Security Practices
Questi contenuti non sono ancora disponibili nella tua lingua.
ALTCHA is a privacy-first project designed to protect websites, APIs, and online services from unwanted content and spam. Fully compliant with GDPR and other privacy regulations, ALTCHA ensures that your security and privacy are prioritized. We value the trust you place in us to secure your site, and we work continuously to strengthen that trust through transparency, securing data, and eliminating vulnerabilities.
TL;DR
A quick overview of our security practices:
- All data is encrypted in transit
- No cookies for tracking or fingerprinting
- No user data is stored or logged, unless explicitly required
- ALTCHA SaaS is hosted in the EU and USA, with no data shared between regions
- No third-party services have access to stored data
- Regular vulnerability scans and updates are conducted
ALTCHA is a transparent, secure, and privacy-respecting solution. Below is a more detailed look at the technical measures we implement to safeguard ALTCHA.
Data Minimization
ALTCHA doesn’t collect or store personal data unless required for billing purposes or functionality. We avoid tracking cookies, scripts, and invasive analytics. Our proof-of-work mechanism operates without needing to identify or track users, ensuring all actions through ALTCHA are anonymous by design, preserving your users’ privacy.
Data Encryption
ALTCHA supports asymmetric RSA encryption for data storage where configured by users. Users can choose their security level by opting for either private keys managed automatically by ALTCHA or self-managed private keys.
IP Verification and Spam Filtering
ALTCHA integrates an advanced IP verification system to assess whether requests originate from data centers, known spam networks, or anonymization services such as TOR, which may suggest bot activity. By leveraging blacklists and other filtering techniques, we reduce unwanted traffic and prevent abuse without storing or logging IPs.
Data Encryption in Transit
All communications with ALTCHA are encrypted to prevent unauthorized access. This encryption ensures that no malicious actors can intercept or modify data between your site and ALTCHA’s servers.
Server Locations
ALTCHA is hosted in both the European Union and the USA, ensuring compliance with local data residency rules. The infrastructure is secured within EU-owned cloud services, adhering to strict privacy regulations.
Data Ownership
ALTCHA does not collect, analyze, or monetize any data beyond what is necessary for functionality. You retain ownership of all data generated by your site. ALTCHA will never share or exploit your data.
Regular Updates and Vulnerability Scans
ALTCHA is continuously maintained with regular updates and security patches. We actively scan for vulnerabilities and ensure that any identified security issues are addressed swiftly.
No Third-Party Dependencies
ALTCHA is self-contained and does not rely on third-party services that could compromise the privacy and security of your data. This ensures your site remains secure without external risks.
Payment Information
For commercial services, payment processing is handled by third-party providers that comply with industry standards such as PCI DSS. ALTCHA never handles or stores sensitive financial data.
Physical Security
ALTCHA benefits from the physical security and infrastructure of hosting providers within the EU. These providers hold ISO 27001 certification, ensuring their facilities meet stringent security standards.
Backups and Disaster Recovery
We ensure high availability and uptime through robust backup and disaster recovery measures. In the rare event of an outage, services are restored quickly to minimize disruption.
Reporting Security Issues
If you discover a security vulnerability within ALTCHA, please report it responsibly. We will investigate and release a patch as necessary. Contributions from the community are greatly appreciated to help keep ALTCHA secure.
Security Questions or Concerns?
If you have any questions or concerns about ALTCHA’s security practices, feel free to reach out.
Last Updated: 20/10/2024
Copyright © 2024 Altcha.org - Dedicated to Privacy.
Website and services operated by bausw.com.
OSS hosted on GitHub • Website made with Astro Starlight.
Do you like ALTCHA?
Support us by giving us a star on GitHub!