✓ 100% GDPR-compliant

The CAPTCHA
that tracks nobody.

No Google reCAPTCHA. No hCaptcha. No third parties, no cookies, no fingerprinting. Drop it in – done. Free & open source.

See live demo → Full demo page

🚫 No Google

🍪 No cookies

👁️ No tracking

🔐 HMAC-SHA256

📦 No CDN needed

⚡ Single JS file

🇪🇺 Built for GDPR

Live Demo

Try it right now

Three different CAPTCHA types – all without a single external request.

01 — Puzzle Slider

Token appears after solving …

02 — Image Rotation

Token appears after solving …

03 — Honey Math

Token appears after solving …

⟶ HMAC-SHA256 signed token · Valid 5 minutes · Server-side validation via CaptchaValidator.php

Why einfach-captcha.de?

Privacy by design

Built for Europe – designed for GDPR from the ground up.

🔐

HMAC-SHA256 tokens

Every successful solve produces a cryptographically signed token. Validated server-side in milliseconds – replay attacks prevented.

🚫

Zero external requests

No connection to Google, Cloudflare or any third party. Everything runs in the user's browser on your own domain.

🍪

No cookies, no storage

No localStorage, no sessionStorage, no cookies. No consent banner required under GDPR Art. 7.

🎨

3 CAPTCHA types

Puzzle Slider, Image Rotation and Honey Math – randomly chosen or manually configured. Anti-bot through variety.

⚙️

PHP validation class

Drop-in class for PHP 8.x with Redis and PDO support for nonce blacklisting. Laravel-compatible.

📦

One file, no deps

captcha.js contains everything: styles are auto-injected. No npm, no build step, no CDN required.

Comparison

einfach-captcha vs. the alternatives

Feature	einfach-captcha.de	Google reCAPTCHA	hCaptcha
GDPR-compliant out of the box	✓ Yes	✗ No	⚠ Partial
External requests	✓ None	✗ Google servers	✗ hCaptcha servers
Cookies / tracking	✓ None	✗ Yes	✗ Yes
Consent banner required	✓ No	✗ Yes	✗ Yes
Fingerprinting	✓ No	✗ Yes	✗ Yes
Data sent to third party	✓ None	✗ Google	✗ Intuition Machines
Self-hosted	✓ Yes	✗ No	✗ No
Open Source	✓ Yes	✗ No	✗ No

How it works

Four simple steps

Load CAPTCHA

Include one JS file, set a container element. No CDN, no external resources needed.

User solves it

Slide a puzzle piece, rotate an image or solve a math challenge. Intuitive, touch-friendly.

Token generated

On success: HMAC-SHA256 signed token with type, timestamp, expiry and cryptographic nonce.

Server validates

CaptchaValidator.php checks signature, expiry and replay protection in under 1ms.

Integration

Up and running in 5 lines

No build step, no npm install, no configuration needed.

integration.html

<!-- 1. Include JS (one file, zero dependencies) -->
<script src="captcha.js"></script>

<!-- 2. Container in your form -->
<div id="my-captcha"></div>
<input type="hidden" name="captcha_token">

<!-- 3. Initialise -->
<script>
  const captcha = new PrivateCaptcha('#my-captcha', {
    type:      'auto',        // 'puzzle' | 'rotate' | 'math' | 'auto'
    secretKey: 'YOUR_SERVER_SECRET',
    lang:      'en'
  });
  captcha.onSolve(token => {
    document.querySelector('[name=captcha_token]').value = token;
  });
</script>

// 4. Validate server-side (PHP)
// $v = new CaptchaValidator($_ENV['CAPTCHA_SECRET']);
// if (!$v->validate($_POST['captcha_token'])->isValid()) abort(422);

Privacy has never been
this easy.

Free, open source, deploy in minutes.

