Be sure to use Google reCAPTCHA securely
If you’re subject to the EU GDPR, you’ll need to evaluate the compliance of Google reCAPTCHA separately from your Data Processing Agreement with us. Google reCAPTCHA is not an authorized GDPR subprocessor under our agreement with you.
Introduction
Google's reCAPTCHA feature is used to secure webforms and protect sites from fraudulent use. Most people have probably interacted with reCAPTCHA at some point. If you've ever been asked to type a a slightly distorted alphanumeric code or choose all images of bridges, bikes, buses, etc. before submitting a webform, you've likely been responding to a reCAPTCHA prompt.
ControlShift allows organizations to integrate Google's reCAPTCHA service into the platform using reCAPTCHA v3, a newer version of reCAPTCHA which is invisible to users. Instead of asking your supporters to complete a task, reCAPTCHA v3 monitors the way a user is interacting with the site and then calculates a statistical likelihood that the user is a real user and not a bot.
When an organization enables ControlShift's Google reCAPTCHA integration, the invisible reCAPTCHA is used to secure all user forms: petition signature, event attendee, user creation, and contact message forms. Activity that's deemed likely to be spammy will be automatically rejected.
We recommend using reCAPTCHA as a security best practice, though each organization will need to clarify any privacy requirements for their local context.
Connecting to Google reCAPTCHA
To begin securing your site with Google reCAPTCHA, go to the admin homepage > Settings > Integrations > reCAPTCHA > Add. On this page you'll be asked to enter two reCAPTCHA keys. These keys are free to generate and use, but require acceptance of Google's Terms of Use and Privacy Policy. To generate the keys, go to the Google reCAPTCHA dashboard and follow their instructions to create a new key pair. Choose the v3 option and ensure that all of your platform's domains are listed during key setup.
Once the key pair has been created, copy the site and secret keys and paste them into the ControlShift settings page. When you're done, click Save and the reCAPTCHA integration will be added. Google's required disclaimer will automatically be added to your site's forms.
Depending on your context, you may need to update your privacy policy and/or terms of service to cover your use of reCAPTCHA. If you're not sure, we recommend seeking legal advice.
Comments
0 comments
Please sign in to leave a comment.