Privacy Policy

1. Introduction

rCAPTCHA ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information from both publishers (website owners) and end users (website visitors) who interact with our CAPTCHA service.

2. Information We Collect

2.1 Publisher Information

When you register as a publisher, we collect:

• Account Information: Email address, name, authentication credentials
• Payment Information: PayPal email, bank account details, or cryptocurrency addresses (for payouts)
• Usage Data: Number of CAPTCHA completions, earnings, website URLs where widgets are embedded
• Technical Data: IP address, browser type, device information (for security)

2.2 End User Information

When an end user completes a CAPTCHA, we collect:

• IP Address (Hashed): We hash IP addresses using SHA-256 for rate limiting purposes. The original IP is never stored.
• User Agent: Browser and device information to detect automated bots
• Completion Metrics: Time taken to solve CAPTCHA, solution validity
• Ad Interaction: Whether the advertisement loaded successfully

Important: We do NOT collect or store names, email addresses, or any personally identifiable information from end users completing CAPTCHAs.

3. How We Use Information

3.1 Publisher Data

• Process credit earnings and payouts
• Prevent fraud and abuse
• Provide customer support
• Send important service updates and notifications
• Improve our service

3.2 End User Data

• Rate limiting (1 credit per IP per 24 hours)
• Bot detection and prevention
• Validate CAPTCHA completions
• Aggregate analytics (no individual tracking)

4. Data Storage and Security

Hybrid Encryption

Encryption: Publisher dashboard data is encrypted using hybrid asymmetric RSA-2048 + symmetric AES-256-GCM encryption before being stored in our cache. This prevents unauthorized access even if our systems are compromised.

Database Security: All data is stored in secure, encrypted databases with row-level security (RLS) policies that prevent unauthorized access.

IP Hashing: End user IP addresses are immediately hashed using SHA-256 with no salt. The original IP is never stored, making it impossible to reverse-engineer.

5. Cookies and Tracking

Publisher Dashboard: We use localStorage to store authentication tokens (JWT). No cookies are used.

CAPTCHA Widget: We do NOT use cookies or any persistent tracking for end users. Each CAPTCHA completion is independent and anonymous (except for hashed IP for rate limiting).

Third-Party Ads: Advertisements displayed in the CAPTCHA widget may use cookies from ad networks (A-Ads, Coinzilla). Please review their privacy policies:

• A-Ads Privacy Policy: https://a-ads.com/privacy
• Coinzilla Privacy Policy: https://coinzilla.com/privacy-policy/

6. Data Sharing

We do NOT sell, rent, or trade your personal information. We share data only in these limited circumstances:

• Service Providers: Payment processors (PayPal, banks) for payouts
• Legal Requirements: If required by law, court order, or government regulation
• Business Transfer: If rCAPTCHA is acquired or merged, your data may transfer to the new owner

7. Data Retention

• Publisher Accounts: Retained until account deletion is requested
• CAPTCHA Completions: Stored permanently for auditing and fraud prevention
• Hashed IPs: Stored for 24 hours, then retained in completion records (cannot be reversed to original IP)
• Cache Data: Automatically expires after 5 minutes

8. Your Rights (GDPR Compliance)

If you are a publisher in the EU, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request account and data deletion (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your data

To exercise these rights, contact us at: privacy@rcaptcha.app

9. Children's Privacy

rCAPTCHA is not directed at children under 13. We do not knowingly collect information from children. Publishers must not use rCAPTCHA on websites primarily directed at children.

10. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using rCAPTCHA, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify publishers of material changes via email. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or requests:
Email: privacy@rcaptcha.app
Data Protection Officer: dpo@rcaptcha.app