form backend · jamstack · static sites

Form backend for static sites and JAMstack

Drop one URL into your form action. Submissions land in a real dashboard, fire signed webhooks, get filtered for spam, and stay hosted in the EU.

Start free →See pricing
·· no credit card·· 50 free submissions/mo·· EU hosted·· signed webhooks
·· contact.html · static
<form action="https://formspring.io/f/abc123" method="POST"><input type="email" name="email" required/><textarea name="message"></textarea><button type="submit">Send</button></form>
POST · 14ms · eu-de · signed webhook fired
01 / how it works

Four steps. No glue code.

Sign up, copy your endpoint, paste it in, receive submissions. The whole thing is the URL.

01 · step

Sign up

Create a free workspace - no credit card. The Free plan accepts 50 submissions a month with 30-day retention.

02 · step

Copy your endpoint

Every form gets its own URL on formspring.io/f/{id}. Rotate it from the dashboard at any time.

03 · step

Paste it into your form action

Drop the URL into the action attribute of any HTML form. Works with React, Vue, Next, Astro, SvelteKit, vanilla HTML - anything that POSTs.

04 · step

Receive submissions

Read them in the dashboard, get them by email or Slack, fire a signed webhook, or pipe them through Zapier or n8n.

02 / spam protection

Layered, not stacked.

Five filters, each at the right point in the pipeline. The cheap ones run first; nothing wastes CPU on a bot that a honeypot already caught.

  • ·· layer 01

    Honeypot

    A hidden field is auto-injected on every form. Naive bots fill it; real users do not. Rejected before any spam compute runs.

  • ·· layer 02

    hCaptcha or reCAPTCHA

    Bring-your-own keys, per form. Challenge runs only when reputation says it is worth the friction. Never global - configured per form.

  • ·· layer 03

    Custom rules

    Block by keyword, domain, country, or regex. Useful for blanket bans on competitor outreach and known burner email patterns.

  • ·· layer 04

    Akismet reputation

    Optional Akismet pass on every submission. Picks up known bad actors before they ever reach your inbox.

  • ·· layer 05

    AI moderation

    A local model reads the message body itself. Flags solicitation, profanity, scam patterns, and prompt injection in the response payload.

03 / integrations

Send submissions anywhere.

Native destinations, signed outbound webhooks, and a REST API that does not change every six months.

Slack logoSlack
Google Sheets logoGoogle Sheets
Zapier logoZapier
Notion logoNotion
Airtable logoAirtable
HubSpot logoHubSpot
Telegram logoTelegram
WHWebhook
See all integrations →
04 / pricing

Per workspace. Not per form.

One submission counter for the whole workspace. Forms, surveys, and funnels share it. Easy to reason about, hard to mis-bill.

PlanPriceWhat's included
FreeFree50 submissions/mo · 30-day retention · no file uploads
Pro$19/mo5,000 submissions/mo · 5 GB storage · unlimited retention
Team$49/mo25,000 submissions/mo · 50 GB storage · agency mode
Scale$149/mo100,000 submissions/mo · unlimited storage · SLA-backed
See full plan comparison →
05 / questions

About the form backend.

Is it really free?
Yes. The Free plan accepts 50 submissions per month with 30-day retention, no credit card required. Upgrade only when a project crosses 50 a month.
How does pricing scale?
Plans are billed per workspace, not per form. Pro is $19/mo for 5,000 submissions. Team is $49/mo for 25,000. Scale is $149/mo for 100,000. Over-quota submissions return HTTP 402 so the client knows the response was not accepted.
Do I need to handle CORS?
No. The ingestion endpoint allows cross-origin POSTs from any domain, returns JSON on Accept: application/json, and supports both standard form-encoded bodies and JSON payloads. No preflight tuning required.
Is my data in the EU?
Yes. Submissions and uploaded files are stored in Germany by default - Hetzner object storage for files, EU-region transactional mail. The Data Processing Addendum at /dpa lists every sub-processor.
Will it work with my React, Next, Vue, or Astro setup?
Anything that can POST works. Drop the endpoint URL into the form action, or fetch() to it from a client component. Snippets ship for HTML, React, Vue, Next.js, Astro, SvelteKit, Nuxt, vanilla JS, Python, PHP, and Ruby.
How does spam protection work?
Layered, not stacked. A hidden honeypot field catches naive bots before any compute runs. Optional hCaptcha or reCAPTCHA add a real-user challenge. Custom rules let you block by keyword or pattern. Akismet reputation scoring filters known bad actors. AI moderation reads the message itself and flags solicitation, profanity, and prompt injection.
Are webhooks signed?
Yes. Every webhook delivery carries an x-formspring-signature header with an HMAC-SHA256 of the raw body using your per-form secret. Retries are exponential with full delivery history and one-click replay from the dashboard.

Ship the form. Forget the backend.

Free plan covers a personal site or a small intake flow. Upgrade when you cross 50 submissions a month.

Start free →Read the docs