+    border: none;
+    padding: 0;
+    font: inherit;
+    color: inherit;
+    cursor: pointer;
+
+    &:focus {
+      outline: none;
+    }
+  }
+}
+
+// Delete account section styles
+#delete-section {
   #delete-account-btn {
     &:disabled {
       opacity: 0.5;
       cursor: not-allowed;
     }
   }
-
-  .form-check-label {
-    user-select: none;
-  }
 }
 

package/dist/assets/js/libs/auth.js

@@ -114,6 +114,7 @@ export default function (Manager) {
     formManager = new FormManager('#auth-form', {
       autoReady: false, // We'll call ready() after checking redirect result
       allowResubmit: false,
+      warnOnUnsavedChanges: false,
       submittingText: 'Signing in...',
       submittedText: 'Signed In!',
     });
@@ -128,6 +129,7 @@ export default function (Manager) {
     formManager = new FormManager('#auth-form', {
       autoReady: false, // We'll call ready() after checking redirect result
       allowResubmit: false,
+      warnOnUnsavedChanges: false,
       submittingText: 'Creating account...',
       submittedText: 'Account Created!',
     });
@@ -142,6 +144,7 @@ export default function (Manager) {
     formManager = new FormManager('#auth-form', {
       autoReady: false, // We'll call ready() after checking redirect result
       allowResubmit: false,
+      warnOnUnsavedChanges: false,
       submittingText: 'Sending...',
       submittedText: 'Email Sent!',
     });

package/dist/assets/js/pages/account/index.js

@@ -8,6 +8,7 @@ import * as teamSection from './sections/team.js';
 import * as referralsSection from './sections/referrals.js';
 import * as apiKeysSection from './sections/api-keys.js';
 import * as deleteSection from './sections/delete.js';
+import * as dataRequestSection from './sections/data-request.js';
 import * as connectionsSection from './sections/connections.js';
 let webManager = null;
 
@@ -47,6 +48,7 @@ const sectionModules = {
   referrals: referralsSection,
   'api-keys': apiKeysSection,
   delete: deleteSection,
+  'data-request': dataRequestSection,
   connections: connectionsSection
 };
 
@@ -62,10 +64,13 @@ async function initializeAccount() {
   // Setup navigation
   setupNavigation();
 
-  // Check if delete hash is present on initial load
+  // Check if delete/data-request hash is present on initial load
   if (window.location.hash === '#delete') {
     showDeleteOption();
   }
+  if (window.location.hash === '#data-request') {
+    showDataRequestOption();
+  }
 
   // Initialize all section modules
   Object.values(sectionModules).forEach(module => {
@@ -180,6 +185,10 @@ function loadAllSectionData(authState) {
     sectionModules.delete.loadData(account);
   }
 
+  if (sectionModules['data-request'] && sectionModules['data-request'].loadData) {
+    sectionModules['data-request'].loadData(account);
+  }
+
   if (sectionModules.connections.loadData) {
     sectionModules.connections.loadData(account, appData);
   }
@@ -219,10 +228,13 @@ function setupNavigation() {
 function handleHashChange() {
   const hash = window.location.hash.slice(1);
 
-  // Show delete nav item and mobile option if hash is delete
+  // Show hidden nav items based on hash
   if (hash === 'delete') {
     showDeleteOption();
   }
+  if (hash === 'data-request') {
+    showDataRequestOption();
+  }
 
   if (hash) {
     // Check if the section exists
@@ -264,6 +276,27 @@ function showDeleteOption() {
   }
 }
 
+// Show data request option in navigation
+function showDataRequestOption() {
+  // Show desktop nav item
+  const $dataRequestNavItem = document.getElementById('data-request-nav-item');
+  if ($dataRequestNavItem) {
+    $dataRequestNavItem.classList.remove('d-none');
+  }
+
+  // Add mobile dropdown option if not exists
+  const $mobileNavSelect = document.getElementById('mobile-nav-select');
+  if ($mobileNavSelect) {
+    const dataRequestOption = $mobileNavSelect.querySelector('option[value="data-request"]');
+    if (!dataRequestOption) {
+      const option = document.createElement('option');
+      option.value = 'data-request';
+      option.textContent = 'Data Request';
+      $mobileNavSelect.appendChild(option);
+    }
+  }
+}
+
 // Hide all sections except loading
 function hideAllSectionsExceptLoading() {
   $sections.forEach(section => {

