If you're reading this, you've already ruled out reCAPTCHA. (If you're still weighing it, I wrote up why reCAPTCHA's 2026 changes are a GDPR problem for EU sites separately.) You want EU hosting. No cookies. Proof-of-work instead of "click all the bicycles". Friendly Captcha is the obvious answer in that space, and it's a fine product. I built captchaapi.eu in the same niche, and depending on what you run, it may be the better fit. Especially if you're a small SaaS, an indie dev, or an agency managing a handful of client sites.
This isn't a Friendly Captcha takedown. They have a real customer book (Porsche, SAP, Auth0, Red Cross) and a freshly issued WACA Gold accessibility certificate (WCAG 2.2 AA, audited independently in January 2026). I want to put both products on the table with real numbers and let you decide.
TL;DR
| Friendly Captcha Starter | captchaapi.eu Starter | |
|---|---|---|
| Price | €9/mo | €9/mo |
| Requests / month | 1,000 | 20,000 |
| Domains | 1 | 3 |
| EU-only data residency | Opt-in (EU endpoint config) | Default (Hetzner Nuremberg) |
| Proof-of-work | ✅ | ✅ |
| Cookies / tracking | None | None |
| WACA Gold (WCAG 2.2 AA) | ✅ | Not yet certified |
| Years in production | Several | <1 |
At the Starter tier captchaapi.eu gives you 20× more requests for the same nine euros. If you need a formal accessibility certificate or an enterprise-grade name behind the vendor, Friendly Captcha is the safer pick.
Why an alternative needs to exist
Friendly Captcha did the hard work of proving you can do bot defense without the privacy theater. Their team knows what they're doing. The product is solid. I'm not pretending otherwise.
The reason I built captchaapi.eu is narrower:
Their pricing curve doesn't bend for small projects.
Look at the math. Starter is €9/mo for 1,000 requests. That's about 33 a day. Plenty if all you have is a contact form on a marketing site. But the moment you're running a SaaS (signup, password reset, contact form, maybe two API endpoints), 1,000 requests is a week's worth of traffic. And the next tier is €39/mo for 5,000.
That's the hole captchaapi.eu slots into.
Tier by tier
Specifics, not vibes. Every Friendly Captcha number below comes from their pricing page. Every captchaapi.eu number comes from ours.
Starter (€9/mo)
| Friendly Captcha | captchaapi.eu | |
|---|---|---|
| Requests | 1,000 | 20,000 |
| Domains | 1 | 3 |
| Commercial use | ✅ | ✅ |
| Free tier | 1,000 req/mo non-commercial | 10,000 req/mo, commercial OK |
Same nine euros. Same proof-of-work idea underneath. Real differences at this tier: 20× the requests, three domains instead of one, and EU-only data residency by default. Friendly Captcha's default endpoint is global (multi-region); you opt into EU-only by changing the endpoint config. Worth knowing if your DPO has opinions about that.
One form on one tiny site, either product works. Anything bigger, captchaapi.eu has the headroom you actually need.
Growth (€39 vs €29/mo)
| Friendly Captcha Growth | captchaapi.eu Growth | |
|---|---|---|
| Price | €39/mo | €29/mo |
| Requests | 5,000 | 100,000 |
| Domains | 5 | 10 |
| Usage statistics | ✅ | ✅ (dashboard charts) |
The gap widens. We're €10 cheaper and ship 20× the requests. For a small SaaS with a few flows behind the CAPTCHA, this is the tier most customers land on.
