Friendly Captcha

What Is Friendly Captcha?

Every website with a contact form, login page, or checkout flow faces the same problem: bots. Automated scripts that spam forms, stuff credentials, and scrape content at industrial scale. The standard solution for over a decade has been Google reCAPTCHA -- but that solution comes with a cost that many European organisations can no longer accept. reCAPTCHA tracks users across the web, sets cookies, and sends data to Google's servers in the United States. For any organisation subject to GDPR, this creates a compliance headache that no amount of cookie banners can fully resolve.

Friendly Captcha, founded in Munich in 2020, offers a fundamentally different approach. Instead of tracking user behaviour or forcing visitors to identify fire hydrants, it uses a proof-of-work mechanism: the visitor's browser silently solves a small cryptographic puzzle in the background. No user interaction, no cookies, no personal data collection, no data leaving the EU. The puzzle is trivial for a single browser but computationally expensive to perform at bot scale, creating an effective economic barrier against automated abuse.

The company has grown steadily as European privacy awareness has sharpened. Government agencies, banks, healthcare organisations, and privacy-conscious businesses across the EU have adopted it as their reCAPTCHA replacement. It is not the flashiest product in the security space, but it solves a specific problem -- bot protection without privacy compromise -- with unusual clarity.

Key Features

Invisible Proof-of-Work Protection

The core innovation is elegant in its simplicity. When a page loads, Friendly Captcha's lightweight JavaScript widget begins solving a cryptographic puzzle in the background using the visitor's browser. The puzzle takes a fraction of a second on modern hardware but scales linearly -- a botnet trying to submit thousands of forms simultaneously would need to expend significant computational resources. There are no images to classify, no checkboxes to tick, and no behavioural tracking happening behind the scenes. The user simply fills in the form and submits it. From their perspective, there is no CAPTCHA at all.

Zero Data Collection Architecture

This is what separates Friendly Captcha from every major competitor. reCAPTCHA collects behavioural data, sets cookies, and builds a risk profile tied to Google's advertising infrastructure. hCaptcha collects data for machine learning training. Friendly Captcha collects nothing. No cookies are set. No personal data is processed. No fingerprinting occurs. The entire verification happens through the cryptographic proof, which contains no user-identifiable information. For GDPR compliance officers, this is not an incremental improvement -- it eliminates the entire category of consent requirements around CAPTCHA services.

Full Accessibility Compliance

Traditional CAPTCHAs are accessibility nightmares. Image challenges exclude visually impaired users. Audio alternatives are often unintelligible. Time limits punish users with motor disabilities. Friendly Captcha sidesteps all of this because the user does nothing. Screen readers, keyboard-only navigation, and assistive technologies work without any accommodation needed. The widget meets WCAG AAA standards -- the highest level of accessibility compliance -- which matters for public sector organisations legally required to maintain accessible websites.

Server-Side Verification API

The backend component is straightforward. After the browser solves the puzzle, the solution token is submitted with the form data. Your server sends this token to Friendly Captcha's verification API, which returns a pass/fail response. The API is hosted on EU infrastructure in Germany, with typical response times under 100ms. Integration libraries are available for PHP, Node.js, Python, Ruby, and Java, and the REST API works with any language.

Adaptive Difficulty Scaling

Friendly Captcha dynamically adjusts puzzle difficulty based on threat level. During normal traffic, puzzles are trivially easy for browsers. When suspicious patterns are detected -- such as a surge of requests from a single IP range -- difficulty increases automatically. This means legitimate users are never inconvenienced while attack traffic faces progressively higher computational costs.

Pricing

Friendly Captcha's pricing is straightforward and volume-based. The free tier provides 1,000 requests per month for a single website -- enough for a personal blog or small business site, but quickly outgrown by anything with meaningful traffic. The Starter plan at EUR 9/month covers 5,000 requests across up to 3 websites. The Growth plan at EUR 39/month scales to 50,000 requests and 10 websites with priority support and analytics.

For larger organisations, Enterprise pricing is custom and includes unlimited requests, unlimited websites, dedicated support, and SLA guarantees. Compared to the hidden costs of reCAPTCHA -- which is "free" but monetises user data -- Friendly Captcha's transparent pricing is refreshing. Compared to hCaptcha's enterprise tier, it is competitively positioned.

The value proposition is strongest for organisations where GDPR compliance costs are a factor. If you are currently spending legal hours justifying reCAPTCHA's data processing or managing consent flows around it, the switch to Friendly Captcha may actually reduce total cost of ownership despite the subscription fee.

EU Compliance & Data Privacy

Friendly Captcha is arguably the most privacy-compliant CAPTCHA solution available. As a German company (Friendly Captcha GmbH, Munich), it falls under EU jurisdiction. All infrastructure is hosted in Germany. No personal data is collected or processed -- not as a policy choice, but as an architectural reality. The proof-of-work mechanism simply does not require any user data to function.

This means no Data Processing Agreement is needed for the CAPTCHA itself, no cookie consent is required, and no entry in your privacy policy's third-party services section is technically necessary (though mentioning it remains best practice). The product is compliant with GDPR, the ePrivacy Directive, and TTDSG (Germany's Telecommunications-Telemedia Data Protection Act) without any configuration.

For public sector organisations, healthcare providers, and financial institutions operating under strict data protection requirements, this level of compliance removes a genuine operational burden.

Who It's Best For

EU public sector and government websites required to meet both GDPR and WCAG accessibility standards. Friendly Captcha satisfies both simultaneously with zero configuration.

Privacy-conscious businesses that want bot protection without adding another tracking service to their consent management burden. Particularly relevant for organisations that have committed to cookie-free or minimal-tracking web properties.

Healthcare and financial services operating under sector-specific data protection requirements where third-party data processing (even by a CAPTCHA service) triggers additional compliance obligations.

Developers building GDPR-compliant applications who want a simple, well-documented API that does not require complex consent integrations or data processing agreements to implement.

The Verdict

Friendly Captcha does one thing exceptionally well: it protects web forms from bots without compromising user privacy or accessibility. It will not match reCAPTCHA's detection sophistication against the most advanced targeted attacks, and its ecosystem of plugins and integrations is still growing. But for the rapidly expanding category of European organisations that need bot protection without the compliance baggage of Google's services, it is the clearest solution available. The proof-of-work approach is technically sound, the privacy architecture is genuinely zero-data, and the company's EU roots make it a natural fit for any European software stack.

Frequently Asked Questions

Is Friendly Captcha GDPR compliant?

Yes. Friendly Captcha collects no personal data, sets no cookies, and processes all data on EU-hosted infrastructure in Germany. It is GDPR and ePrivacy Directive compliant by design.

How does Friendly Captcha work without user interaction?

It uses a proof-of-work mechanism where the visitor's browser solves a small cryptographic puzzle in the background. This happens invisibly and takes a fraction of a second on modern devices.

Can Friendly Captcha replace Google reCAPTCHA?

Yes. Friendly Captcha is a drop-in alternative to reCAPTCHA. It provides bot protection without tracking users or requiring them to identify traffic lights and crosswalks.

Is Friendly Captcha accessible for users with disabilities?

Yes. Because there are no visual or audio challenges, Friendly Captcha is fully accessible and WCAG compliant. Screen readers and assistive technologies work without any issues.

What happens if a visitor has JavaScript disabled?

Friendly Captcha provides a fallback mode for no-JavaScript environments. The form can still be submitted, though the protection level is reduced without the proof-of-work verification.