Friendly Captcha
Create Account
Sign in
Privacy-First Bot Protection

PIPL-Compliant CAPTCHA

Friendly Captcha is fully PIPL-compliant.

China’s comprehensive privacy framework, the Personal Information Protection Law (PIPL), establishes strict rules for the collection, use, storage, and transfer of personal information. The law introduces some of the world’s strictest enforcement penalties.

Friendly Captcha meets PIPL requirements by design. It distinguishes bots from humans without using HTTP cookies, user tracking, or behavioral interaction data. Therefore, it is the best choice for enterprises seeking secure, user-friendly bot protection, and meet Personal Information Protection Law compliance requirements.

Start with Friendly Captcha

PIPL Compliance With Friendly Captcha

No personal information collected

  • No collection of emails, IP addresses, or device IDs
  • No HTTP cookies and persistent browser storage

Data Protection without risky processing

  • Cryptographic Proof-of-Work
  • No black-box decision-making or scoring

Easy integration across platforms

  • Works with any form, CMS, or backend framework
  • Simple API and SDKs for fast implementation

Transparent by Design

  • Open-source front-end code for full auditability
  • Clear, accessible privacy policy

Upgrade to a Fully PIPL-Compliant CAPTCHA

Most traditional CAPTCHA solutions used on websites collect personal data, use tracking technologies, and require user consent. This creates friction for users and compliance headaches for your business.

Try Friendly Captcha. Stay PIPL-compliant. Stay in control.

Start with Friendly Captcha
Trusted by the world’s leading organizations
European Union
Porsche
Auth0
SAP
1&1 IONOS
Birkenstock
Red Cross
Veolia

PIPL Compliance Checklist

Friendly Captcha helps your enterprise to align with the core principles of the Personal Information Protection Law in China and to be in accordance with the PIPL:

No personal information processing

Friendly Captcha doesn't collect or handle personal information, such as IP addresses or device identifiers. We don't handle sensitive personal information, such as biometrics, precise location, or health information. These definitions align with those of “personal information” and “sensitive personal information” in the PIPL (Articles 4, 28).

No consent required

Under the PIPL, the processing of personal data requires a legal basis such as explicit consent. But if no personal information is handled, these consent obligations do not apply (Articles 13-15).

No international transfers

Our global endpoint serves requests from the point of presence nearest the end user. We ensure that these requests contain no personal information, so PIPL’s cross-border transfer rules do not apply. (Chapter III, Articles 38–43.)

Data Subject Rights not triggered

Because no personal information is collected or retained, enterprises don't need to concern about user rights such as access, correction, deletion, explanation, and withdrawal of consent (Chapter IV, Arts. 44–50).

No Automated Decision-Making Issues

As no personal data is processed, there are no concerns relating to automated decision-making or profiling as regulated by the PIPL (Article 24).

Transparency and accountability

We maintain clear and auditable privacy disclosures. This aligns with the principles of openness and transparency set forth in Article 7 of the PIPL.

See our privacy policy for end users to learn more.

FAQ

Under the PIPL, you don’t need consent to run a CAPTCHA if your implementation doesn’t process personal information (PI). However, if PI is processed, you must have a lawful basis (e.g., consent), and if you rely on consent, it must be voluntary and informed (Arts. 13–15). Handling sensitive personal information (PI) generally requires separate consent (Art. 29), and processing the PI of minors under 14 requires guardian consent (Art. 31). Friendly Captcha doesn’t process or handle personal information, so it doesn’t require consent at all.

Cross-border transfer rules only apply to CAPTCHA if your implementation provides personal information (PI) overseas. If no personal information (PI) is sent abroad, the outbound transfer regime of the Personal Information Protection and Electronic Documents Act (PIPEDA) isn’t engaged. Friendly Captcha’s global endpoint serves requests from the point of presence nearest the user.

Friendly Captcha is PIPL-compliant; when deployed, it does not process personal information (PI) or sensitive personal information (SPI). This fully aligns with the PIPL’s definitions of personal information and sensitive personal information (Arts. 4 and 28), meaning that consent and cross-border mechanisms are not triggered (Arts. 13–15 and 38–43).

The Personal Information Protection Law (PIPL) is the People’s Republic of China’s comprehensive privacy law. It applies within China and extraterritorially to overseas activities involving the personal information (PI) of Chinese individuals for the purpose of offering products or services or analyzing behavior. The law establishes core principles, including openness and transparency (Article 7), and a rights framework for individuals (Chapter IV, Articles 44–50).

Choose a PIPL-Compliant CAPTCHA

Stay in control of your data, avoid complex compliance issues, and give your users a clean, privacy-first experience. Friendly Captcha is designed to help you stay PIPL-compliant by default.

Start now
Contact us

Improve user experience

Friendly Captcha is completely automated and fully accessible. Experience it yourself!

Try live demo

Start your integration

Adding Friendly Captcha takes only minutes and just a few lines of code.

Read the docs