Secure contact forms: validation, rate limiting, and webhooks

A contact form is the most common entry point for spam and abuse. Ours validates every field server-side with Zod, normalizes and sanitizes input, and rate-limits by IP.

Submissions are persisted through a single database abstraction and forwarded to a CRM or Zapier using server-side environment variables — no secret ever reaches the browser.

If the webhook URL isn't configured, the form still works and logs safely. Resilience by default.