Advanced (€200) vs Business (€79)
This is where the two products stop being apples-to-apples, and I'd rather flag it than pretend otherwise.
| Friendly Captcha Advanced | captchaapi.eu Business | |
|---|---|---|
| Price | €200/mo | €79/mo |
| Requests | 50,000 | 500,000 |
| Domains | 50 | Unlimited |
| Infrastructure | Dedicated EU data centers | Shared (Hetzner Nuremberg) |
| Guaranteed uptime | 99.9% SLA | No formal SLA |
| Real-time risk intelligence | ✅ | Not offered |
| User management | ✅ | Not offered |
| Online support | ✅ | Email support |
Friendly Captcha Advanced isn't really the same kind of product as our Business plan. For €200 you're buying dedicated EU-only data centers, contracted 99.9% uptime, real-time risk intelligence, and behavioral signals on top of the PoW. That's a proper enterprise package. If you need any of it, that's where your money should go.
captchaapi.eu Business at €79 doesn't try to play in that league. Every customer runs on shared (but well-spec'd) Hetzner infrastructure, there's no contractual SLA, no dynamic risk engine. Just the baseline per-IP difficulty curve with sitekey-level escalation when abuse is detected. Need volume on shared infra? Less than half the price, 10× the requests. Need dedicated infra or a signed SLA? Go to Advanced.
Above Advanced, Friendly Captcha sells a custom-priced Enterprise plan with a self-hosted endpoint, SSO, audit logs, unlimited everything. captchaapi.eu has nothing like that.
When Friendly Captcha is the right call
A comparison post that only flatters its own side isn't worth your time. So here's the honest version.
Go with Friendly Captcha if you need:
WACA Gold accessibility certification. Friendly Captcha v2 was audited by WACA in Austria against WCAG 2.2 AA and certified Gold in January 2026. captchaapi.eu is built accessibly (no visual puzzles, no audio challenges, screen-reader-friendly state machine), but I haven't paid for a third-party audit yet. If you have EAA, BFSG, or public-sector procurement to clear, that paperwork matters.
Enterprise logos and reference customers. Porsche, SAP, Auth0, 1&1 IONOS, Birkenstock, Red Cross, Veolia, EU institutions. If your CISO needs to see big names before signing anything, Friendly Captcha wins on day one.
Dedicated EU data centers and a 99.9% SLA. Advanced plan (€200) and up.
Real-time risk intelligence and dynamic difficulty. Same. Advanced and up.
Self-hosted deployment. Enterprise plan only. For organizations that can't talk to a third-party endpoint at all.
A free tier with name recognition. We both have one (FC: 1,000 req/mo non-commercial; us: 10,000 req/mo, commercial OK), but theirs is the one your devs have heard of.
None of those are trivial. If any of them is a hard requirement, save yourself the migration and go with Friendly Captcha. They'll look after you.
When captchaapi.eu is the right call
Go with us if you're:
A small SaaS or indie product where €9 for 1,000 requests is too tight and €39 for 5,000 is overkill. The 20,000 / €9 sweet spot doesn't exist over there.
An agency or freelancer running multiple client sites. Three domains on Starter, ten on Growth, unlimited on Business. Versus their 1 / 5 / 50.
Watching the budget but still need to pass compliance. EU-only data residency by default. Hetzner Nuremberg, ISO 27001 and BSI C5 inherited via Hetzner. Friendly Captcha can do EU-only too, but you opt into their eu endpoint; default is global. Same no-cookies story on both ends, same proof-of-work. Fraction of the per-request cost.
OK working with a younger vendor. captchaapi.eu launched in 2026. The product is in good shape and I write openly about the architecture on the blog, but I can't show you a five-year reference list yet.
The technical bits (the stuff most posts skip)
The protocols are identical. Client pulls a challenge, solves a SHA-256 PoW in a Web Worker, ships the solution back with the form, server checks it. No cookies, no fingerprinting, no third-party trackers anywhere in the chain.
A few practical differences worth flagging.
Widget size. Ours is around 19 KB minified. Small enough to open in your editor and skim through in five minutes. Both products ship dramatically smaller payloads than reCAPTCHA does.
Integration. Both use a div-based drop-in. Three lines: one script tag, one data-* attribute on the form, one server-side verify. No SDK lock-in either side.
Solve time. PoW speed depends on the device. captchaapi.eu publishes real production measurements: ~20 ms PoW solve on a Mac mini M4, ~63 ms on iPhone, ~234 ms end-to-end. Network RTT to our Nuremberg-anchored API does most of the heavy lifting, not the math. The base difficulty curve is tier-agnostic, so Free and Business visitors see identical timing. Stick data-captcha-debug on your form and you can sanity-check it on your own hardware. Friendly Captcha tunes things similarly, though I don't have a directly comparable published benchmark from them to cite.
