Protecting user's privacy and your website from spam.

ALTCHA is free, open-source CAPTCHA alternative that protects your website from spam and abuse.

ALTCHA uses a proof-of-work mechanism to protect your website, APIs, and online services from spam and unwanted content. Unlike other CAPTCHA solutions, ALTCHA is free, open-source and self-hosted, does not use cookies nor fingerprinting, does not track users, and is fully compliant with GDPR.

simply a better CAPTCHA.

A modern, accessible and inclusive approach to spam protection.

GDPR Compliant

Comply with GDPR by using a privacy-first solution that does not use cookies nor fingerprinting and does not track users.

Friendly to Humans

Say goodbye to tedious puzzle-solving and improve your website's UX by integrating a fully automated proof-or-work mechanism.

Inclusive to Robots

Get ready for AIs and integrate M2M ALTCHA into your APIs and online services making them accessible to machines.

Open source, MIT licensed

ALTCHA is a free, open-source project licensed under a permissive MIT license. Ideal for everyone - individuals, small businesses and enterprises.

Are you a human?
Try ALTCHA for humans

Our web component is familiar to users and easy to integrate into your website.

Check the box to get verified.

Integration guide

Protected form
Are you a robot?

Try Machine-to-Machine (M2M) ALTCHA

M2M ALTCHA works as a rate-limiter implemented on the consumer's end. It helps you protect expensive resources, reduce spam and abuse in your online services and APIs while keeping them accessible to automated systems.

Read more about M2M ALTCHA

Easy integration

Add the script into the your website and use the <altcha-widget> tag in your forms.

<!-- Add <script> tag -->
<script async defer src="/altcha.js" type="module"></script>

<!-- Use <altcha-widget> tag in your forms -->
<altcha-widget challengeurl="/api/altcha"></altcha-widget>
Refer to the documentation for more details.
Refer to the documentation for more details.
import { createChallenge, verifySolution } from 'altcha-lib';

const hmacKey = '$ecret.key'; // Change the secret HMAC key

// Create a new challenge and send it to the client:
const challenge = await createChallenge({

// When submitted, verify the payload:
const ok = await verifySolution(payload, hmacKey);
For integrations with other languages and frameworks, visit the community integrations.

A better reCAPTCHA alternative

Privacy-friendly, GDPR compliant

No cookies, no tracking, no external servers.


No visual puzzles. PoW is much better for people.


Adjust the complexity of the PoW and widget branding to your needs.


All humans and all robots are welcome. M2M ALTCHA can be implemented on any system.


Free to use, free to modify. MIT licensed.