package/dist/assets/js/pages/account/sections/data-request.js

@@ -0,0 +1,253 @@
+/**
+ * Data Request Section JavaScript
+ */
+
+// Libraries
+import { FormManager } from '__main_assets__/js/libs/form-manager.js';
+import authorizedFetch from '__main_assets__/js/libs/authorized-fetch.js';
+
+let webManager = null;
+let formManager = null;
+let downloadFormManager = null;
+let cancelFormManager = null;
+
+// Initialize data-request section
+export async function init(wm) {
+  webManager = wm;
+  setupDataRequestForm();
+  setupDownloadButton();
+  setupCancelButton();
+}
+
+// Setup data request form
+function setupDataRequestForm() {
+  const $form = document.getElementById('data-request-form');
+  const $checkbox1 = document.getElementById('data-request-confirm-checkbox');
+  const $checkbox2 = document.getElementById('data-request-deletion-checkbox');
+  const $submitBtn = document.getElementById('data-request-submit-btn');
+
+  if (!$form || !$checkbox1 || !$checkbox2 || !$submitBtn) {
+    return;
+  }
+
+  formManager = new FormManager('#data-request-form', {
+    allowResubmit: false,
+    submittingText: 'Submitting request...',
+    submittedText: 'Request Submitted',
+  });
+
+  // Enable/disable submit button based on both checkboxes
+  function updateSubmitState() {
+    $submitBtn.disabled = !($checkbox1.checked && $checkbox2.checked);
+  }
+
+  $checkbox1.addEventListener('change', updateSubmitState);
+  $checkbox2.addEventListener('change', updateSubmitState);
+
+  formManager.on('submit', async ({ data }) => {
+    if (!$checkbox1.checked || !$checkbox2.checked) {
+      throw new Error('Please confirm all acknowledgments before submitting.');
+    }
+
+    trackDataRequest('submit');
+
+    const response = await authorizedFetch(`${webManager.getApiUrl()}/backend-manager/user/data-request`, {
+      method: 'POST',
+      timeout: 30000,
+      response: 'json',
+      tries: 2,
+      body: {
+        confirmed: true,
+        reason: data.reason || '',
+      },
+    });
+
+    if (response.error) {
+      throw new Error(response.message || 'Failed to submit data request. Please try again later.');
+    }
+
+    formManager.showSuccess('Your data request has been submitted. Please check back in up to 14 business days.');
+
+    showRequestStatus(response.request);
+  });
+}
+
+// Setup download form
+function setupDownloadButton() {
+  const $form = document.getElementById('data-request-download-form');
+
+  if (!$form) {
+    return;
+  }
+
+  downloadFormManager = new FormManager('#data-request-download-form', {
+    allowResubmit: false,
+    submittingText: 'Downloading...',
+    submittedText: 'Downloaded!',
+  });
+
+  downloadFormManager.on('submit', async () => {
+    const response = await authorizedFetch(`${webManager.getApiUrl()}/backend-manager/user/data-request?action=download`, {
+      method: 'GET',
+      timeout: 60000,
+      response: 'json',
+    });
+
+    if (response.error || !response.data) {
+      throw new Error(response.message || 'Failed to download data.');
+    }
+
+    trackDataRequest('download');
+
+    // Trigger file download
+    const blob = new Blob([JSON.stringify(response.data, null, 2)], { type: 'application/json' });
+    const url = URL.createObjectURL(blob);
+    const $a = document.createElement('a');
+    $a.href = url;
+    $a.download = `my-data-${new Date().toISOString().split('T')[0]}.json`;
+    document.body.appendChild($a);
+    $a.click();
+    document.body.removeChild($a);
+    URL.revokeObjectURL(url);
+  });
+}
+
+// Setup cancel form
+function setupCancelButton() {
+  const $form = document.getElementById('data-request-cancel-form');
+
+  if (!$form) {
+    return;
+  }
+
+  cancelFormManager = new FormManager('#data-request-cancel-form', {
+    allowResubmit: true,
+    submittingText: 'Withdrawing...',
+  });
+
+  cancelFormManager.on('submit', async () => {
+    const response = await authorizedFetch(`${webManager.getApiUrl()}/backend-manager/user/data-request`, {
+      method: 'DELETE',
+      timeout: 30000,
+      response: 'json',
+    });
+
+    if (response.error) {
+      throw new Error(response.message || 'Failed to withdraw request.');
+    }
+
+    trackDataRequest('cancel');
+
+    showRequestForm();
+  });
+}
+
+// Load data (called when auth state resolves)
+export async function loadData() {
+  // Status is checked lazily in onShow
+}
+
+// Called when section is shown
+export async function onShow() {
+  await checkRequestStatus();
+}
+
+// Check request status from backend
+async function checkRequestStatus() {
+  try {
+    const response = await authorizedFetch(`${webManager.getApiUrl()}/backend-manager/user/data-request`, {
+      method: 'GET',
+      timeout: 30000,
+      response: 'json',
+    });
+
+    if (response.request) {
+      showRequestStatus(response.request);
+    } else {
+      showRequestForm();
+    }
+  } catch (error) {
+    // No active request or error — show form
+    showRequestForm();
+  }
+}
+
+// Show request status UI
+function showRequestStatus(request) {
+  const $status = document.getElementById('data-request-status');
+  const $statusTitle = document.getElementById('data-request-status-title');
+  const $statusMessage = document.getElementById('data-request-status-message');
+  const $download = document.getElementById('data-request-download');
+  const $cancel = document.getElementById('data-request-cancel');
+  const $formContainer = document.getElementById('data-request-form-container');
+  const $formTrigger = document.getElementById('data-request-form-trigger');
+
+  if (!$status) {
+    return;
+  }
+
+  if (request.status === 'expired') {
+    showRequestForm();
+    return;
+  }
+
+  $status.classList.remove('d-none');
+  $formContainer.classList.add('d-none');
+  if ($formTrigger) {
+    $formTrigger.classList.add('d-none');
+  }
+
+  const createdDate = new Date(request.createdAt).toLocaleDateString();
+
+  if (request.status === 'complete') {
+    $statusTitle.textContent = 'Your data is ready';
+    $statusMessage.textContent = `Your data request from ${createdDate} has been processed. Click below to download your data package. This download will expire 30 days after your data became available.`;
+    $download.classList.remove('d-none');
+    if (downloadFormManager) {
+      downloadFormManager.reset();
+    }
+    $cancel.classList.add('d-none');
+
+    trackDataRequest('download_available');
+  } else {
+    $statusTitle.textContent = 'Request pending';
+    $statusMessage.textContent = `Your data request was submitted on ${createdDate}. Processing may take up to 14 business days. Please check back later.`;
+    $download.classList.add('d-none');
+    $cancel.classList.remove('d-none');
+    if (cancelFormManager) {
+      cancelFormManager.reset();
+    }
+  }
+}
+
+// Show request form UI
+function showRequestForm() {
+  const $status = document.getElementById('data-request-status');
+  const $formContainer = document.getElementById('data-request-form-container');
+  const $formTrigger = document.getElementById('data-request-form-trigger');
+
+  if (!$status || !$formContainer) {
+    return;
+  }
+
+  $status.classList.add('d-none');
+  $formContainer.classList.remove('d-none');
+  if ($formTrigger) {
+    $formTrigger.classList.remove('d-none');
+  }
+}
+
+// Tracking
+function trackDataRequest(action) {
+  gtag('event', 'data_request', {
+    action: action,
+  });
+  fbq('trackCustom', 'DataRequest', {
+    action: action,
+  });
+  ttq.track('ViewContent', {
+    content_id: `data-request-${action}`,
+    content_type: 'product',
+    content_name: `Data Request ${action}`,
+  });
+}

package/dist/assets/js/pages/account/sections/delete.js

@@ -18,11 +18,11 @@ export async function init(wm) {
 // Setup delete account form
 function setupDeleteAccountForm() {
   const $form = document.getElementById('delete-account-form');
-  const $checkbox = document.getElementById('delete-confirm-checkbox');
+  const $checkbox1 = document.getElementById('delete-confirm-checkbox');
+  const $checkbox2 = document.getElementById('delete-data-request-checkbox');
   const $deleteBtn = document.getElementById('delete-account-btn');
-  const $cancelBtn = document.getElementById('cancel-delete-btn');
 
-  if (!$form || !$checkbox || !$deleteBtn) {
+  if (!$form || !$checkbox1 || !$checkbox2 || !$deleteBtn) {
     return;
   }
 
@@ -32,23 +32,18 @@ function setupDeleteAccountForm() {
     submittedText: 'Account Deleted!',
   });
 
