Privacy-critical captcha

Captchas can be found on almost every website and are commonly used to defend against spam, bots, and other types of malicious traffic. The most popular Captcha provider is Google’s reCAPTCHA, which is used on many websites around the world.

What many users may not know is that by embedding reCAPTCHA into their website, they are voluntarily forwarding personal data about their website users to the United States. This data may include a complete snapshot of the user’s browser window, browser plugins, mouse movements, keystrokes, previously visited websites, IP address and more [1]. In addition, reCAPTCHA uses cookies for its service [2].

Without informing your users about this data transfer, you are violating the rights of your users under the GDPR. Google reCAPTCHA doesn’t disclose enough information about how they process this data in their Google reCAPTCHA Privacy Policy making it nearly impossible to justify the data transfer [3].

There are alternatives to reCAPTCHA like hCaptcha that promise GDPR compliance and privacy for their users. While this may be true to an extent, these Captcha providers have one thing in common: They are either hosted in the US or at least US companies. This means it’s impossible to guarantee that data about your users will never leave the EU.

It’s therefore important to assess Captcha alternatives, specifically those that are based in the EU and don’t transfer any personal data into foreign jurisdictions. Without transferring data into foreign countries it’s a lot easier to comply with GDPR.

European data protection

Friendly Captcha as European Captcha Service

Friendly Captcha is an European Captcha provider based in Germany and hosted in the EU. It’s focused on privacy and accessibility and can be configured to prevent personal data from being transferred to countries outside the EU. Friendly Captcha is subject to the highest European data protection standards and doesn’t collect any personal information about your website users and doesn’t use cookies.

It’s accessible to many types of users because it never requires the user to manually solve a puzzle. It works by serving a unique cryptographic puzzle to each visitor which the browser can solve in the background. The difficulty of these puzzles is scaled dynamically based on different signals. This is different from the Invisible Captcha features of hCaptcha and reCAPTCHA who still require the user to manually solve a puzzle if they consider the user to be suspicious. This is not the case for Friendly Captcha.

Privacy-friendly captcha

Make Your Website GDPR-Compliant

Using reCAPTCHA on your website makes it hard to comply with GDPR and is therefore no longer a viable option for websites that have users in the EU. It’s therefore important to search for European Captcha alternatives that can be used in a GDPR compliant way and don’t transfer data to foreign countries like the US.

Friendly Captcha processes data in the EU and doesn’t save any personal information about your website’s users. It’s fully accessible and user friendly as it doesn’t require the user to manually solve a puzzle. Consequently, Friendly Captcha is the best solution for organizations that are looking for a GDPR compliant Captcha solution based in the EU.

If Friendly Captcha sounds like a good potential solution for your website and you want to experience it yourself, you can check out the live demo. You can find more information about Friendly Captcha and its high privacy standards in the Friendly Captcha Privacy Center.