Download demo → View PHP class

/* ── CODE BLOCK ───────────────────────────────── */ .code-section { padding: 4rem 2rem; background: var(--bg2); } .code-wrap { max-width: 760px; margin: 2.4rem auto 0; background: #0d0f17; border: 1px solid #2a2f42; border-radius: var(--radius-lg); overflow: hidden; } .code-header { display: flex; align-items: center; gap: 8px; padding: 12px 18px; border-bottom: 1px solid #2a2f42; background: #13161f; } .code-dot { width: 10px; height: 10px; border-radius: 50%; } .code-pre { padding: 1.6rem 1.8rem; overflow-x: auto; font-size: .82rem; line-height: 2.0; color: #c8d0e8; font-family: 'JetBrains Mono', 'Courier New', monospace; } .code-pre .kw { color: #b8ff4d; font-weight: 600; } .code-pre .str { color: #4db8ff; } .code-pre .cmt { color: #6272a4; font-style: italic; } .code-pre .fn { color: #ffaa4d; } 131a; --surface2: #161921; --border: #1e2130; --border2: #252a3a; --accent: #4db8ff; --accent2: #b8ff4d; --accent3: #ff4db8; --text: #d8dce8; --text2: #8890a8; --text3: #50566a; --radius: 12px; --radius-lg:20px; --font-mono:'JetBrains Mono', 'Courier New', monospace; --font-sans:'Syne', sans-serif; } html { scroll-behavior: smooth; font-size: 16px; } body { background: var(--bg); color: var(--text); font-family: var(--font-mono); line-height: 1.7; min-height: 100vh; } /* ── NAV ─────────────────────────────────────────── */ .nav { position: sticky; top: 0; z-index: 100; background: #0e1118; border-bottom: 1px solid #2a2f42; padding: 0 2rem; display: flex; align-items: center; justify-content: space-between; height: 58px; } .nav-logo { font-family: var(--font-sans); font-weight: 800; font-size: 1.05rem; color: #ffffff; text-decoration: none; display: flex; align-items: center; gap: 8px; } .nav-logo-dot { width: 8px; height: 8px; border-radius: 50%; background: var(--accent2); box-shadow: 0 0 8px var(--accent2); animation: pulse 2s infinite; } @keyframes pulse { 0%,100%{opacity:1;transform:scale(1)} 50%{opacity:.6;transform:scale(0.85)} } .nav-links { display: flex; align-items: center; gap: 1.6rem; list-style: none; } .nav-links a { font-size: .78rem; color: #d0d6e8; text-decoration: none; letter-spacing: .05em; text-transform: uppercase; transition: color .2s; font-weight: 500; } .nav-links a:hover, .nav-links a.active { color: #b8ff4d; } .nav-lang { display: flex; gap: 6px; } .nav-lang a { font-size: .74rem; padding: 4px 12px; border-radius: 6px; border: 1px solid #3a4055; color: #d0d6e8; text-decoration: none; transition: .2s; font-weight: 600; } .nav-lang a:hover, .nav-lang a.active { border-color: #b8ff4d; color: #b8ff4d; background: rgba(184,255,77,.1); } /* ── FOOTER ──────────────────────────────────────── */ .footer { border-top: 1px solid var(--border); padding: 2.5rem 2rem; display: flex; flex-wrap: wrap; align-items: center; justify-content: space-between; gap: 1rem; } .footer-left { font-size: .7rem; color: var(--text3); } .footer-left a { color: var(--text2); text-decoration: none; } .footer-left a:hover { color: var(--accent); } .footer-links { display: flex; flex-wrap: wrap; gap: 1.2rem; list-style: none; } .footer-links a { font-size: .7rem; color: var(--text2); text-decoration: