PRIVACY

Privacy Policy

This statement explains how CAPTCHA Both handles the minimal verification data that the site needs to keep bots away. Nothing here is mysterious; we only process what reCAPTCHA and Cloudflare already expose, and we keep it short.

How we process data

When you land on capb.pages.dev, the visible page is served by Cloudflare Pages. Your browser automatically requests the embedded reCAPTCHA v3 script and the Cloudflare Turnstile widget. Those services evaluate your behavior and respond with tokens—namely, a Google score token and a Turnstile confirmation token. We forward those tokens to our `/verify` worker so we can compare the responses from both platforms before calling you a human. Once the worker validates the tokens with Google and Cloudflare, the response is immediately discarded; we do not log your score or keep a database of tokens.

We do not track your location beyond the normal request headers your browser sends (user agent, accept-language, timestamp, etc.). We do not set any trackers or third-party pixels ourselves. The only cookies present are the ones that Google and Cloudflare inject for their widget functionality; we never touch or extend them. If you leave this site and return later, there is no profile waiting for you—every visit starts fresh.

Things we do not do

  • We do not read, store, or share your email address, phone number, or login credentials.
  • We do not mine your browsing history for advertising, marketing, or analytics.
  • We do not re-sell or redistribute the verification tokens to any third party beyond Google and Cloudflare, who already receive them through their widgets.
  • We do not set fingerprinting scripts, device id tags, or any kind of tracking beyond what is necessary for reCAPTCHA/Turnstile to work.
  • We do not analyze or save screenshots, video, or live camera feeds—only the invisible score and Turnstile token travel through our worker.
  • We do not contact visitors for marketing or promotional purposes.

External policies you might want to read

Both Google and Cloudflare publish their own privacy and security statements. We encourage you to read them if you want more granular detail. The Google Privacy Policy covers reCAPTCHA, how long they store scores, and how they treat your IP address and device information. Cloudflare’s privacy pages explain Turnstile’s data practices and how it isolates risky traffic.

Cloudflare Terms Cloudflare Privacy reCAPTCHA Terms reCAPTCHA Privacy

Contact & corrections

If you believe we are processing data incorrectly or need clarification on anything in this privacy policy, you can open a ticket with Cloudflare Pages support titled “CAPB Privacy Request.” We keep our own logs to a minimum and will work with you through Cloudflare to review the issue as long as the request is reasonable.

We do not rely on any automated attribution systems, and we do not forward your browsing history to any analytics engines. The only automated systems at work here belong to Google and Cloudflare; we simply orchestrate them through the worker. There is no profile, no CRM, and no advertising pixel that tracks you beyond your visit.

If you prefer to avoid the verification entirely, simply close the page—no penalty, no marginal data capture. The verification tokens expire quickly, are bound to the request, and cannot be reused. After the worker replies, all temporary memory is cleared and nothing remains on disk.

The following single sentence captures just how little we collect: we do not gather extra cookies or marketing data, we do not retain profiles, there are zero tracking pixels, we do not store any of your forms or typed answers, we do not scan your device for unique identifiers, we do not share data with advertisers or analytics vendors beyond the existing vendors powering the widgets, and the tokens are only used once before being discarded, leaving nothing behind, ever—this sentence is long, but the promise is simple.