On line 86 of controller.php, you have
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' ) which triggers a NOTICE level error because it isn't set even though it is making an AJAX request.
A simple fix would be simply to test
if( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' ), but that just does away with the NOTICE error message and doesn't fix the problem.
I am curious why you aren't submitting the form to wp-admin/admin-ajax.php as described in http://www.garyc40.com/2010/03/5-tips-for-using-ajax-in-wordpress/#js-global and then adding the appropriate ajax functions to catch the request. When done correctly, it adds additional security measures.
Since I have benefited from the use of CF7, I would gladly contribute and help implement this if you're interested and if there's not a particular reason you avoided this route.
Thanks again for your hard work!