-  // Enable/disable delete button based on checkbox
-  $checkbox.addEventListener('change', (e) => {
-    $deleteBtn.disabled = !e.target.checked;
-  });
-
-  // Handle cancel button
-  if ($cancelBtn) {
-    $cancelBtn.addEventListener('click', () => {
-      // Navigate back to profile
-      window.location.hash = 'profile';
-    });
+  // Enable/disable delete button based on both checkboxes
+  function updateDeleteState() {
+    $deleteBtn.disabled = !($checkbox1.checked && $checkbox2.checked);
   }
 
+  $checkbox1.addEventListener('change', updateDeleteState);
+  $checkbox2.addEventListener('change', updateDeleteState);
+
   formManager.on('submit', async ({ data }) => {
-    // Check if checkbox is checked
-    if (!$checkbox.checked) {
-      throw new Error('Please confirm that you understand this action is permanent.');
+    // Check if both checkboxes are checked
+    if (!$checkbox1.checked || !$checkbox2.checked) {
+      throw new Error('Please confirm all acknowledgments before proceeding.');
     }
 
     // 1ms wait for dialog to appear properly

package/dist/assets/js/pages/payment/checkout/index.js

@@ -73,6 +73,18 @@ async function initializeCheckout() {
       initializeRecaptcha(webManager.config?.recaptcha?.['site-key'], webManager),
     ]);
 
+    /* @dev-only:start */
+    {
+      const _dev_preDelay = urlParams.get('_dev_preDelay');
+      if (_dev_preDelay) {
+        const delayMs = parseInt(_dev_preDelay, 10) || 5000;
+        console.warn(`[Checkout Dev] Artificial pre-delay: ${delayMs}ms`);
+        await new Promise(resolve => setTimeout(resolve, delayMs));
+        console.warn('[Checkout Dev] Pre-delay complete');
+      }
+    }
+    /* @dev-only:end */
+
     // App config is required
     if (appConfigResult.status === 'rejected') {
       const reason = appConfigResult.reason?.message || appConfigResult.reason || 'Unknown error';

package/dist/build.js

@@ -98,6 +98,12 @@ Manager.isBuildMode = function () {
 }
 Manager.prototype.isBuildMode = Manager.isBuildMode;
 
+// isQuickMode
+Manager.isQuickMode = function () {
+  return process.env.UJ_QUICK === 'true';
+}
+Manager.prototype.isQuickMode = Manager.isQuickMode;
+
 // actLikeProduction - determines if we should act like production mode
 Manager.actLikeProduction = function () {
   return Boolean(Manager.isBuildMode() || process.env.UJ_AUDIT_FORCE === 'true');

package/dist/commands/clean.js

@@ -18,6 +18,16 @@ const dirs = [
 module.exports = async function (options) {
   options = options || {};
 
+  // Quick mode: skip clean to reuse existing build artifacts
+  if (Manager.isQuickMode()) {
+    if (!jetpack.exists('dist') || !jetpack.exists('_site')) {
+      logger.log('Quick mode: No existing build, running full clean');
+    } else {
+      logger.log('Quick mode: Skipping clean');
+      return;
+    }
+  }
+
   // Build list of directories to clean
   const dirsToClean = [...dirs];
 

package/dist/commands/setup.js

@@ -41,6 +41,19 @@ module.exports = async function (options) {
   options.deduplicatePosts = options.deduplicatePosts !== 'false';
   options.migrate = options.migrate !== 'false';
 
+  // Quick mode: skip slow/network operations
+  if (Manager.isQuickMode()) {
+    logger.log('Quick mode: Skipping slow setup operations');
+    options.checkManager = false;
+    options.checkNode = false;
+    options.checkRuby = false;
+    options.checkBundle = false;
+    options.checkPeerDependencies = false;
+    options.fetchFirebaseAuth = false;
+    options.publishGitHubToken = false;
+    options.deduplicatePosts = false;
+  }
+
   // Log
   logger.log(`Welcome to ${package.name} v${package.version}!`);
   logger.log(`options`, options);

package/dist/defaults/dist/_includes/core/body.html

@@ -101,10 +101,8 @@
           && target.closest('button, input[type="submit"], input[type="button"], input[type="reset"], .btn-action')
         )
       ) {
-        // Log disabled click attempt in development
-        if (window.location.hostname === 'localhost' || window.location.hostname.startsWith('192.168')) {
-          console.log('Click prevented (disabled):', target);
-        }
+        // Log the click for debugging
+        console.log('Click prevented (disabled):', target);
 
         // Prevent all actions
         e.preventDefault();

package/dist/defaults/dist/_layouts/blueprint/legal/privacy.md

@@ -70,6 +70,7 @@ In the event of a change of control, if we sell or otherwise transfer part or th
 
 ### Your Choices About Your Information:
 Your account information and profile privacy settings can be updated or changed by visiting your account profile at [{{ site.url }}/account]({{ site.url }}/account) or by contacting {{ brand }} directly at [{{ site.url }}/contact]({{ site.url }}/contact).
+- You may request a copy of your personal data by visiting [{{ site.url }}/account]({{ site.url }}/account#data-request).
 - You may request to have your account deleted by visiting your account profile at [{{ site.url }}/account]({{ site.url }}/account#delete).
 - You may request to unsubscribe from emails by clicking the "unsubscribe" link inside the email.
 
@@ -80,7 +81,27 @@ When it comes to the collection of personal information from children under 13,
 By opting in to receive SMS communications from {{ brand }}, you agree to receive marketing text messages, such as promotions and cart reminders, from us. Consent to receive marketing text messages is not a condition of any purchase. Message and data rates may apply, and the frequency of messages may vary. You may unsubscribe from receiving SMS messages at any time by replying “STOP” to any message or by clicking the unsubscribe link provided in our communications. For more information about our privacy practices, please refer to this Privacy Policy or our [Terms of Service]({{ site.url }}/terms/).
 
