Skip to content
ALTCHA ALTCHA ALTCHA

DPDPA Compliance

ALTCHA is fully DPDPA compliant.

ALTCHA is a self-hosted, privacy-first solution designed to help you comply with India’s Digital Personal Data Protection Act (DPDPA), 2023. Unlike third-party CAPTCHA services, it runs entirely on your own infrastructure—ensuring no external processing, no profiling, and no unnecessary collection of personal data.

ALTCHA does not collect, process, or retain any personal data as defined under Section 2(t) of the DPDPA.

DPDPA Compliance

1. No Cookies or Tracking

ALTCHA does not use:

  • Cookies or Fingerprinting – No tracking means no consent or cookie banners are required.
  • Behavioral Profiling – ALTCHA does not track or link user behavior across sessions.

For more technical details on how Sentinel respects and protects user privacy, please see the Privacy Protection documentation.

2. Self-Hosted Architecture

  • All data processing occurs on your own servers, under your direct control.
  • No external APIs or third-party interactions – ensuring compliance with localization and jurisdiction requirements.

3. No Personal Data Storage

  • Verifies interactions without collecting or storing names, emails, IP addresses, or any data that could identify an individual.
  • Any temporary metadata is either anonymized or discarded immediately.

4. No Third-Party Sharing

  • ALTCHA is fully self-contained and has no subprocessors or third-party dependencies.
  • This eliminates risks related to unauthorized data sharing or transfers.

5. Security Safeguards

ALTCHA is designed with privacy and security by default. Implementers are encouraged to deploy it within a secure, access-controlled environment in line with Section 8 of the DPDPA (Security Safeguards).

Note: As the deployer of ALTCHA, you act as the Data Fiduciary under the DPDPA and retain full control over how data is processed within your environment.

DPDPA Compliance Checklist

ALTCHA is compliant by design. To maintain compliance, ensure:

  • No Personal Data is Collected – Review your implementation for any accidental data collection.
  • No Consent Needed – ALTCHA does not process personal data requiring consent.
  • Data Minimization – Processes only what is strictly necessary for challenge validation.
  • User Rights are Automatically Respected – No personal data = no data to access, correct, or delete.
  • No Cross-Border Transfers – All data processing remains within your infrastructure.
  • Security Measures – Deploy ALTCHA using secure practices aligned with industry standards.

Why It Matters

The DPDPA promotes data minimization, lawful processing, and user privacy. ALTCHA helps you meet these goals:

  • No consent burdens – Nothing personal is collected.
  • Minimal compliance overhead – No need to manage data subject requests.
  • No third-party risks – Everything stays under your control.

By design, ALTCHA supports a low-risk, high-privacy implementation that aligns with both the letter and spirit of the DPDPA.

ALTCHA is designed to support DPDPA-compliant implementations, but final responsibility for regulatory compliance lies with you, the data controller. Ensure your deployment does not introduce additional data processing or storage beyond what ALTCHA provides.