Skip to main content
SaaS Product 2026 SaaS Product · Form Processing

ContactFire

SaaS form processing. Built to production standard.

ContactFire is a SaaS form processing service for developers and static sites. Collect submissions, manage them in a visual inbox, and get notified in real time. No backend required on the user's end. Starting at $6.19/month, it handles everything from spam filtering to conditional logic to webhook delivery.

contactfire.com
100
VelocityStack
100/100
100/100
VelocityStack
2
Security token layers
100%
Static-site compatible
$6.19
Starting price / month
The Challenge

What needed solving

Developers building static or JAMstack sites constantly face the same friction: how do you accept form submissions without a backend? Existing solutions like Formspree are either too expensive, too limited, or bury teams in noise. ContactFire needed to be genuinely developer-friendly, genuinely secure, and genuinely useful from day one. Not just a form endpoint.

The Solution

What we built

Two products in one monorepo. The marketing site explains ContactFire to developers and drives signups. The React-powered dashboard is the actual product: Form Studio for building forms visually, Inbox for managing submissions, full API key management, domain restrictions, spam detection, and conditional logic, all backed by PostgreSQL.

Key Features

What makes it work

Form Studio

Drag-and-drop visual form builder with field types (text, email, select, file, etc.), conditional logic, field validation rules, and version control. Roll back a form change if it breaks conversions.

Submission Inbox

Every form submission lands in a structured inbox. Filter by form, date, status. Mark as read, starred, or archived. Export to CSV. No digging through raw email.

Dual-token security model

Embed tokens are public-safe for front-end use: they whitelist domains and forms. API keys are private server-side credentials for full API access. Compromise of one does not compromise the other.

Real-time notifications

Get notified the moment a submission lands. Email digests, per-form notification rules, and webhook delivery to connect ContactFire to Slack, Zapier, or your own endpoint.

Spam detection

Server-side spam scoring on every submission. Honeypot fields, submission rate limits per domain, keyword filtering, and disposable email detection keep inboxes clean.

Domain restrictions

Lock any form to specific domains. A form on evacleancleaning.com.au won't accept submissions from a different origin, preventing embed token misuse.

The security model in detail

Most form services use a single API key for everything: embed it in public HTML and it's exposed. ContactFire uses two separate credential types so developers don't have to choose between security and convenience.

Embed tokens
Public-safe. Scoped to a specific form and domain. Safe to ship in HTML. Revocable without affecting API access.
API keys
Private server-side credentials for server-to-server calls. Full access. Never sent to the browser.
Domain restrictions
Even if an embed token leaks, it only works on the whitelisted domains. Malicious embedding from other origins is rejected.

Why a server-rendered React dashboard?

The ContactFire dashboard needs real-time updates, complex auth flows, server actions for form mutations, and a rich interactive UI. Server-rendered React gives fast initial page loads, client components for interactive pieces like Form Studio's drag-and-drop builder, and API routes for the submission ingestion endpoint. PostgreSQL handles persistence with full relational integrity.

Server components
Inbox lists, form listings, and analytics pages render server-side, for fast first load with no client bundle bloat.
Client components
Form Studio drag-and-drop, conditional logic builder, and real-time submission preview all use React client components.
Relational database
Typed DB access with schema migrations. Forms, submissions, API keys, users, and billing all modelled with relational integrity.

Work with us

Ready to build something like this?

16 years of honest work. We scope, build and ship. No fluff.