 ## Request Your Data to Be Removed or Deleted
-If you would like your personally identifiable information to be deleted from our database, you can request deletion here: [{{ site.url }}/account]({{ site.url }}/account#delete).
+Under applicable data protection regulations including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), you have the right to request the deletion of the personal data we hold about you. Account deletion is a permanent, irreversible action that cannot be undone under any circumstances.
+
+To request deletion, visit your account page here: [{{ site.url }}/account]({{ site.url }}/account#delete). Please read the following important information before proceeding:
+
+* **Permanent and irreversible:** Once your account is deleted, all personal data associated with your account will be permanently removed from our systems. This includes your profile information, subscription and billing history, activity logs, API keys, OAuth2 connections, referral data, and all other stored information. There is no mechanism to recover any data after deletion.
+* **Active subscriptions:** You must cancel any active paid subscriptions before deleting your account. Accounts with active or suspended paid subscriptions cannot be deleted until the subscription is cancelled or expires.
+* **Pending data requests:** If you have a pending data request (Subject Access Request), it will be permanently cancelled upon account deletion. We will not be able to fulfill data requests after your account has been deleted. If you wish to obtain a copy of your data, you must complete the data request and download process **before** initiating account deletion.
+* **Immediate effect:** Account deletion takes effect immediately. You will be signed out of all active sessions and will no longer be able to access any services associated with your account.
+* **Third-party services:** While we will remove your data from our systems, we cannot guarantee the removal of data that has already been shared with or collected by third-party services you may have used in connection with your account. Please refer to the privacy policies of those services for information about their data retention practices.
+
+## Request a Copy of Your Data
+Under applicable data protection regulations including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other similar legislative frameworks, you may have the right to request a copy of the personal data we hold about you. This is commonly referred to as a Subject Access Request (SAR) or a Data Portability Request.
+
+To submit a data request, visit your account page here: [{{ site.url }}/account]({{ site.url }}/account#data-request). Please read the following important information before submitting your request:
+
+* **Processing time:** Data requests may take up to **14 business days** to process. The compilation and verification of your data is performed manually by our data processing team to ensure accuracy, completeness, and security.
+* **Download only — no email delivery:** For security purposes, your data will **not** be sent via email or any other communication channel. You must return to your account page to download your data once it is ready. We do not consider email to be a sufficiently secure medium for the transmission of personally identifiable information.
+* **Data unavailable after account deletion:** If you delete your account before downloading your data, all personal information will be permanently and irreversibly removed from our systems. We will not be able to fulfill any pending data requests after account deletion. If you wish to both request your data and delete your account, you must download your data **before** initiating account deletion.
+* **Download expiration:** Completed data requests will be available for download for 30 days after processing is complete. After this period, the request will expire and you will need to submit a new request.
+* **Request limits:** You are limited to one active data request at a time. After a completed request, there is a 30-day cooldown period before a new request can be submitted.
+* **Data format:** Your data will be provided as a downloadable JSON file containing your account information, authentication records, subscription history, activity data, and other personally identifiable information associated with your account.
 
 ## Acceptance of This Policy
 Use of our site signifies your acceptance of this policy. If you do not accept the policy then please do not use this site. When registering, we will further request your explicit acceptance of the privacy policy.

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/account/index.html

@@ -48,6 +48,9 @@ sections:
   - id: "api-keys"
     name: "API Keys"
     icon: "key"
+  - id: "data-request"
+    name: "Data Request"
+    icon: "file-export"
   - id: "delete"
     name: "Delete Account"
     icon: "trash"
@@ -133,7 +136,7 @@ badges:
     <div class="d-flex align-items-center justify-content-between py-3">
       <!-- Left: Brand -->
       <a href="/" class="d-flex align-items-center text-decoration-none text-body">
-        <span class="avatar avatar-md filter-adaptive me-3">
+        <span class="avatar avatar-md me-3">
           <img src="{{ site.brand.images.brandmark }}?cb={{ site.uj.cache_breaker }}" alt="{{ site.brand.name }}"/>
         </span>
         <h1 class="h5 mb-0 fw-semibold">{{ site.brand.name }} Account</h1>
@@ -153,13 +156,13 @@ badges:
         <div class="d-flex gap-2">
           <select class="form-select flex-grow-1" id="mobile-nav-select" aria-label="Select account section">
             {% for section in page.resolved.sections %}
-              {% unless section.id == 'delete' %}
+              {% unless section.id == 'delete' or section.id == 'data-request' %}
                 <option value="{{ section.id }}" {% if forloop.first %}selected{% endif %}>
                   {{ section.name }}
                 </option>
               {% endunless %}
             {% endfor %}
-            <!-- Delete option will be added dynamically by JavaScript when needed -->
+            <!-- Delete and Data Request options will be added dynamically by JavaScript when needed -->
           </select>
           <button class="btn btn-danger auth-signout-btn">
             {% uj_icon "arrow-right-from-bracket", "fa-sm" %}
@@ -181,7 +184,7 @@ badges:
         <div class="card-body p-3">
           <ul class="nav nav-pills flex-column" id="account-nav" role="tablist" aria-label="Account sections">
             {% for section in page.resolved.sections %}
-              <li class="nav-item {% if section.id == 'delete' %}d-none{% endif %}" id="{{ section.id }}-nav-item">
+              <li class="nav-item {% if section.id == 'delete' or section.id == 'data-request' %}d-none{% endif %}" id="{{ section.id }}-nav-item">
                 <a class="nav-link d-flex align-items-center {% if forloop.first %}active{% endif %}"
                   href="#{{ section.id }}"
                   data-section="{{ section.id }}"
@@ -222,7 +225,7 @@ badges:
       <section id="profile-section" class="account-section d-none">
         <h2 class="h3 mb-4" >My profile</h2>
 
-        <form id="profile-form" novalidate>
+        <form id="profile-form" novalidate onsubmit="return false">
           <!-- Avatar and Edit Button -->
           <div class="mb-4">
             <div class="d-flex align-items-center">
@@ -817,7 +820,7 @@ badges:
                     </div>
                   </div>
                   <div class="flex-shrink-0">
-                    <form id="signin-method-{{ method.id }}-form" class="d-grid d-sm-inline-block" novalidate>
+                    <form id="signin-method-{{ method.id }}-form" class="d-grid d-sm-inline-block" novalidate onsubmit="return false">
                       <input type="hidden" name="method" value="{{ method.id }}">
                       {% if method.id == "password" %}
                         <button type="submit" class="btn btn-primary btn-sm" data-action="change">
@@ -859,7 +862,7 @@ badges:
           <div class="card-body">
             <div class="d-flex justify-content-between align-items-center mb-3">
               <h5 class="card-title mb-0">Active sessions</h5>
-              <form id="signout-all-sessions-form" class="d-inline" novalidate>
+              <form id="signout-all-sessions-form" class="d-inline" novalidate onsubmit="return false">
                 <input type="hidden" name="action" value="signout-all">
                 <button type="submit" class="btn btn-outline-danger btn-sm">
                   {% uj_icon "right-from-bracket", "me-1" %}
@@ -919,7 +922,7 @@ badges:
                     </div>
                     <div class="text-start text-sm-end flex-shrink-0">
                       <div>
-                        <form id="connection-form-{{ connection.id }}" class="d-grid d-sm-inline-block" novalidate>
+                        <form id="connection-form-{{ connection.id }}" class="d-grid d-sm-inline-block" novalidate onsubmit="return false">
                           <input type="hidden" name="provider" value="{{ connection.id }}">
                           <!-- Connect button -->
                           <button type="submit" class="btn btn-sm btn-primary" data-action="connect">
@@ -1090,7 +1093,7 @@ badges:
           <div class="card-body">
             <div class="d-flex justify-content-between align-items-center mb-3">
               <h5 class="card-title mb-0">Your API key</h5>
-              <form id="reset-api-key-form" class="d-inline" novalidate>
+              <form id="reset-api-key-form" class="d-inline" novalidate onsubmit="return false">
                 <button type="submit" class="btn btn-outline-danger btn-sm" id="reset-api-key-btn">
                   {% uj_icon "rotate", "me-1" %}
                   <span class="button-text">
@@ -1126,54 +1129,228 @@ badges:
         </div>
       </section>
 
