Be sure to use Google reCAPTCHA securely
If you’re subject to the EU GDPR, you’ll need to evaluate the compliance of Google reCAPTCHA separately from your Data Processing Agreement with us. Google reCAPTCHA is not an authorized GDPR subprocessor under our agreement with you.
Google's reCAPTCHA feature is used to secure webforms and protect sites from fraudulent use. Most people have probably interacted with reCAPTCHA at some point. If you've ever been asked to type a a slightly distorted alphanumeric code or choose all images of bridges, bikes, buses, etc. before submitting a webform, you've likely been responding to a reCAPTCHA prompt.
ControlShift allows organizations to integrate Google's reCAPTCHA service into the platform using reCAPTCHA v3, a newer version of reCAPTCHA which is invisible to users. Instead of asking your supporters to complete a task, reCAPTCHA v3 monitors the way a user is interacting with the site and then calculates a statistical likelihood that the user is a real user and not a bot.
When an organization enables ControlShift's Google reCAPTCHA integration, the invisible reCAPTCHA is used to secure all user forms: petition signature, event attendee, user creation, and contact message forms. Activity that's deemed likely to be spammy will be automatically rejected.
We recommend using reCAPTCHA as a security best practice, though each organization will need to clarify any privacy requirements for their local context.
Connecting to Google reCAPTCHA
Once the key pair has been created, copy the site and secret keys and paste them into the ControlShift settings page. When you're done, click Save and the reCAPTCHA integration will be added. Google's required disclaimer will automatically be added to your site's forms.