Be sure to use hCaptcha securely
If you’re subject to the EU GDPR, you'll need to evaluate the compliance of hCaptcha separately from your Data Processing Agreement with us. hCaptcha is not an authorized GDPR subprocessor under our agreement with you.
hCaptcha is used to secure webforms and protect sites from fraudulent use. Most internet users are accustomed to captchas. If you've ever been asked to type a a slightly distorted alphanumeric code or choose all images of bridges, bikes, buses, etc. before submitting a webform, you were completing a captcha challenge. These challenges are aimed at preventing bots and other malicious activities.
The most popular captcha provider is Google via their free reCAPTCHA tool. However, because the captcha challenges are provided by Google, some have raised data privacy concerns. hCaptcha claims to be a "privacy-first CAPTCHA" solution, so it may be of interest to organizations subject to GDPR or other privacy legislation.
Connecting with hCaptcha
To begin securing your site with hCaptcha, you'll need to create or log into your hCaptcha account. To enable your integration, we'll need an hCaptcha Site Key and your account's Secret Key.
The Site Key is available by going to your hCaptcha dashboard > Sites and creating a new site or clicking Settings for an existing site. Please ensure that your ControlShift site domain is also included in the hCaptcha site settings Hostnames list.
Once you've configured your site appropriately, return to your ControlShift homepage > Settings > Integrations > hCaptcha. Paste your site key where prompted.
The Secret Key is available by going to your hCaptcha account > click your account avatar > Settings. Once you've pasted your secret key, click to save.
The type of challenge that your users see will depend upon the site's settings in your hCaptcha account.