+      <!-- Data Request Section (Hidden by default) -->
+      <section id="data-request-section" class="account-section d-none">
+        <h2 class="h3 mb-4">Request your data</h2>
+
+        <!-- Info card (always shown) -->
+        <div class="card mb-4">
+          <div class="card-body">
+            <h5 class="card-title text-primary">
+              {% uj_icon "file-shield", "fa-lg me-2" %}
+              About Data Subject Access Requests
+            </h5>
+            <p class="card-text small text-muted">
+              Under applicable data protection regulations including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other similar legislative frameworks enacted by governmental bodies around the world, you may have the right to request a copy of the personal data we hold about you. This process is commonly referred to as a Subject Access Request (SAR) or a Data Portability Request. It is important that you understand the full scope, limitations, and procedural requirements of this request before proceeding. Please read the following information carefully and in its entirety before submitting a request.
+            </p>
+            <p class="card-text small text-muted">
+              When you submit a data request, our data processing team will begin the process of compiling the personal information associated with your account. This may include, but is not limited to: your name, email address, account creation date, account activity logs, subscription and billing history (including payment processor identifiers and transaction records), geolocation data collected during your use of our services (such as IP address, approximate location derived from IP, continent, country, region, and city), device and browser information (including user agent strings, platform identifiers, and viewport characteristics), API usage statistics and rate limiting data, referral and affiliate information, OAuth2 connection records, and any other data points stored in connection with your account in our systems.
+            </p>
+            <p class="card-text small text-muted">
+              The compilation and verification process is performed by our data processing team to ensure the accuracy, completeness, and security of the information provided to you. Due to the manual verification steps involved in this process and the need to ensure that data is being released to the correct account holder, this process may take up to <strong>14 business days</strong> from the date of your request submission to complete. We appreciate your patience during this time and ask that you do not submit duplicate requests, as this will not expedite the process and may in fact delay it.
+            </p>
+            <p class="card-text small text-muted">
+              Once your data has been compiled, verified, and is ready for retrieval, you will need to <strong>return to this page</strong> to download it. For security purposes, we do not transmit personal data via email, SMS, or any other communication channel, as these methods are not considered sufficiently secure mediums for the transmission of personally identifiable information. The data will be made available exclusively through this authenticated account interface to ensure that only the verified account holder can access it. Your data package will be provided as a JSON file containing all of the aforementioned data categories.
+            </p>
+            <p class="card-text small text-muted">
+              <strong>Important notice regarding account deletion:</strong> If you choose to delete your account at any point, all personal data associated with your account will be permanently and irreversibly removed from our systems in accordance with our data retention policy. Once your account has been deleted, we will no longer be able to process any pending data requests, nor will we be able to provide you with a copy of your data retroactively. There is no mechanism to recover data after account deletion. If you are considering both requesting your data and deleting your account, you must complete the data request process in full and download your data package <strong>before</strong> initiating the account deletion process. We strongly recommend downloading and verifying your data before taking any irreversible actions with your account.
+            </p>
+            <p class="card-text small text-muted">
+              You are limited to one active data request at a time. If you have previously submitted a request that is still being processed, you will not be able to submit a new request until the current one has been completed or has expired. Additionally, after a completed data request, there is a 30-day cooldown period before a new request can be submitted. These limitations exist to prevent abuse of the system and to ensure that our data processing team can handle all requests in a timely and thorough manner. Excessive or abusive use of this feature may result in additional restrictions being applied to your account in accordance with our Terms of Service.
+            </p>
+
+            <hr>
+
+            <h6 class="text-muted">Summary of key points:</h6>
+            <ul class="small text-muted">
+              <li>Processing time: up to <strong>14 business days</strong></li>
+              <li>You must return to this page to download your data</li>
+              <li>Data is <strong>not</strong> sent via email for security reasons</li>
+              <li>Data is permanently unavailable after account deletion</li>
+              <li>Only one active request at a time</li>
+              <li>30-day cooldown between completed requests</li>
+              <li>Data is provided as a downloadable JSON file</li>
+            </ul>
+
+            <p id="data-request-form-trigger" class="card-text small text-muted mb-0">
+              If you have read and understood all of the information above and still wish to proceed with your data subject access request, you may proceed to <button type="button" class="accordion-trigger small text-muted text-decoration-underline" data-bs-toggle="collapse" data-bs-target="#data-request-form-accordion" aria-expanded="false" aria-controls="data-request-form-accordion">submit your request &rarr;</button>.
+            </p>
+          </div>
+        </div>
+
+        <!-- Status area (shown when a request exists) -->
+        <div id="data-request-status" class="d-none mb-4">
+          <div class="card">
+            <div class="card-body">
+              <h5 class="card-title">
+                {% uj_icon "clock", "fa-lg me-2" %}
+                <span id="data-request-status-title">Request Status</span>
+              </h5>
+              <p id="data-request-status-message" class="card-text text-muted"></p>
+              <div id="data-request-download" class="d-none">
+                <form id="data-request-download-form" onsubmit="return false">
+                  <button type="submit" class="btn btn-primary btn-sm" id="data-request-download-btn">
+                    {% uj_icon "download", "fa-sm me-2" %}
+                    <span class="button-text">Download your data</span>
+                  </button>
+                </form>
+              </div>
+              <div id="data-request-cancel" class="d-none">
+                <form id="data-request-cancel-form" onsubmit="return false">
+                  <button type="submit" class="btn btn-primary btn-sm" id="data-request-cancel-btn">
+                    {% uj_icon "rotate-left", "fa-sm me-2" %}
+                    <span class="button-text">Request withdrawal</span>
+                  </button>
+                </form>
+              </div>
+            </div>
+          </div>
+        </div>
+
+        <!-- Request form (hidden when a request is pending) -->
+        <div id="data-request-form-container">
+          <div class="collapse" id="data-request-form-accordion">
+            <div class="card card-form-border border-primary mt-4">
+              <div class="card-body">
+                <h5 class="card-title text-primary">Confirm data request</h5>
+
+                <form id="data-request-form" novalidate onsubmit="return false">
+                  <div class="mb-3">
+                    <div class="form-check">
+                      <input class="form-check-input" type="checkbox" id="data-request-confirm-checkbox" name="confirm_processing_time" required>
+                      <label class="form-check-label small" for="data-request-confirm-checkbox">
+                        I understand that this request may take up to 14 business days to process and that I must return to this page to download my data. I acknowledge that data will not be sent to me via email or any other channel.
+                      </label>
+                    </div>
+                  </div>
+
+                  <div class="mb-3">
+                    <div class="form-check">
+                      <input class="form-check-input" type="checkbox" id="data-request-deletion-checkbox" name="confirm_deletion_warning" required>
+                      <label class="form-check-label small" for="data-request-deletion-checkbox">
+                        I understand that if I delete my account before downloading my data, the data will be permanently lost and cannot be recovered under any circumstances.
+                      </label>
+                    </div>
+                  </div>
+
+                  <div class="mb-3">
+                    <label for="data-request-reason" class="form-label">Reason for request</label>
+                    <textarea class="form-control" id="data-request-reason" name="reason" rows="3" placeholder="Help us understand why you're requesting your data..."></textarea>
+                  </div>
+
+                  <div class="row g-2">
+                    <div class="col-12 col-md-6 order-md-2">
+                      <button type="submit" class="btn btn-outline-adaptive w-100" id="data-request-submit-btn" disabled>
+                        {% uj_icon "file-export", "fa-sm me-2" %}
+                        <span class="button-text">Submit Data Request</span>
+                      </button>
+                    </div>
+                    <div class="col-12 col-md-6 order-md-1">
+                      <a href="/account" class="btn btn-primary w-100">
+                        {% uj_icon "arrow-left", "fa-sm me-2" %}
+                        <span>Return to Profile</span>
+                      </a>
+                    </div>
+                  </div>
+                </form>
+              </div>
+            </div>
+          </div>
+        </div>
+      </section>
+
       <!-- Delete Account Section (Hidden by default) -->
       <section id="delete-section" class="account-section d-none">
-        <h2 class="h3 mb-4 text-danger" >Delete account</h2>
-
-        <div class="alert alert-danger">
-          <h5 class="alert-heading">
-            {% uj_icon "triangle-exclamation", "fa-lg" %}
-            Warning: This action cannot be undone
-          </h5>
-          <p>Deleting your account will permanently remove:</p>
-          <ul class="mb-2">
-            <li>All your personal information</li>
-            <li>Your subscription and billing history</li>
-            <li>Access to all services and data</li>
-            <li>Any stored content or settings</li>
-          </ul>
-          <p class="mb-0"><strong>This action is immediate and irreversible.</strong></p>
-        </div>
+        <h2 class="h3 mb-4">Delete account</h2>
 
