Replace reCAPTCHA in 5 minutes. Free for 1,000 verifications a month — no card, no contract. Paid plans give you more volume, custom themes, and faster support. Failed bot attempts are never billed.
All plans include 3-layer defense (motion · device-separation · environment), 99.95% uptime SLO, GDPR-ready data minimisation, and SDKs for any stack.
| Capability | AI Proof | reCAPTCHA Enterprise | hCaptcha Enterprise |
|---|---|---|---|
| Free monthly volume | 1,000 | 10,000 | 1,000 |
| Time to verify (median) | ≤ 6 s | ~12 s | ~9 s |
| Resistant to AI / LLM solvers | ✓ physical-world | × | × |
| User collected data | none (no PII) | behavior, IP, cookies | behavior, IP |
| Drop-in widget | ✓ | ✓ | ✓ |
| Failed-attempt billing | never | always | always |
| Self-serve from $0 | ✓ | ✓ | ✓ |
A successful server-to-server /api/verify-token call returning valid: true — the moment your backend trusts a human. Bot attempts, replays, and rate-limit rejections are never billed.
Paid plans can opt-in to overage at $0.005 / verification — unlimited continuous service. With overage off, you get a 24-hour soft-fail grace period (warnings instead of denials), then 429s until upgrade or the next billing cycle.
Two lines of HTML. Drop the widget into any form, add one server-side call to /api/verify-token, ship. Most teams are live in under 30 minutes.
No biometrics, no faces, no fingerprints, no hardware device IDs. Motion samples are hashed and never persisted. The attestation log holds derived signals only — designed for GDPR and CCPA from day one.
Yes. Upgrade takes effect immediately. Downgrade applies at the next billing cycle. Cancel anytime through the Stripe portal — your account drops to Free, no data lost.
For volumes above 5M / month, on-prem deployments, MSA, DPA, SOC 2 evidence, or 24×7 dedicated support — talk to our team. We'll send a proposal within 2 business days.
Banks, government, large e-commerce, and platforms with custom security review needs.