Everything included
Forms and payments are the visible part. Underneath sits a good deal of compliance, security and spam-filtering work. Almost all of it is included and on by default; a few items are marked Pro. Here is the whole picture.
Forms & distribution
Build a form once, then meet people wherever they are: a hosted page, an embed on your own site, or a webhook from a form you already have.
Every form gets a clean, mobile-friendly page at its own link, carrying your branding and the same POPIA tooling as an embedded form. Share the link directly, turn it into a QR code, or use it as a fallback when you cannot embed.
Put a form on your own site two ways: a one-line iframe, or a small script that injects the iframe and resizes it as fields change. Both post back to Cambrian and emit a submit event your page can listen for, so you can show your own thank-you state. Tested across React, WordPress and plain HTML.
Already built a form in Gravity Forms, Typeform or your own code? Point it at a Cambrian webhook. With auto-extend on, the first submission defines the field list automatically, so you never recreate a form by hand.
Text, email, phone, URL, number, long text, dropdown, checkbox, radio, date and file, plus price and quantity for payments. Mark fields required, add placeholders and help text, and reorder them.
Accept documents and images up to 10 MB per file. Uploads are stored privately, virus-scanned, and only ever downloaded through a short-lived signed link.
Download a form's submissions to CSV whenever you need them, with marketing-consent columns included on direct-marketing forms. Every export is written to the audit log.
Payments
Turn a form into an order or a donation. Money goes straight to your own account, and the total is always recalculated on our side.
Connect your own PayFast merchant credentials, so payments land directly with you, not with us. Sandbox mode lets you rehearse the whole flow with PayFast test cards before going live.
A price field can be a fixed amount, a customer-set amount with optional minimum and maximum (good for donations or pay-what-you-can), or a list of labelled options each with its own price.
Pair a quantity field to any price field so people choose how many. A form can hold several independent price-and-quantity pairs and shows a live total at the bottom that updates as choices change.
On a paid form, notifications and integrations are held back until PayFast confirms the payment, so you never act on an order that was never actually paid.
Compliance & POPIA
These features help you meet your obligations under POPIA. They support your compliance work; they do not replace your own legal advice.
Choose the basis for processing each form (consent, contract, legal obligation, and the rest, per POPIA s. 11). It is recorded with the form and reflected in your processing register.
When consent is the basis, the consent wording and the moment it was given are stored with each submission, so you have a record of exactly what the person agreed to and when.
Direct-marketing forms show a separate, plainly worded marketing opt-in (POPIA s. 69) instead of burying it in one tick box. It is captured with its own timestamp, and CRM syncs are held back for anyone who did not give it.
Every submission has a private link the person can use to see what you hold and delete it themselves. Deleting tells them which connected services also received their data, and notifies the form owner.
Set how long each form keeps submissions. A daily job purges anything past its window, including uploaded files, so you are not holding data longer than you meant to.
An embeddable cookie banner for your own site, plus a server-side log of the choices visitors make that you can export. Useful evidence if you are ever asked to show it.
Generate a RoPA from your forms, integrations and privacy details, one row per processing activity, to support your own compliance work.
Build a POPIA-aware privacy notice from a short questionnaire, then publish it at a link or embed it on your site.
Security
The data people trust you with is handled carefully from the moment it arrives.
Submission contents and the contact details we extract (name, email, IP, user agent) are encrypted in the database rather than stored as plain text.
Uploads are scanned for malware with ClamAV and checked against known harmful-image hashes through Cloudflare before they can be downloaded. Anything flagged is quarantined automatically.
Uploaded files are never public. They are served only through signed links that expire, and each download is recorded.
Views, exports, deletions and spam decisions are all recorded against the submission, so there is a clear trail of who did what.
Team members are prompted to turn on two-factor authentication before they first open the submissions list or the compliance hub.
Spam protection
Several layers work together, so you can keep junk out without making real visitors jump through hoops. You decide whether borderline submissions are flagged for review or dropped.
New forms ship with an invisible honeypot field and a minimum submit time. Bots that fill everything in instantly are turned away, and real visitors never notice.
An hourly limit per form stops a single source flooding you with submissions.
Optionally reject throwaway email domains, and addresses whose domain cannot actually receive mail.
Submissions can be checked against StopForumSpam, a shared database of known abusive sources.
A per-team filter learns from the submissions you mark as spam or not-spam and gets better at catching the rest over time.
Add Cloudflare Turnstile free for a privacy-friendly bot check, or paste a CleanTalk key for an extra content-spam signal. Signals combine into a single score you set the threshold for.
Integrations & delivery
Submissions can flow to the tools your team already uses, and you can see exactly where each one went.
Connect a Google account once and mirror submissions into a spreadsheet, with columns kept in step as your form changes.
Push submitters into your CRM or mailing audience, with standard fields mapped automatically by name.
Forward submissions to one or more of your own endpoints, each signed with an HMAC so your server can confirm it genuinely came from Cambrian.
Every push is recorded per submission as pending, delivered or failed, and shown on the submission, so you always know where the data went and whether it arrived.
Branding
Forms and the emails they send can look like you, not like us.
Set a team-wide brand colour, background, logo and typeface, and override any of them per form. Readable button-text colour is calculated for you, so you only ever pick one colour.
Confirmation emails to submitters carry your logo, colour and message, with a plain-text version generated automatically. The rich editor is on Pro.
Hide the small "Powered by Cambrian" line on your public forms. The privacy and POPIA link always stays, since that is a legal necessity.
Free during launch. No credit card. Priced in rand when you're ready.
We use cookies to keep the site running, and (with your say-so) to understand how it's used.