-        <div class="card border-danger">
+        <div class="card mb-4">
           <div class="card-body">
-            <h5 class="card-title text-danger">Confirm account deletion</h5>
-
-            <form id="delete-account-form" novalidate>
-              <div class="mb-3">
-                <div class="form-check">
-                  <input class="form-check-input" type="checkbox" id="delete-confirm-checkbox" required>
-                  <label class="form-check-label" for="delete-confirm-checkbox">
-                    I understand that deleting my account is permanent and cannot be reversed. All my data will be lost forever.
-                  </label>
+            <h5 class="card-title text-danger">
+              {% uj_icon "triangle-exclamation", "fa-lg me-2" %}
+              About Account Deletion
+            </h5>
+            <p class="card-text small text-muted">
+              Under applicable data protection regulations including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), you have the right to request the deletion of the personal data we hold about you. Account deletion is a permanent, irreversible action that cannot be undone under any circumstances. Please read the following important information carefully before proceeding.
+            </p>
+            <p class="card-text small text-muted">
+              <strong>Permanent and irreversible:</strong> Once your account is deleted, all personal data associated with your account will be permanently removed from our systems. This includes, but is not limited to, your profile information, subscription and billing history, activity logs, API keys, OAuth2 connections, referral data, saved preferences, and all other stored information. There is no mechanism to recover any data after deletion. Our support team cannot restore deleted accounts or retrieve any associated data, regardless of the circumstances.
+            </p>
+            <p class="card-text small text-muted">
+              <strong>Active subscriptions:</strong> You must cancel any active paid subscriptions before deleting your account. Accounts with active or suspended paid subscriptions cannot be deleted until the subscription is cancelled or expires. If you have a subscription that is currently in a billing cycle, you will need to wait for the cycle to complete or cancel the subscription first. No refunds will be issued for unused portions of cancelled subscriptions in connection with account deletion.
+            </p>
+            <p class="card-text small text-muted">
+              <strong>Pending data requests:</strong> If you have a pending data request (Subject Access Request), it will be permanently cancelled upon account deletion. We will not be able to fulfill data requests after your account has been deleted. If you wish to obtain a copy of your data, you must complete the data request and download process <strong>before</strong> initiating account deletion. You can request a copy of your data from the <a href="#data-request">data request section</a>.
+            </p>
+            <p class="card-text small text-muted">
+              <strong>Immediate effect:</strong> Account deletion takes effect immediately upon confirmation. You will be signed out of all active sessions across all devices and platforms, and will no longer be able to access any services, features, content, or data associated with your account. Any active API integrations or third-party connections will cease to function immediately.
+            </p>
+            <p class="card-text small text-muted">
+              <strong>Third-party services:</strong> While we will remove your data from our systems, we cannot guarantee the removal of data that has already been shared with or collected by third-party services you may have used in connection with your account. This includes, but is not limited to, analytics providers, payment processors, authentication providers, and any external services you authorized. Please refer to the privacy policies of those services for information about their data retention and deletion practices.
+            </p>
+
+            <hr>
+
+            <h6 class="text-muted">Summary of consequences:</h6>
+            <ul class="small text-muted">
+              <li>All personal information, account data, and stored content will be permanently erased</li>
+              <li>Your subscription and complete billing history will be permanently removed</li>
+              <li>All API keys, OAuth2 connections, and integrations will be revoked</li>
+              <li>Access to all services, features, and platforms will be terminated immediately</li>
+              <li>Any pending data requests will be cancelled and cannot be fulfilled</li>
+              <li>This action cannot be reversed, appealed, or undone by our support team</li>
+            </ul>
+
+            <p class="card-text small text-muted mb-0">
+              If you have read and understood all of the information above and still wish to proceed with deleting your account, you may proceed to <button type="button" class="accordion-trigger small text-muted text-decoration-underline" data-bs-toggle="collapse" data-bs-target="#delete-form-accordion" aria-expanded="false" aria-controls="delete-form-accordion">confirm account deletion &rarr;</button>.
+            </p>
+          </div>
+        </div>
+
+        <div class="collapse" id="delete-form-accordion">
+          <div class="card card-form-border border-danger mt-4">
+            <div class="card-body">
+              <h5 class="card-title text-danger">Confirm account deletion</h5>
+
+              <form id="delete-account-form" novalidate onsubmit="return false">
+                <div class="mb-3">
+                  <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="delete-confirm-checkbox" required>
+                    <label class="form-check-label" for="delete-confirm-checkbox">
+                      I understand that deleting my account is permanent and cannot be reversed. All my data, including personal information, subscription history, API keys, and stored content, will be permanently and irreversibly erased.
+                    </label>
+                  </div>
                 </div>
-              </div>
 