none; transition: color .2s; } .footer-links a:hover { color: var(--accent); } /* ── LEGAL PAGES ─────────────────────────────────── */ .legal-wrap { max-width: 820px; margin: 0 auto; padding: 4rem 2rem 6rem; } .legal-hero { margin-bottom: 3rem; padding-bottom: 2rem; border-bottom: 1px solid var(--border); } .legal-eyebrow { font-size: .68rem; color: var(--accent); letter-spacing: .12em; text-transform: uppercase; margin-bottom: .8rem; } .legal-hero h1 { font-family: var(--font-sans); font-weight: 800; font-size: clamp(1.8rem, 4vw, 2.8rem); line-height: 1.1; letter-spacing: -.03em; } .legal-updated { margin-top: .6rem; font-size: .72rem; color: var(--text3); } .legal-body h2 { font-family: var(--font-sans); font-weight: 700; font-size: 1.1rem; color: var(--text); margin: 2.4rem 0 .8rem; padding-top: 2rem; border-top: 1px solid var(--border); } .legal-body h2:first-child { border-top: none; padding-top: 0; margin-top: 0; } .legal-body h3 { font-family: var(--font-sans); font-weight: 600; font-size: .9rem; color: var(--text2); margin: 1.6rem 0 .5rem; } .legal-body p { font-size: .82rem; color: var(--text2); margin-bottom: .9rem; line-height: 1.8; } .legal-body ul, .legal-body ol { padding-left: 1.4rem; margin-bottom: .9rem; } .legal-body li { font-size: .82rem; color: var(--text2); line-height: 1.8; margin-bottom: .3rem; } .legal-body a { color: var(--accent); text-decoration: none; } .legal-body a:hover { text-decoration: underline; } .legal-body strong { color: var(--text); } .legal-card { background: var(--surface); border: 1px solid var(--border); border-radius: var(--radius); padding: 1.2rem 1.4rem; margin: 1rem 0; } .legal-card p { margin: 0; } .legal-highlight { background: rgba(77,184,255,.06); border: 1px solid rgba(77,184,255,.18); border-radius: var(--radius); padding: 1rem 1.2rem; margin: 1.2rem 0; } .legal-highlight p { color: var(--text); margin: 0; } /* ── UTILS ───────────────────────────────────────── */ .container { max-width: 1160px; margin: 0 auto; padding: 0 2rem; } .badge { display: inline-flex; align-items: center; gap: 6px; font-size: .66rem; letter-spacing: .1em; text-transform: uppercase; border-radius: 999px; padding: 4px 12px; } .badge-cyan { color: var(--accent); background: rgba(77,184,255,.08); border: 1px solid rgba(77,184,255,.2); } .badge-lime { color: var(--accent2); background: rgba(184,255,77,.08); border: 1px solid rgba(184,255,77,.2); } .badge-pink { color: var(--accent3); background: rgba(255,77,184,.08); border: 1px solid rgba(255,77,184,.2); } .btn { display: inline-flex; align-items: center; gap: 8px; font-family: var(--font-sans); font-weight: 700; padding: 12px 24px; border-radius: 8px; border: none; cursor: pointer; text-decoration: none; transition: .2s; font-size: .88rem; } .btn-primary { background: var(--accent); color: #07080c; } .btn-primary:hover { opacity: .85; transform: translateY(-1px); } .btn-outline { background: transparent; border: 1px solid var(--border2); color: var(--text2); } .btn-outline:hover { border-color: var(--accent); color: var(--accent); } @media (max-width: 680px) { .nav-links { display: none; } .nav { padding: 0 1rem; } .legal-wrap { padding: 2rem 1rem 4rem; } }

