Rate limiting

Smart difficulty scaling

Private Captcha solves a cryptographic task in the background, that requires a certain amount of resources (the "difficulty") from the user.

  • Automatic adjustment.

    The system automatically adjusts the task difficulty depending on current access patterns to the protected resource and access patterns of the actor themselves.

  • Exponential growth.

    Difficulty grows exponentially, with each small increase requiring much more compute resources from bots. This very quickly makes any attack economically nonviable.

  • LLM resistant.

    Compute resource requirements to solve the task provide equal security regardless of bots intelligence level, making it effective even as AI technology improves.

In Private Captcha dashboard you can configure the base difficulty for tasks and how fast difficulty grows based on the dynamics of current access patterns. So it can be perfectly tailored for your users.

Difficulty growth and base difficulty controls
Custom captcha rule settings

Security

Customize Protection

Define your own rules for CAPTCHA puzzles on top of smart difficulty scaling. Change difficulty, adapt scaling or block requests completely.

Traffic Source

Detect access from Cloud, VPN, TOR, CDN, and popular blocklists (like Firehol, Spamhouse etc.).

Country

Take action against whole countries if that's what it takes for security.

IP Address

Match any CIDR range, for example excluding your corporate ranges.

User Agent

Detect known bots or write custom logic based on User-Agent HTTP header values.

Check docs

Dashboard

Usage statistics

Staying on top of how your properties are accessed helps to select correct difficulty settings, spot verification problems or monitor your billing.

Take control of your usage and performance with real-time insights

Start free trial

Get property and account level stats in the dashboard

Captcha requests dashboard chart with requested and verified statistics

GDPR Compliance

EU isolation

Private Captcha was built with GDPR/CCPA compliance by design. In addition to that you can restrict actual networking to go through EU servers.

EU suppliers

Private Captcha relies only on EU companies. Servers, storage, CDN, email - you name it - backed by EU businesses, which have strict GDPR requirements. Current suppliers include Hetzner, Bunny and Scaleway.

Learn more about EU suppliers

EU routing

Private Captcha provides technical means to make client-side widget and server-side validations to connect only to EU servers. At the expense of small latency increase, this ensures no user data will be processed on non-EU servers.

Check docs

Strict Privacy

Private Captcha does not collect or process any Personally Identifiable Information (PII). We have a Data Processing Agreement ready in addition to our Privacy Policies. Our code is public so all claims can be easily verified.

DPA

Security

Form submission forwarding

Every form submission passes through user-friendly CAPTCHA and rate-limit checks before it reaches you. Docs

1. Use our URL in the form

Use only Private Captcha API URL in your form destination

2. We check captcha

We check CAPTCHA solution and rate-limit submissions

3. Receive verified submissions

We forward submissions only from real users to your actual URL

UI options

Widget Customization

Private Captcha widget supports different themes, languages, screen sizes and more.

Different Themes

Widget comes with pre-made light and dark themes, but also it is possible to customize just about any color inside the widget.

Localization

Widget text is available in most European languages (and it's trivial to add more). So your users will know what to do!

Popup / Hidden Mode

Widget can be hidden and shown as a popup or it can be permanently hidden and you can create your own visualization.

Check docs

Also includes an invisible widget.

Make any DIY visualization you want using events and hooks of our library.

Account audit logs table in the Private Captcha dashboard

Compliance

Easy compliance with account audit logs

Keep your data safe and know exactly who changed what and when. View activity at the property, organization, or account level. Export logs to CSV for any time range.

You get 14 days of audit data included with every plan, with an upgrade option for 365 days.

Automation

Platform API

Create and edit properties in bulk, manage organizations and more using our Platform API. Now almost everything you can do in the portal is available as an HTTP endpoint.

Bulk operations

Batch-create/edit/delete properties, which is perfect for import and automated management of client websites.

Audit logs

All operations using API produce the same compliance audit logs as operations in the Portal.

Check docs
curl -X POST https://api.privatecaptcha.com/org \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"name": "New Marketing Org"}'

curl -X POST https://api.privatecaptcha.com/org/vDWtASYqrB/properties \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '[{"name": "Blog", "domain": "blog.example.com"}]'

Security

Use our services via your own domain

A customer may want to use a domain like captcha.customer.com to point to api.privatecaptcha.com so that captcha widget does not contact any other domains except of those of the customer.

This is possible to achieve using DNS proxying (also known as "CNAME proxy").

Check docs

Protect Your Forms
And APIs From Abuse

Independent, privacy-first, user-friendly CAPTCHA service made in EU