Our Commitment to Security and Privacy
hCaptcha has always been committed to security and privacy, and undergoes regular external audits to certify this.
These include third-party audits of our compliance with international security best practices, and the information security and private information management systems we have put in place for ongoing assurance.
hCaptcha Enterprise customers may request certifications, attestation letters, and other documentation by contacting your designated account representative, or [email protected].
ISO/IEC 27001 Certification
hCaptcha maintains a current ISO/IEC 27001 certification.
ISO (International Organization for Standardization) is an independent, non-governmental international organization with a membership of 168 national standards bodies.
ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.
The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.
Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.
source: ISO
Learn more about ISO/IEC 27001.
SOC 2 Type II Certification
hCaptcha maintains a current SOC 2 Type II certification.
SOC 2 - SOC for Service Organizations: Trust Services Criteria
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
A type 2 report covers both management’s description of a service organization's system, the suitability of the design, and operating effectiveness of controls over a period of time.
source: AICPA
hCaptcha SOC 2 Type II reports cover a full 12 month audit period, rather than being a "point in time" audit as with Type I reports.