-              <div class="mb-3">
-                <label for="delete-reason" class="form-label">Reason for leaving (optional)</label>
-                <textarea class="form-control" id="delete-reason" rows="3" placeholder="Help us improve by sharing why you're leaving..."></textarea>
-              </div>
+                <div class="mb-3">
+                  <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="delete-data-request-checkbox" required>
+                    <label class="form-check-label" for="delete-data-request-checkbox">
+                      I acknowledge that any pending data requests will be cancelled and I will not be able to request or download a copy of my data after my account is deleted.
+                    </label>
+                  </div>
+                </div>
 
-              <div class="d-grid gap-2">
-                <button type="submit" class="btn btn-danger" id="delete-account-btn" disabled>
-                  {% uj_icon "trash", "fa-sm" %}
-                  <span class="button-text">Delete My Account Permanently</span>
-                </button>
-                <button type="button" class="btn btn-outline-secondary" id="cancel-delete-btn">
-                  Cancel
-                </button>
-              </div>
-            </form>
+                <div class="mb-3">
+                  <label for="delete-reason" class="form-label">Reason for leaving</label>
+                  <textarea class="form-control" id="delete-reason" name="reason" rows="3" placeholder="Help us improve by sharing why you're leaving..."></textarea>
+                </div>
+
+                <div class="row g-2">
+                  <div class="col-12 col-md-6 order-md-2">
+                    <button type="submit" class="btn btn-outline-adaptive w-100" id="delete-account-btn" disabled>
+                      {% uj_icon "trash", "fa-sm me-2" %}
+                      <span class="button-text">Delete My Account Permanently</span>
+                    </button>
+                  </div>
+                  <div class="col-12 col-md-6 order-md-1">
+                    <a href="/account" class="btn btn-danger w-100" id="cancel-delete-btn">
+                      {% uj_icon "arrow-left", "fa-sm me-2" %}
+                      <span>Return to Profile</span>
+                    </a>
+                  </div>
+                </div>
+              </form>
+            </div>
           </div>
         </div>
       </section>

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/auth/reset.html

@@ -25,7 +25,7 @@ layout: themes/[ site.theme.id ]/frontend/core/cover
       {% capture initializing_spinner %}<span class="spinner-border spinner-border-sm me-2 form-initializing-spinner"></span>{% endcapture %}
 
       <!-- Reset Form -->
-      <form id="auth-form" autocomplete="on" novalidate>
+      <form id="auth-form" autocomplete="on" novalidate onsubmit="return false">
         <div class="mb-4 text-start">
           <label for="email" class="form-label fw-semibold">
             Email <span class="text-danger">*</span>

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/auth/signin.html

@@ -40,7 +40,7 @@ social_signin:
       {% capture initializing_spinner %}<span class="spinner-border spinner-border-sm me-2 form-initializing-spinner"></span>{% endcapture %}
 
       <!-- Sign In Form -->
-      <form id="auth-form" autocomplete="on" novalidate>
+      <form id="auth-form" autocomplete="on" novalidate onsubmit="return false">
         <!-- Hidden default submit button for Enter key -->
         <button type="submit" class="d-none" data-provider="email" aria-hidden="true" tabindex="-1"></button>
 

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/auth/signup.html

@@ -40,7 +40,7 @@ social_signup:
       {% capture initializing_spinner %}<span class="spinner-border spinner-border-sm me-2 form-initializing-spinner"></span>{% endcapture %}
 
       <!-- Sign Up Form -->
-      <form id="auth-form" autocomplete="on" novalidate>
+      <form id="auth-form" autocomplete="on" novalidate onsubmit="return false">
         <!-- Hidden default submit button for Enter key -->
         <button type="submit" class="d-none" data-provider="email" aria-hidden="true" tabindex="-1"></button>
 

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/blog/index.html

@@ -340,7 +340,7 @@ newsletter_cta:
         {% endiftruthy %}
 
         <!-- Newsletter Form -->
-        <form id="newsletter-form" class="newsletter-form">
+        <form id="newsletter-form" class="newsletter-form" onsubmit="return false">
           <div class="row g-3 justify-content-center">
             <div class="col-md-7">
               <input

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/contact.html

@@ -178,7 +178,7 @@ faqs:
               {% endiftruthy %}
             </div>
 
-            <form id="contact-form" autocomplete="on">
+            <form id="contact-form" autocomplete="on" onsubmit="return false">
               <div class="row g-3 mb-4">
                 <div class="col-md-6">
                   <label for="first_name" class="form-label fw-semibold">First Name <span class="text-danger">*</span></label>

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/download.html

@@ -368,7 +368,7 @@ cta:
               {% else %}
                 {% if platform.id == "android" or platform.id == "ios" %}
                   <div class="mb-4 text-start">
-                    <form id="mobile-email-form-{{ platform.id }}" class="mobile-email-form" data-platform="{{ platform.id }}">
+                    <form id="mobile-email-form-{{ platform.id }}" class="mobile-email-form" data-platform="{{ platform.id }}" onsubmit="return false">
                       <label for="email-{{ platform.id }}" class="form-label">Email Address</label>
                       <div class="row g-3">
                         <div class="col-12 col-md-8">

