# Signup forms that produce provable consent

> Hosted double opt-in signup forms with consent records that hold up, a preference center with topic opt-down, and confirmation through our own delivery path.

Canonical: https://emailfast.dev/features/forms

## Consent you can show, not just claim

Strictness is the feature: hosted signup forms with double opt-in through our own delivery path, so every subscriber carries verifiable proof of consent. Host them at `/f/:slug` with
zero frontend work, or embed them in your site.

## How it works

1. Create a double opt-in signup form; share the hosted page at `/f/:slug` or embed it.
2. A visitor submits and receives a confirmation email — sent through the same delivery path as everything else, not a side channel.
3. They confirm at `/c/:token`. Only then do they become a subscriber, with a consent record capturing the signup and the confirmation.
4. Every subscriber gets a preference center at `/p/:token`: subscription topics and opt-down choices, so leaving entirely isn't the only exit.

An optional captcha can be required per form, and it fails closed: until the captcha
provider is armed at launch, a form that requires one refuses submissions instead of
accepting them unverified.

## The evidence

:::panel The consent chain
```
POST /f/:slug        visitor submits
      |
      v  confirmation email (our own delivery path)
GET  /c/:token       visitor confirms
      |
      v
subscriber active    consent record: signup + confirmation, timestamped
```
No confirmation, no subscriber. The record exists because the process cannot
complete without creating it.
:::

## Honest limits

:::tradeoffs Double opt-in costs signups
Some fraction of people never click the confirmation, and your list grows more
slowly than it would on single opt-in. That's the trade, and we've picked a side: a
smaller list with provable consent is worth more than a bigger one you can't defend.
Also plainly: the captcha option arms at launch, and until then a form requiring it
fails closed rather than open.
:::

## Where to go next

Forms feed [newsletters](/features/newsletters) directly, and the
[creator door](/creators) shows the whole audience-building loop. Collecting messages
rather than subscribers — a contact form? That's the
[browser SDK](/features/frontend). Leaving a suite that bundles forms with
contact-tier pricing? See the [Mailchimp comparison](/compare/mailchimp-alternative).

## Why double opt-in instead of single?

Because a confirmed click is evidence and a form submission isn't. Double opt-in filters out typos, bots, and forged signups before they reach your list, and every subscriber carries a consent record you can point to later.

## Can I embed the form in my own site?

Yes — every form works both ways: a hosted page at /f/:slug with zero frontend work, or embedded in your own pages.

## What does the preference center do?

Every subscriber gets /p/:token : subscription topics and opt-down choices, so &quot;fewer emails&quot; is available before &quot;none.&quot; Readers who would otherwise unsubscribe can keep the parts they want.

## How does the captcha behave before it's armed?

It fails closed. Captcha is optional per form, and until the provider is armed at launch, a form that requires one refuses submissions rather than accepting unverified ones.
