We've developed our online Frequently Asked Questions (FAQ) page to help you find answers to some of your most commonly asked questions quickly and easily. If your questions are not answered here, please contact us directly.
ZeroCaptcha is an enterprise-grade, invisible CAPTCHA solution designed to protect web forms against automated bot attacks while maintaining zero friction for legitimate users. It operates without disrupting user experience through challenges or interruptions.
ZeroCaptcha employs advanced behavioral analysis and machine learning to assess submission risks in real-time. During a user session, it analyses interaction patterns with web forms. Upon form submission, a submission identifier is assigned and verified via our JSON-RPC API endpoint, which returns risk assessment scores (0-100) and threat levels for actionable decision-making.
ZeroCaptcha specializes in form submission risk assessment. While it can indicate the risk of brute-force attempts during early attack stages, it is not a dedicated DDoS mitigation solution. For DDoS protection, we recommend layering ZeroCaptcha with web application firewalls (WAFs) or cloud-based DDoS mitigation services.
By default ZeroCaptcha processes all the forms on the web page where the ZeroCaptcha is integrated, so normally you are not required to do any configuration or adjustments. However, if for some reason you would like to change the default behaviour and configure ZeroCaptcha to process a specific form or forms only, you can do that by using the optional data-zerocaptcha-form-id and data-zerocaptcha-form-classname atributes. For more information on how to use these attributes, refer to the documentation.
Yes, you can integrate ZeroCaptcha on as many websites as you wish.
ZeroCaptcha secures all standard HTML <form> elements, including:
- User registration & login forms
- Payment and transaction pages
- Contact forms and comment submissions
- Password reset and account recovery flows
Note: Protection is limited to forms directly integrated on pages where ZeroCaptcha is implemented (does not cover iframed forms unless explicitly integrated into the iframe).
Both the abuse and spam risk score (abuse_risk_score and spam_risk_score members of the result response) are calculated as a score in the range from 0 to 100 (where the higher the value is higher the risk is), which are the primary indicators of these risks when using ZeroCaptcha in combination with other tools or in other cases when fine-grained evaluation of the risks are required. The risk levels (abuse_risk_level and spam_risk_level) are secondary risk indicators generated on the base on the abuse and spam risks scores with the purpose for performing an action (like approval for user registration, review submission, etc.) in cases when no fine-grained indication of the risk is required. The values for the level for both the abuse and spam risk are 'very_low', 'low', 'medium', 'high', 'very_high'. Typically, in most of the cases the requests with 'very_low' and 'low' risk levels are safe to be automatically processed, those having 'medium' and 'high' risk levels are scheduled for manual review, while those with 'very_high' levels are unsafe to be processed and therefore blocked/ignored.
No, The right to privacy is a fundamental human right and we highly respect this right and we neither access or collect any part of the information entered by the users on the forms they fill.
ZeroCaptcha is based on usage-based pricing. For information on the service fee view the Fee Schedule.
Yes. As we never access form content (including protected health information), ZeroCaptcha can be deployed in healthcare environments with no risk of PHI exposure.
Yes. We do not collect personally-identifiable information (PII) about the users interacting with your your website or online platform.
Yes. ZeroCaptcha is available in any country.