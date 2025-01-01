GDPR Compliance

ALTCHA is fully GDPR compliant.

ALTCHA is a self-hosted, privacy-first solution designed to simplify compliance with the General Data Protection Regulation (GDPR). Unlike third-party services, it operates entirely within your infrastructure, eliminating external data processing, tracking, or cookies—keeping user data under your control.

GDPR Compliance

1. No Cookies or Tracking

ALTCHA does not use:

Cookies nor Fingerprinting – No cookie consent banners required.

– No cookie consent banners required. Personalized Analytics – Verification logs are anonymized or discarded, with no ties to individual users.

For more technical details on how Sentinel respects and protects user privacy, please see the Privacy Protection documentation.

2. Fully Self-Hosted

All data processing occurs on your servers —no reliance on external providers.

—no reliance on external providers. No third-party transfers—ensuring data remains within your jurisdiction.

3. No Personal Data Storage

Verifies interactions without collecting identifiable user information.

identifiable user information. IP addresses and metadata are either discarded immediately or processed in a way that does not allow user identification, helping avoid classification as personal data under GDPR.

Note: If your implementation stores logs or enriches metadata externally, ensure it aligns with GDPR requirements.

4. No Subprocessors or Data Sharing

No third-party dependencies—eliminating GDPR complexities tied to external vendors.

GDPR Compliance Checklist

While ALTCHA is compliant by design, ensure your implementation follows GDPR best practices:

No Cookie Consent Needed – Zero cookies mean no additional disclosures.

– Zero cookies mean no additional disclosures. Data Minimization – Collects only what’s necessary (if anything).

– Collects only what’s necessary (if anything). Automated User Rights Compliance – No stored personal data = minimal need for access/deletion request handling.

– No stored personal data = minimal need for access/deletion request handling. No Cross-Border Transfers – Self-hosting keeps data within your legal jurisdiction.

Why It Matters

GDPR compliance is effortless with ALTCHA:

Self-hosted = Full data control.

= Full data control. No tracking = No legal overhead.

= No legal overhead. No cookies = Simplified user experience.

By design, ALTCHA reduces compliance risks while protecting user privacy.

ALTCHA is designed to support GDPR-compliant implementations, but final responsibility for regulatory compliance lies with you, the data controller. Ensure your deployment does not introduce additional data processing or storage beyond what ALTCHA provides.