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/index.html

@@ -225,7 +225,7 @@ cta:
     <!-- Input Demo: Single input with button -->
     <div class="card bg-glassy border-0 {% unless is_side_layout %}mx-auto{% endunless %} {{ demo.options.class }}">
       <div class="card-body">
-        <form id="hero-demo-form" class="d-flex flex-column {% unless is_side_layout %}flex-sm-row justify-content-center{% endunless %} gap-3" {% iftruthy demo.options.redirect %}data-redirect="{{ demo.options.redirect }}"{% endiftruthy %}>
+        <form id="hero-demo-form" class="d-flex flex-column {% unless is_side_layout %}flex-sm-row justify-content-center{% endunless %} gap-3" {% iftruthy demo.options.redirect %}data-redirect="{{ demo.options.redirect }}"{% endiftruthy %} onsubmit="return false">
           <input
             type="{{ demo.options.input_type | default: 'text' }}"
             name="{{ demo.options.name | default: 'input' }}"
@@ -249,7 +249,7 @@ cta:
   {% elsif demo.type == "form" %}
     <!-- Form Demo: Multiple fields with card styling -->
     <div class="{% unless is_side_layout %}mx-auto{% endunless %} {{ demo.options.class }}">
-      <form id="hero-demo-form" {% iftruthy demo.options.redirect %}data-redirect="{{ demo.options.redirect }}"{% endiftruthy %}>
+      <form id="hero-demo-form" {% iftruthy demo.options.redirect %}data-redirect="{{ demo.options.redirect }}"{% endiftruthy %} onsubmit="return false">
         <div class="row g-3 {% unless is_side_layout %}justify-content-center{% endunless %}">
           {% assign autofocus_set = false %}
           {% for field in demo.options.fields %}

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/payment/checkout.html

@@ -24,7 +24,8 @@ web_manager:
   <button type="submit" class="btn btn-adaptive btn-md d-flex align-items-center justify-content-center payment-button"
           data-payment-method="card"
           data-action="pay-card"
-          data-wm-bind="@show checkout.paymentMethods.card">
+          data-wm-bind="@show checkout.paymentMethods.card"
+          hidden>
     {% uj_icon "credit-card", "me-2 fa-3xl" %}
     <span class="fw-semibold">Credit/Debit</span>
   </button>
@@ -33,7 +34,8 @@ web_manager:
   <button type="submit" class="btn btn-paypal btn-md d-flex align-items-center justify-content-center payment-button"
           data-payment-method="paypal"
           data-action="pay-paypal"
-          data-wm-bind="@show checkout.paymentMethods.paypal">
+          data-wm-bind="@show checkout.paymentMethods.paypal"
+          hidden>
     <img src="https://www.paypalobjects.com/webstatic/mktg/Logo/pp-logo-200px.png"
         alt="PayPal"
         height="28"
@@ -152,7 +154,7 @@ web_manager:
       </div> -->
 
       <!-- Main Checkout Form -->
-      <form id="checkout-form" autocomplete="on" novalidate>
+      <form id="checkout-form" autocomplete="on" novalidate onsubmit="return false">
         <!-- Content Row -->
         <div class="row d-lg-flex">
           <!-- Section 1: Billing Cycle & Customer Info -->

package/dist/defaults/dist/_layouts/themes/classy/frontend/pages/status.html

@@ -255,7 +255,7 @@ build_info:
                 {% endiftruthy %}
               </div>
               <div class="col-lg-5">
-                <form id="status-subscribe-form" class="d-flex flex-column flex-sm-row gap-2">
+                <form id="status-subscribe-form" class="d-flex flex-column flex-sm-row gap-2" onsubmit="return false">
                   <input
                     type="email"
                     class="form-control flex-grow-1"

package/dist/gulp/tasks/jekyll.js

@@ -148,6 +148,15 @@ async function jekyll(complete) {
       launchBrowserSync();
     }
 
+    // Quick mode: trigger deferred asset compilation after first build
+    if (Manager.isQuickMode() && index === 0) {
+      logger.log('Quick mode: Triggering deferred asset compilation...');
+      Manager.triggerRebuild([
+        'src/assets/js/main.js',
+        'src/assets/css/main.scss',
+      ], logger);
+    }
+
     // Reload browser
     if (global.browserSync) {
       global.browserSync.reload();

package/dist/gulp/tasks/sass.js

@@ -77,6 +77,9 @@ const output = 'dist/assets/css';
 const delay = 250;
 const compiled = {};
 
+// Flags
+let deferred = false;
+
 // Configuration
 const MAIN_BUNDLE_PAGE_PARTIALS = false; // Set to true to merge pages into _page-specific.scss, false to compile separately
 // Enable PurgeCSS via environment variable or in production mode
@@ -86,6 +89,13 @@ const ujmConfig = Manager.getUJMConfig();
 
 // SASS Compilation Task
 function sass(complete) {
+  // Quick mode: skip initial compilation, use stale cached bundles
+  if (Manager.isQuickMode() && !deferred) {
+    deferred = true;
+    logger.log('Quick mode: Skipping initial SASS compilation (using cached bundles)');
+    return complete();
+  }
+
   // Log
   logger.log('Starting...');
   Manager.logMemory(logger, 'Start');

package/dist/gulp/tasks/webpack.js

@@ -72,6 +72,9 @@ const copy = [
 
 const delay = 250;
 
+// Flags
+let deferred = false;
+
 // Bundle naming configuration
 const bundleNaming = {
   // Files that should have stable (non-hashed) names
@@ -275,6 +278,13 @@ function getSettings() {
 
 // Task
 function webpack(complete) {
+  // Quick mode: skip initial compilation, use stale cached bundles
+  if (Manager.isQuickMode() && !deferred) {
+    deferred = true;
+    logger.log('Quick mode: Skipping initial webpack compilation (using cached bundles)');
+    return complete();
+  }
+
   // Get settings (loads config at runtime)
   const settings = getSettings();
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ultimate-jekyll-manager",
-  "version": "0.0.269",
+  "version": "0.0.271",
   "description": "Ultimate Jekyll dependency manager",
   "main": "dist/index.js",
   "exports": {
@@ -101,7 +101,7 @@
     "sass": "^1.97.3",
     "spellchecker": "^3.7.1",
     "through2": "^4.0.2",
-    "web-manager": "^4.1.14",
+    "web-manager": "^4.1.15",
     "webpack": "^5.105.2",
     "wonderful-fetch": "^1.3.4",
     "wonderful-version": "^1.3.2",