✓ 100% GDPR-compliant

The CAPTCHA
that tracks nobody.

No Google reCAPTCHA. No hCaptcha. No third parties, no cookies, no fingerprinting. Drop it in – done. Free & open source.

See live demo → Full demo page

🚫 No Google

🍪 No cookies

👁️ No tracking

🔐 HMAC-SHA256

📦 No CDN needed

⚡ Single JS file

🇪🇺 Built for GDPR

Live Demo

Try it right now

Three different CAPTCHA types – all without a single external request.

01 — Puzzle Slider

Token appears after solving …

02 — Image Rotation

Token appears after solving …

03 — Honey Math

Token appears after solving …

⟶ HMAC-SHA256 signed token · Valid 5 minutes · Server-side validation via CaptchaValidator.php

Why einfach-captcha.de?

Privacy by design

Built for Europe – designed for GDPR from the ground up.

🔐

HMAC-SHA256 tokens

Every successful solve produces a cryptographically signed token. Validated server-side in milliseconds – replay attacks prevented.

🚫

Zero external requests

No connection to Google, Cloudflare or any third party. Everything runs in the user's browser on your own domain.

🍪

No cookies, no storage

No localStorage, no sessionStorage, no cookies. No consent banner required under GDPR Art. 7.

🎨

3 CAPTCHA types

Puzzle Slider, Image Rotation and Honey Math – randomly chosen or manually configured. Anti-bot through variety.

⚙️

PHP validation class

Drop-in class for PHP 8.x with Redis and PDO support for nonce blacklisting. Laravel-compatible.

📦

One file, no deps

captcha.js contains everything: styles are auto-injected. No npm, no build step, no CDN required.

Comparison

einfach-captcha vs. the alternatives

Feature	einfach-captcha.de	Google reCAPTCHA	hCaptcha
GDPR-compliant out of the box	✓ Yes	✗ No	⚠ Partial
External requests	✓ None	✗ Google servers	✗ hCaptcha servers
Cookies / tracking	✓ None	✗ Yes	✗ Yes
Consent banner required	✓ No	✗ Yes	✗ Yes
Fingerprinting	✓ No	✗ Yes	✗ Yes
Data sent to third party	✓ None	✗ Google	✗ Intuition Machines
Self-hosted	✓ Yes	✗ No	✗ No
Open Source	✓ Yes	✗ No	✗ No

How it works

Four simple steps

Load CAPTCHA

Include one JS file, set a container element. No CDN, no external resources needed.

User solves it

Slide a puzzle piece, rotate an image or solve a math challenge. Intuitive, touch-friendly.

Token generated

On success: HMAC-SHA256 signed token with type, timestamp, expiry and cryptographic nonce.

Server validates

CaptchaValidator.php checks signature, expiry and replay protection in under 1ms.

Integration

Up and running in 5 lines

No build step, no npm install, no configuration needed.

integration.html

<!-- 1. Include JS (one file, zero dependencies) -->
<script src="captcha.js"></script>

<!-- 2. Container in your form -->
<div id="my-captcha"></div>
<input type="hidden" name="captcha_token">

<!-- 3. Initialise -->
<script>
  const captcha = new PrivateCaptcha('#my-captcha', {
    type:      'auto',        // 'puzzle' | 'rotate' | 'math' | 'auto'
    secretKey: 'YOUR_SERVER_SECRET',
    lang:      'en'
  });
  captcha.onSolve(token => {
    document.querySelector('[name=captcha_token]').value = token;
  });
</script>

// 4. Validate server-side (PHP)
// $v = new CaptchaValidator($_ENV['CAPTCHA_SECRET']);
// if (!$v->validate($_POST['captcha_token'])->isValid()) abort(422);

Privacy has never been
this easy.

Free, open source, deploy in minutes.

Download demo → View PHP class

The CAPTCHAthat tracks nobody.

Try it right now

Privacy by design

HMAC-SHA256 tokens

Zero external requests

No cookies, no storage

3 CAPTCHA types

PHP validation class

One file, no deps

einfach-captcha vs. the alternatives

Four simple steps

Load CAPTCHA

User solves it

Token generated

Server validates

Up and running in 5 lines

Privacy has never beenthis easy.

The CAPTCHAthat tracks nobody.

Try it right now

Privacy by design

HMAC-SHA256 tokens

Zero external requests

No cookies, no storage

3 CAPTCHA types

PHP validation class

One file, no deps

einfach-captcha vs. the alternatives

Four simple steps

Load CAPTCHA

User solves it

Token generated

Server validates

Up and running in 5 lines

Privacy has never beenthis easy.

The CAPTCHA
that tracks nobody.

Privacy has never been
this easy.

The CAPTCHA
that tracks nobody.

Privacy has never been
this easy.