Cookie Policy
We set cookies only when you log in. If you never log in, no cookies are ever set. Zero tracking, zero advertising cookies.
✔ Short version: If you are not logged in, we set zero cookies. Period. If you are logged in, we set two strictly necessary cookies to keep your session secure. No tracking, no advertising, no third-party cookies — anywhere.
1. What Is a Cookie?
A cookie is a small text file stored in your browser by a website. Captxa uses cookies only for session authentication — never for tracking or advertising.
2. Cookies on the Public Website
None. If you visit captxa.com without logging in, no cookies are set. There are no analytics scripts, no tracking pixels, and no advertising tags on any Captxa page.
3. Cookies Set When Logged In
The following cookies are set only when you log in to the Captxa dashboard:
| Name | Purpose | Duration | Type |
|---|---|---|---|
| captxa_session | Maintains your authenticated dashboard session. Required to keep you logged in. | Session (on browser close) or 7 days with "Remember me" | Strictly necessary |
| captxa_csrf | CSRF token — protects authenticated form submissions from cross-site request forgery. | Session | Strictly necessary |
Both cookies are HttpOnly (cannot be read by JavaScript), Secure (HTTPS only), and SameSite=Strict — security best practices that minimise the attack surface.
4. No Third-Party Cookies
We do not embed any third-party scripts that set cookies. There are no Google Analytics, Facebook Pixel, Hotjar, Intercom, or similar trackers on any Captxa page, ever.
5. Consent
Because our only cookies are strictly necessary for authentication security, they do not legally require prior consent under the EU ePrivacy Directive and GDPR guidelines. We display a cookie notice purely for transparency. If you are not logged in, dismissing the notice does not change anything — no cookies were set before or after you clicked "Got it."
6. Managing Cookies
You can view and delete cookies via your browser settings. Deleting the captxa_session cookie will log you out of the dashboard. This has no effect on the Captxa CAPTCHA widget running on other websites.
7. The CAPTCHA Widget
The Captxa CAPTCHA widget that runs on your visitors' browsers (when you integrate it into your site) does not set any cookies. It uses short-lived encrypted tokens — not cookies — to bind a challenge to a session.
8. Changes
If we ever add new cookies, we will update this page and notify registered users by email at least 14 days in advance.
Questions about this document?
hello@captxa.com