ContactFire
SaaS form processing. Built to production standard.
ContactFire is a SaaS form processing service for developers and static sites. Collect submissions, manage them in a visual inbox, and get notified in real time. No backend required on the user's end. Starting at $6.19/month, it handles everything from spam filtering to conditional logic to webhook delivery.
contactfire.comWhat needed solving
Developers building static or JAMstack sites constantly face the same friction: how do you accept form submissions without a backend? Existing solutions like Formspree are either too expensive, too limited, or bury teams in noise. ContactFire needed to be genuinely developer-friendly, genuinely secure, and genuinely useful from day one. Not just a form endpoint.
What we built
Two products in one monorepo. The marketing site explains ContactFire to developers and drives signups. The React-powered dashboard is the actual product: Form Studio for building forms visually, Inbox for managing submissions, full API key management, domain restrictions, spam detection, and conditional logic, all backed by PostgreSQL.
What makes it work
Form Studio
Drag-and-drop visual form builder with field types (text, email, select, file, etc.), conditional logic, field validation rules, and version control. Roll back a form change if it breaks conversions.
Submission Inbox
Every form submission lands in a structured inbox. Filter by form, date, status. Mark as read, starred, or archived. Export to CSV. No digging through raw email.
Dual-token security model
Embed tokens are public-safe for front-end use: they whitelist domains and forms. API keys are private server-side credentials for full API access. Compromise of one does not compromise the other.
Real-time notifications
Get notified the moment a submission lands. Email digests, per-form notification rules, and webhook delivery to connect ContactFire to Slack, Zapier, or your own endpoint.
Spam detection
Server-side spam scoring on every submission. Honeypot fields, submission rate limits per domain, keyword filtering, and disposable email detection keep inboxes clean.
Domain restrictions
Lock any form to specific domains. A form on evacleancleaning.com.au won't accept submissions from a different origin, preventing embed token misuse.
The security model in detail
Most form services use a single API key for everything: embed it in public HTML and it's exposed. ContactFire uses two separate credential types so developers don't have to choose between security and convenience.
Why a server-rendered React dashboard?
The ContactFire dashboard needs real-time updates, complex auth flows, server actions for form mutations, and a rich interactive UI. Server-rendered React gives fast initial page loads, client components for interactive pieces like Form Studio's drag-and-drop builder, and API routes for the submission ingestion endpoint. PostgreSQL handles persistence with full relational integrity.
Work with us
Ready to build something like this?
16 years of honest work. We scope, build and ship. No fluff.