Three of the four major CAPTCHA services are owned by US advertising platforms. We built a fourth—hosted in Germany, operated under EU data law—that does the work without the surveillance.
No card required. GDPR-compliant by design. Drop-in replacement for reCAPTCHA, hCaptcha, and Turnstile.
reCAPTCHA enriches a behavioural profile attached to a Google identity. hCaptcha sells annotation labour to ML training pipelines. Turnstile routes every request through Cloudflare's network. All three work, technically. None of them are doing only what they say on the tin.
A CAPTCHA should keep bots out of your forms. That's it. It shouldn't be a tracking pixel, a sales funnel for an adjacent product, or a data-export pipe to a different jurisdiction. So we built one that isn't.
TrustedCaptcha is a verification service—a small server in Germany, talking only to your servers and your users' browsers, signing the result, and forgetting the rest. Daily logs are truncated at /24 (IPv4) and /64 (IPv6). User agents are hashed with a per-deployment pepper. Nothing leaves the EU. There is no ad-tech partner.
Smart-click for trusted users (85% of traffic). Image grid, math, logic, and audio for ambiguous risk scores. Invisible proof-of-work for low-stakes forms. The risk engine picks per request.
Same embed shape as reCAPTCHA. Token surface fills g-recaptcha-response, h-captcha-response, and cf-turnstile-response. Most server code keeps working as-is.
PHP, JavaScript, and SQL. About 12 KB of widget code. No build step. No minified blob phoning home. Hostable on your own infrastructure if our service ever stops being the right answer for you.
/24 & /64 · UAs hashed with per-deployment pepper| TrustedCaptcha | reCAPTCHA v3 | hCaptcha | Turnstile | |
|---|---|---|---|---|
| Hosted in the EU | Germany | No (US) | No (US) | No (global) |
| Owned by an ad-tech company | No | Indirect | Cloudflare | |
| Sells solved challenges as ML labels | No | Yes | Yes | No |
| Source readable | Yes | No | No | No |
| Drop-in for reCAPTCHA code | Yes | — | Yes | Mostly |
| Free tier daily limit | 1,000 verifications | 1M | 1M | Unlimited |
We're not pretending to match Google's free tier. Our pricing reflects the cost of running a small, EU-only service that isn't subsidised by an adjacent business. If you genuinely need a million daily verifications and don't care where they're processed, you have other options.
<script src="https://cdn.trustedcaptcha.com/widget/v1/api.js"
async defer></script>
<form action="/signup" method="POST">
<input name="email">
<div class="trustedcaptcha"
data-sitekey="0x..."></div>
<button>Sign up</button>
</form>$response = file_get_contents(
'https://challenges.trustedcaptcha.com/api/v1/siteverify'
. '?secret=' . urlencode($SECRET)
. '&response=' . urlencode($_POST['trustedcaptcha-response'])
. '&remoteip=' . urlencode($_SERVER['REMOTE_ADDR'])
);
$result = json_decode($response, true);
if (!$result['success']) { /* reject */ }Examples for Python, Ruby, Node, Go, and Rust in the quickstart docs.
€200/year if billed annually. Cancel anytime — no clawbacks, no penalties.