Languages. Our widget ships translations for 10 locales: English, German, French, Spanish, Italian, Polish, Dutch, Portuguese, Czech, Romanian. Friendly Captcha covers more languages. They've had longer to grow that list.
What happens at the monthly cap. Our paid tiers are never hard-blocked when they hit the limit. Visitors keep getting challenges at the normal difficulty. The Free tier is capped at 100%.
The thinking is simple. The visitor didn't decide what plan to buy, so the visitor shouldn't be the one taking the hit if quota runs out. Friendly Captcha Advanced does something more sophisticated (dynamic difficulty scaling based on real-time threat assessment), but that's a different mechanism for a different problem.
DPA, GDPR, sub-processors (the boring but important stuff)
Both products publish their data processing agreements and sub-processor lists. Both are GDPR-compliant out of the box. Both let you skip the cookie banner because there are no cookies to consent to.
captchaapi.eu publishes a pre-signed DPA that you can grab from the legal page without going through procurement back-and-forth. End-user IPs are hashed (SHA-256 with a per-deployment salt), held in cache only (≤2 minutes for rate-limiting, ≤24 hours for abuse scoring), and never persisted to disk or database. Lead supervisory authority is ÚOOÚ (Czech Republic). The full sub-processor list is published with a 30-day change notice commitment.
Friendly Captcha offers equivalent paperwork. Headquartered in Bavaria, under BayLDA jurisdiction.
If your DPO needs a specific clause, both products will negotiate. If your DPO just needs some DPA to staple to the file, both are immediately usable.
Migration in three lines
If you're already on Friendly Captcha and want to test captchaapi.eu side-by-side, the migration looks like this:
<script>window.CAPTCHA_SITE_KEY = 'pk_live_...';</script>
<script src="https://captchaapi.eu/captcha.js" defer></script>
<!-- add data-captcha to your <form> -->
Server-side, replace the Friendly Captcha verify call with a local HMAC verification of the attestation token. There's no server-to-server round trip on form submission. Your backend verifies the HMAC-signed attestation locally using the project's secret key.
Done. Same div-based pattern as Friendly Captcha, same drop-in philosophy, no framework lock-in. Works with Laravel, Next.js, Django, Rails, WordPress, plain HTML. Anything that can POST a form.
Honest summary
If you're shopping for a privacy-first EU CAPTCHA in 2026, you have two serious options in this exact category: Friendly Captcha and captchaapi.eu. Both work. Both can be EU-hosted (captchaapi.eu by default, Friendly Captcha via their opt-in EU endpoint). Both avoid cookies and trackers. Both ship a small widget and a simple verify API.
The deciding factors:
Volume vs. price at Starter/Growth tiers. captchaapi.eu wins clearly.
WACA Gold accessibility certification. Friendly Captcha is the only option.
Dedicated infrastructure, 99.9% SLA, real-time risk intelligence. Friendly Captcha Advanced is the only option in this category.
Self-hosted deployment. Friendly Captcha Enterprise is the only option.
Enterprise brand and reference customers. Friendly Captcha wins clearly.
Multiple domains on cheaper tiers. captchaapi.eu wins.
If you're a small SaaS, an indie developer, or an agency managing client sites, the math at the Starter and Growth tiers is hard to argue with. 20× the requests for the same price (or less). If you're an enterprise with procurement requirements, accessibility certification needs, dedicated infra requirements, or you need real-time risk intelligence, Friendly Captcha is built for you and captchaapi.eu isn't trying to compete there.
Pick the one that fits.
captchaapi.eu is built and operated by Vladislav Rajtmajer in Plzeň, Czech Republic. EU-hosted on Hetzner Nuremberg. Read the DPA · See sub-processors
Sources: Friendly Captcha pricing and accessibility pages, waca.at certificate registry. Friendly Captcha's pricing and plan details may change without notice. Verify current numbers on their site before making a purchasing decision.