Privacy Policy for End Users
Last updated: June 25, 2026
CaptchaFox is a modern bot protection service by Scoria Labs GmbH. We are based in Germany and host exclusively in Europe.
Identifying individual persons is not required for this. We do not create user profiles. The widget only distinguishes between human and automated requests.
This Privacy Policy applies to end users who interact with the CaptchaFox widget integrated on the websites and services of our customers.
Controller and Processor
The controller within the meaning of the GDPR is the operator of the website or service on which the CaptchaFox widget is integrated. The operator decides on the purpose and legal basis of the processing and informs you about this in its own privacy policy.
Scoria Labs GmbH (CaptchaFox) processes the resulting data exclusively on behalf of and according to the instructions of the operator, acting as a processor pursuant to Art. 28 GDPR.
What Data We Process
When you trigger a verification with the CaptchaFox widget, your browser transmits data to us that we need in order to distinguish between human and automated requests – in particular the IP address, the browser and device type, the operating system and a time stamp.
This data is first collected and therefore processed within the meaning of the GDPR. Identifying data such as the IP address is anonymized as early as possible (e.g. through hashing) and is not stored permanently in plain text. We use the data exclusively to detect and prevent bots and abuse – not to identify you as a person, and not for advertising purposes. We do not use cookies, and we do not store any data permanently in your browser.
Legal Basis
The legal basis is determined by the operator as the controller. As a rule, this is its legitimate interest (Art. 6(1)(f) GDPR) in the security of its website and in preventing abuse and automated attacks. We process the data exclusively on the basis of the data processing agreement concluded with the operator.
Your Rights
You exercise your data subject rights (access, rectification, erasure, restriction, objection and data portability) against the controller – that is, the operator of the website you are visiting. We support the operator in responding to such requests and forward any requests addressed to us to the respective operator. Independently of this, you have the right to lodge a complaint with a data protection authority.
Subprocessors
To provide the Service, we use carefully selected subprocessors with whom we have concluded agreements pursuant to Art. 28 GDPR:
| Entity Name | Purpose | Address | Privacy Policy |
|---|---|---|---|
| Hetzner Online GmbH | Infrastructure hosting | Industriestr. 25, 91710 Gunzenhausen, Germany | Link↗ |
| BunnyWay d.o.o. | Content Delivery Network | Dunajska cesta 165, 1000 Ljubljana, Slovenia | Link↗ |
Data Retention
We store the processed data only for as long as is necessary for bot detection; identifying data is anonymized without delay. Beyond that, we only retain data to the extent that we are legally required to do so.
Contact
Processor: Scoria Labs GmbH
Address: Fokkerstr. 2, 85399 Hallbergmoos, Germany
Email: privacy@captchafox.com
Operators conclude a data processing agreement (DPA) with us pursuant to Art. 28 GDPR; this can be requested at privacy@captchafox.com. The controller within the meaning of the GDPR is the operator of the website you are visiting.