logo
Log In Sign Up
logo
Log In Sign Up

Features

An in-depth look at some of the Private Captcha features.

Rate limiting

Smart difficulty scaling

Instead of asking users to solve frustrating puzzles, Private Captcha solves an invisible cryptographic task fully in the background. Solving a task requires a certain amount of compute resources (e.g. CPU and/or GPU time) from the user. Amount of resources needed is known as "difficulty".

Automatic adjustment.
The system automatically adjusts the task difficulty depending on current access patterns to the protected resource and access patterns of the actor themselves.
Exponential growth.
Difficulty grows exponentially, with each small increase requiring much more compute resources from bots. This very quickly makes any attack economically nonviable.
LLM resistant.
Compute resource requirements to solve the task provide equal security regardless of bots intelligence level, making it effective even as AI technology improves.

In Private Captcha dashboard you can configure the base difficulty for tasks and how fast difficulty grows based on the dynamics of current access patterns. So it can be perfectly tailored for your users.

server load
Direct traffic
With Private Captcha
time
App screenshot

Security

Customize protection

Define your own rules for CAPTCHA puzzles on top of smart difficulty scaling. Change difficulty, adapt scaling or block requests completely.

Traffic Source.
Detect access from Cloud, VPN, TOR, CDN, and popular blocklists (like Firehol, Spamhouse etc.).
Country.
Take action against whole countries if that's what it takes for security.
IP Address.
Match any CIDR range, for example excluding your corporate ranges.
User Agent.
Detect known bots or write custom logic based on User-Agent HTTP header values.

Check docs

Product screenshot

Get property and account level stats in the dashboard

Property stats

Dashboard

Usage statistics

Staying on top of how your properties are accessed helps to select correct difficulty settings, spot verification problems or monitor your billing.

Subscribe to monthly or weekly usage reports straight to your inbox.

GDPR compliance

EU isolation

Private Captcha was built with GDPR/CCPA compliance by design. In addition to that you can restrict actual networking to go through EU servers.

EU suppliers

Private Captcha relies only on EU companies. Servers, storage, CDN, email - you name it - backed by EU businesses, which have strict GDPR requirements. Current suppliers include Hetzner, Bunny and Scaleway.

Learn more

EU routing

Private Captcha provides technical means to make client-side widget and server-side validations to connect only to EU servers. At the expense of small latency increase, this ensures no user data will be processed on non-EU servers.

Check docs

Strict privacy

Private Captcha does not collect or process any Personally Identifiable Information (PII). We have a Data Processing Agreement ready in addition to our Privacy Policies. Our code is public so all claims can be easily verified.

DPA

UI options

Widget customization

Private Captcha widget supports different themes, languages, screen sizes and more.

Different themes.
Widget comes with pre-made light and dark themes, but also it is possible to customize just about any color inside the widget.
Localization.
Widget text is available in most European languages (and it's trivial to add more). So your users will know what to do!
Popup / hidden mode.
Widget can be hidden and shown as a popup or it can be permanently hidden and you can create your own visualization.

Check docs

Also includes an invisible widget.

Make any DIY visualization you want using events and hooks of our library.

Check docs

Compliance

Easy compliance with account audit logs

Keep your data safe and know exactly who changed what and when. View activity at the property, organization, or account level. Export logs to CSV for any time range.

You get 14 days of audit data included with every plan, with an upgrade option for 365 days.

Automation

Platform API

Create and edit properties in bulk, manage organizations and more using our Platform API. Now almost everything you can do in the portal is available as an HTTP endoint.

Bulk operations.
Batch- create/edit/delete properties, which is perfect for import and automated management of client websites.
Audit logs.
All operations using API produce the same compliance audit logs as operations in the Portal.

Check docs

Platform API
bash

curl -X POST https://api.privatecaptcha.com/org \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"name": "New Marketing Org"}'


curl -X POST https://api.privatecaptcha.com/org/vDWtASYqrB/properties \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '[{"name": "Blog", "domain": "blog.example.com"}]'

Load captcha widget

Resolve via CNAME proxy

Captcha displayed

End-user visits website

captcha.customer.com

api.privatecaptcha.com

Security

Use our services via your own domain

A customer may want to use a domain like captcha.customer.com to point to api.privatecaptcha.com so that captcha widget does not contact any other domains except of those of the customer.

This is possible to achieve using DNS proxying (also known as “CNAME proxy”).

Check docs

Security

Form submission forwarding

Every form submission passes through user-friendly CAPTCHA and rate-limit checks before it reaches you. Docs

Use only Private Captcha API URL in your form destination

We check CAPTCHA solution and rate limit submissions

We forward submissions only from real users to your actual URL

Frequently Asked Questions

How does Private Captcha technology work?
Instead of asking users to solve complex puzzles or track their behavior, Private Captcha solves an invisible cryptographic task in the background. The system automatically adjusts the task difficulty, ensuring smooth access for real users while making it too costly for bots to attempt. Cryptographic task provides equal security regardless of bot's intelligence level, making it effective even as AI technology improves. Which is hard to say about image/sound recognition tasks of other captchas.
How does Private Captcha tell bots and users apart?
On scale, bots exhibit different usage patterns and fingerprints statistics than real users. Detection of those patterns is part of the Private Captcha solution.
How Private Captcha is different from other Proof-of-Work solutions?
Unlike other solutions, that only have client-side code open, Private Captcha's backend code is also publicly available, making it easy to verify how user data is handled. Additionally, you can host Private Captcha on premises inside your own organization.
How do I add Private Captcha on my website?
Private Captcha comes with many pre-built integrations for popular online platforms, such as WordPress, and packages for many popular programming languages (Javascript, Python, etc.). Additionally, our documentation provides detailed setup and migration guides and integration examples.
Can I customize how the Private Captcha widget looks like?
The Private Captcha widget offers two color themes (light and dark) and also allows to do lower-level customization, using CSS, ensuring seamless integration with your website. Additionally, you can hide the captcha widget altogether and make your custom UI integration, all while keeping security benefits.
More questions

Protect your forms and APIs from abuse

Independent, privacy-first, self-hostable CAPTCHA service made in EU

Log in Start free trial