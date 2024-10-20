ALTCHA is a privacy-first project designed to protect websites, APIs, and online services from unwanted content and spam. Fully compliant with GDPR and other privacy regulations, ALTCHA ensures that your security and privacy are prioritized. We value the trust you place in us to secure your site, and we work continuously to strengthen that trust through transparency, securing data, and eliminating vulnerabilities.

For acknowledged vulnerabilities, please refer to the ALTCHA Security Advisory.

TL;DR

A quick overview of our security practices:

All data is encrypted in transit

No cookies for tracking or fingerprinting

No user data is stored or logged, unless explicitly required

ALTCHA SaaS is hosted in the EU and USA, with no data shared between regions

No third-party services have access to stored data

Regular vulnerability scans and updates are conducted

ALTCHA is a transparent, secure, and privacy-respecting solution. Below is a more detailed look at the technical measures we implement to safeguard ALTCHA.

Data Minimization

ALTCHA doesn’t collect or store personal data unless required for billing purposes or functionality. We avoid tracking cookies, scripts, and invasive analytics. Our proof-of-work mechanism operates without needing to identify or track users, ensuring all actions through ALTCHA are anonymous by design, preserving your users’ privacy.

Data Encryption

ALTCHA supports asymmetric RSA encryption for data storage where configured by users. Users can choose their security level by opting for either private keys managed automatically by ALTCHA or self-managed private keys.

IP Verification and Spam Filtering

ALTCHA integrates an advanced IP verification system to assess whether requests originate from data centers, known spam networks, or anonymization services such as TOR, which may suggest bot activity. By leveraging blacklists and other filtering techniques, we reduce unwanted traffic and prevent abuse without storing or logging IPs.

Data Encryption in Transit

All communications with ALTCHA are encrypted to prevent unauthorized access. This encryption ensures that no malicious actors can intercept or modify data between your site and ALTCHA’s servers.

Server Locations

ALTCHA is hosted in both the European Union and the USA, ensuring compliance with local data residency rules. The infrastructure is secured within EU-owned cloud services, adhering to strict privacy regulations.

Data Ownership

ALTCHA does not collect, analyze, or monetize any data beyond what is necessary for functionality. You retain ownership of all data generated by your site. ALTCHA will never share or exploit your data.

ALTCHA is continuously maintained with regular updates and security patches. We actively scan for vulnerabilities and ensure that any identified security issues are addressed swiftly.

No Third-Party Dependencies

ALTCHA is self-contained and does not rely on third-party services that could compromise the privacy and security of your data. This ensures your site remains secure without external risks.

Payment Information

For commercial services, payment processing is handled by third-party providers that comply with industry standards such as PCI DSS. ALTCHA never handles or stores sensitive financial data.

Physical Security

ALTCHA benefits from the physical security and infrastructure of hosting providers within the EU. These providers hold ISO 27001 certification, ensuring their facilities meet stringent security standards.

Backups and Disaster Recovery

We ensure high availability and uptime through robust backup and disaster recovery measures. In the rare event of an outage, services are restored quickly to minimize disruption.

Reporting Security Issues

If you discover a security vulnerability within ALTCHA, please report it responsibly. We will investigate and release a patch as necessary. Contributions from the community are greatly appreciated to help keep ALTCHA secure.

Security Questions or Concerns?

If you have any questions or concerns about ALTCHA’s security practices, feel free to reach out.

Last Updated: 20/10/2024