GDPR/CCPA ready
No personal data processing. DPA ready.
Private Captcha is a GDPR/CCPA-compliant CAPTCHA solution without any user tracking, cookies or PII collection.
No personal data processing. DPA ready.
No cookies - no need for intrusive pop-ups.
No personal data processing. DPA ready.
We do not collect behavioral or personal data.
Our code is publicly available on GitHub for an audit. Or self-hosting.
GDPR compliance
Make your website compliant by using a CAPTCHA protection that will not complicate your privacy policy.
User privacy is the foundational principle for us: no cookies, no tracking, no PII processing on our servers. This is easily verifiable because our code is publicly available.
Special mode where it's enforced that all requests are routed only to servers located in the EU, instead of the closest location around the world. Data is always only stored inside the EU.
In addition to other privacy guarantees, you have an option to host Private Captcha solution on your premises, thus having full data ownership and routing control.
Compliance
Keep your data safe and know exactly who changed what and when. View activity at the property, organization, or account level. Export logs to CSV for any time range.
You get 14 days of audit data included with every plan, with an upgrade option for 365 days.
Security
A customer may want to use a domain like captcha.customer.com to point to api.privatecaptcha.com so that captcha widget does not contact any other domains except of those of the customer.
This is possible to achieve using DNS proxying (also known as "CNAME proxy").
Check docsQuestion zone
Instead of asking users to solve complex puzzles or track their behavior, Private Captcha solves an invisible cryptographic task in the background. The system automatically adjusts the task difficulty, ensuring smooth access for real users while making it too costly for bots to attempt. Cryptographic task provides equal security regardless of bot's intelligence level, making it effective even as AI technology improves. Which is hard to say about image/sound recognition tasks of other captchas.
On scale, bots exhibit different usage patterns and fingerprints statistics than real users. Detection of those patterns is part of the Private Captcha solution.
Private Captcha does not use any client-side tracking technologies like cookies and does not retain Personally Identifiable Information (PII) on its backend systems. As part of service operation, user data is anonymized and aggregated, making it impossible to track to any individual user.
Private Captcha is powered by exclusively European suppliers. If you want to ensure that no data is transferred to other countries due to geographic routing, you can also use our EU-only API endpoints.
The data we collect belongs to you. We do not collect PII and aggregated data we do collect is not shared with any third-parties. Outside of the hosting companies that own servers on which data is stored, no other vendor can access it.
Short answer is no. Our non-EU servers are API servers only without any data persistance (any data copies are temporary in memory only). Any servers that store (and/or replicate) data on disk, are within the EU only.
The Private Captcha widget offers better accessibility for website visitors, regardless of their cognitive abilities. Also, it is a more lightweight (17 vs 220 kB) solution that does not require cookie banners and therefore reduces friction of using the website.
Independent, privacy-first, user-friendly CAPTCHA service made in EU