Skip to content
ALTCHA ALTCHA ALTCHA

Privacy Protection

This document explains how ALTCHA Sentinel provides effective spam protection while fully respecting user privacy.

No Cookies or Tracking

ALTCHA Sentinel does not use cookies or fingerprinting. This means:

  • No cookie consent banners are required.
  • Verification logs are anonymized and automatically discarded after a short, configurable period (72 hours by default).
  • No data is stored that could identify individual users.

Ephemeral Device Keys (EDK)

To ensure ALTCHA Sentinel adheres to strict data-privacy regulations, the system uses Ephemeral Device Keys (EDKs) — short-lived, non-persistent identifiers designed for rate-limiting and security enforcement.

How EDKs Work

  • Generated daily (valid for up to 24 hours), ensuring automatic rotation.
  • Derived from HTTP headers and the device’s IP address, then hashed using a cryptographic hash function (SHA-256) with a rotating daily salt, ensuring unlinkability and resistance to reverse-engineering.
  • Used only for temporary device identification — not for long-term tracking or user profiling.

Data Privacy Compliance

This approach is designed to align with GDPR and other privacy frameworks by implementing:

Minimized Data Exposure

  • EDKs are derived from device-level attributes but are not directly linked to identifiable individuals.
  • No long-term storage; keys expire and are discarded daily.

No Long-Term Identifiability

  • Daily key rotation prevents persistent tracking of any user or device.
  • Even if intercepted, keys expire rapidly and cannot be reused.

Pseudonymization & Security

  • Raw IPs/headers are hashed before use, reducing the risk of reverse-engineering.
  • EDKs are used solely for anti-abuse and rate-limiting, not for profiling or analytics.

Compliance with Storage Limitation

  • Keys are ephemeral and discarded after use, avoiding unnecessary retention.
  • The use of EDKs is supported by legitimate interest under GDPR Article 6(1)(f), balancing system integrity with user privacy.

IP Anonymization

When IP addresses are stored in request logs or form submission data, anonymization is enabled by default and can be controlled via the ANONYMIZE_IP_ADDRESS environment variable.

When enabled, the last segment of each IP address is removed. For example, the IP address 123.123.123.123 becomes 123.123.123.0.

This truncation significantly reduces the ability to identify an individual user and helps meet data minimization principles under the GDPR. In most cases, such anonymized IP addresses are no longer considered personal data, provided they are not combined with other identifying information.