Skip to content

Changelog

Every FormFence release, in plain English.

Each entry: what changed, why it matters, what (if anything) you need to do.

v1.0

The first public release. Includes everything below.

Detection

  • Five-layer pipeline: honeypot, per-IP rate limit, disposable-email check, content patterns, AI hybrid classifier
  • Content-pattern layer covers high-confidence keyword and regex rules, themed wordlist density rules, and weighted-vocabulary scoring across ~80 marketing-spam terms
  • Spam families in the catalogue: phishing, romance / dating, reward / prize, marketing-promo blasts, NSFW, pharma, work-from-home, crypto, SEO outreach, cold web design, gambling, loan scams, Latin filler, URL floods, link shorteners, length and shouty-body anomalies
  • AI hybrid classifier (Anthropic Claude Haiku via Vercel AI Gateway, zero data retention) for borderline cases the rules can't decide. Per-shop opt-out. Fail-open on timeout
  • Three sensitivity levels (Low, Medium, High) scale the weighted-vocabulary threshold (×1.5 / ×1.0 / ×0.5) AND gate which content-pattern rules fire
  • Per-shop randomised honeypot field name so bots can't learn to skip it across stores

Admin experience

  • Three-column inbox layout for both logs (categories sidebar, day-grouped list, detail pane)
  • Coloured Polaris Badge reason chips with human labels mapped from internal rule IDs
  • Unread/read row state with tinted background and bold sender on new submissions
  • Dashboard with daily passed and blocked counts, 30-day sparkline timeline, "what's tripping the filter" breakdown as coloured pills, top offending domains
  • Sender location shown as city + country (derived from local geo-IP lookup at submit time; raw IP never displayed)
  • AI classifier audit per row: detail pane shows whether AI was consulted, the verdict, and the confidence score
  • Passed log with one-click reply via Resend
  • Blocked log with verdict reason for every row and one-click move-to-passed for false positives
  • CSV export of either log
  • Delete tool for individual submissions
  • Settings page covering sensitivity, business name, support email, AI classifier opt-out
  • Privacy policy and terms-of-service links in the Settings footer
  • Mobile-responsive: three-column layout stacks to single column on viewports under ~720px

Storefront integration

  • Theme App Extension (FormFence shield) for Online Store 2.0 themes
  • Invisible honeypot field injected into the Shopify contact form
  • Submit interceptor that posts through the FormFence verdict endpoint before Shopify receives the submission

Plans and billing

  • Free plan: honeypot and rate limit on every submission
  • Pro plan: $9.99 USD/month, full detection pipeline (content patterns, weighted scoring, AI classifier) plus the full admin experience
  • Shopify-managed App Pricing flow (Shopify hosts the pricing page and runs the subscription)

Compliance

  • All three Shopify mandatory data-protection webhooks (customers/data_request, customers/redact, shop/redact)
  • 7-day raw-IP scrub (geo location stays for audit), 30-day passed-submission retention, 10,000-row blocked log cap per shop
  • EU-hosted infrastructure for everything except outbound email (Resend, US), AI classifier (Anthropic via Vercel AI Gateway, US, zero data retention). All US transfers covered by Standard Contractual Clauses
  • Per-shop opt-out for the AI classifier; with it off, no submission text is sent to any third-party AI provider
  • Privacy policy and terms of service published at harbourlabs.app/apps/formfence/{privacy,terms}
Was this helpful?

Uninstall

What happens when you uninstall FormFence, the exact deletion timeline, and what to do beforehand.

On this page

v1.0DetectionAdmin experienceStorefront integrationPlans and billingCompliance