Made in EU · Hosted in Germany

Drop-in reCAPTCHA replacement. No cookies. No banner.

GDPR-compliant, EU-hosted on Hetzner (ISO 27001 + BSI C5). Free tier — Starter from €9/mo for 20,000 requests.

Start Free — No Card Required See How It Works
Live widget

Try it — interact below

Browser console

filter: [captchaapi]

// Interact with the form to begin…

Open your devtools — the same logs appear there

Hosting infrastructure — independently certified

Hetzner: ISO 27001
Hetzner: BSI C5 Type 2
Hetzner: ISO 14001
Hetzner: TÜV Rheinland audit

Certifications belong to Hetzner Online GmbH (the underlying infrastructure provider, audited annually by TÜV Rheinland) — captchaapi.eu inherits these via its hosting setup and does not claim operator-level certifications of its own. 100% EU-hosted in Nuremberg, Germany.
Pre-signed DPA available. See full trust signals →

Running in production on

Billify Laravel Blog

I run captchaapi in production on my own projects — the EU compliance discipline comes from building Billify (a Czech B2B invoicing tool) daily. Do not take my word for it: open devtools on the Billify login or the laravel-blog.cz contact form, focus a field, and you will see captcha.js load and the /challenge call fire — the same integration these pages describe.

Skip the Cookie Banner

Zero cookies means no GDPR consent popup. Your visitors see your site, not a legal hurdle.

Drop-in reCAPTCHA Replacement

Same div-based integration. 3 lines of code. Works with Laravel, Next.js, Django, Rails, WordPress.

DPA You Can Read in a Browser Tab

The Article 28 DPA is a public page, not a sales call. Read it, link it, archive it — no email, no signature dance, no waiting.

EU-Only CAPTCHA Data

German data center. Czech company. CAPTCHA verification data never leaves the EEA. Payment-provider flows documented in Sub-processors.

Three lines. That's the integration.

Drop the widget into any HTML form. Verify on the backend with any HTTP client. No SDK required.

  • Framework-agnostic: Laravel, Next.js, Django, Rails, WordPress, plain HTML
  • No 3rd-party scripts loaded. Your CSP stays clean.
  • Widget is ~19 KB minified (~7 KB gzipped). Smaller than reCAPTCHA's 1 MB+ payload.
// Frontend: 2 lines
<script>window.CAPTCHA_SITE_KEY = 'pk_live_...';</script>
<script src="https://captchaapi.eu/captcha.js" defer></script>
// + add data-captcha to your <form>
# Backend: 1 line
$ok = verify($_POST['captcha_attestation']);

Real measurements

Invisible to Users. Merciless to Bots.

Every visitor's device solves a small proof-of-work puzzle in a Web Worker while they fill the form. No invisible ML scoring and no behavioral profiling, just math that costs the same for everyone. The network round-trip dominates the wait, not the computation.

~20ms

PoW solve · Mac mini M4
(baseline curve · all plans)

~63ms

PoW solve · iPhone
(Apple Silicon, all plans)

~234ms

Total end-to-end
EU connection

Median of 5 runs per device on production captchaapi.eu. The base PoW curve is the same on every plan, so these numbers apply uniformly to Free and Business visitors. Total end-to-end is identical on both devices because network round-trip to our Nuremberg-anchored EU API dominates over PoW computation. Add data-captcha-debug to your form to verify on your own hardware.

Scalable EU Protection

Simple pricing for EU-hosted CAPTCHA protection. Start free, upgrade when your traffic grows.

Free
Free

Get going for free. Upgrade when you outgrow it.

  • 1 project
  • 5,000 challenges/month
  • EU-hosted infrastructure
  • Commercial use included

Slowdown, then a hard cap. Past 5,000 requests responses gradually slow; 10,000 pauses service until upgrade or cycle reset — details in ToS.

Start for Free
Starter
€9/month

Your first production site. 20× more requests than the closest privacy-first alternative.

  • 3 projects
  • 20,000 challenges/month
  • Commercial use
  • Email support
  • Dashboard charts
Choose Starter
Most Popular
Growth
€29/month

Small SaaS, e-commerce, agency projects. Most customers start here.

  • 10 projects
  • 100,000 challenges/month
  • Priority email support
  • Dashboard charts
Choose Growth
Business
€79/month

High-traffic sites, agencies with many clients, or SaaS with scale.

  • Unlimited projects
  • 500,000 challenges/month
  • Priority support
  • Dashboard charts
Choose Business
Custom pricing for high-volume and enterprise use. Contact me

All paid plans: no setup fees, no credit card on Free, cancel anytime. VAT-compliant invoices for EU businesses (no-VAT for CZ residents; reverse-charge for EU B2B). EU-hosted, GDPR-compliant on every tier.

Built for EU Compliance

Every compliance paper your DPO or procurement team will ask for — already prepared.

Article 28 DPA — pre-signed and public
Article 13 GDPR notice — on my public pages
ISO 27001, BSI C5, TÜV Rheinland — inherited via Hetzner (no operator-level claim)
Lead supervisory authority — ÚOOÚ (Czech Republic)
30-day sub-processor change notice
End-user IP addresses hashed (SHA-256 + salt), cache-only retention (≤ 2 min rate-limit, ≤ 24 h abuse score), never persisted
48-hour breach notification commitment in DPA
Payment-provider US transfers disclosed under DPF + SCCs
Read my DPA See Sub-processors

Ship it. GDPR-safe by default.

Start in 5 minutes. Scale when you need more. No enterprise sales call required.

Create Free Project Compare Plans