Privacy Policy
Last updated: April 24, 2023
Welcome to hCaptcha! This Privacy Policy describes the practices of Intuition Machines, Inc. ("IMI", "we" or "us") regarding our collection, use, and disclosure of information (including Personal Information, defined below) through our website at www.hcaptcha.com and any other subdomains or domains we use (the "Sites") and the hCaptcha application program interface and related software and materials (collectively, the "Service").
Not Applicable to Third Party Websites. Please note that this Privacy Policy does not apply to any website, offering, product or service of any third party, even if it links to our Site or incorporates the Service – please refer to the applicable privacy policies before deciding to provide any information to third parties.
A Note to Customers Outside the United States. IMI is based in the United States. The Sites and Service are controlled and operated by us from the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Sites and Service you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
A Note to California Residents. Please see our "Notice to California Residents" section related to your rights under the California Consumer Privacy Act ("CCPA"). At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of Personal Information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details within this Privacy Policy.
A Note to European Economic Area Residents. Please see our "Notice to EU Data Subjects" section related to your rights under the General Data Protection Regulation ("GDPR").
Note that IMI is the controller of your personal information, except where we process personal information on behalf of our Integrators in connection with the provision of our Service, in which case we are the processor/service provider of personal information, and those Integrators are the controllers/businesses of the personal information.
Where we act as a processor/service provider for our Integrators, we do not use the personal information collected for any purpose other than as reasonably necessary to provide our Service, and our processing will be governed by the contracts that we have in place with our Integrators, not this Privacy Policy.
If a contract we have with an Integrator refers to, or incorporates by reference, this Privacy Policy, any personal information we process on behalf of the Integrator will be subject to the Data Processing Addendum, not this Privacy Policy.
In some cases, we may license our software to Integrators and/or operate it within their environment on their behalf, in which case we are solely a licensor of software and only their terms and privacy policy shall apply to such personal data.
We may reference or describe some personal data collected from End-Users throughout this Privacy Policy. However, these disclosures are for informational purposes only and, for clarity, the processing of End-User personal data is governed by the agreement we have with our Integrator customers, not this Privacy Policy.
Processing of EU Data Subject data operates under the legal basis of the Standard Contractual Clauses (SCCs) integrated within the Data Processing Addendum to our Terms of Service or Data Processing Agreements with our Integrators.
If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data. We will, however, provide assistance to our Integrators to address any concerns you may have, in accordance with the terms of our contract with them.
Information We Collect
We collect information from individuals who interact with our Sites and Services, including those who incorporate our Service into their website ("Integrators"), those who utilize the services for data labeling ("Customers"), and the end users who interact with our Service through the websites of our Integrators ("End-Users").
We collect the following categories of information:
- Information that can be used to identify or contact an individual ("Personal Information"), such as name, email address, and country. We collect Personal Information from our current and prospective Integrators and Customers when they give it directly to us (for example, by filling in a form when signing up for an account, or applying to receive email notifications from us). We may also verify the identity of our Integrators and Customers by comparing personal information against third party databases or official legal documents.
- Information collected automatically as a result of an Integrator’s or Customer’s use of the Sites or the Services ("Analytics Information"), such as IP addresses, browser type, Internet service provider, platform type, device type, operating system, date and time stamp of access, and other similar information. Some Analytics Information is collected on our behalf by third parties we engage for that purpose, and some Analytics Information is collected through a variety of tracking technologies, including cookies (see "Third Party Analytics and Tracking Technologies" below).
- Information collected as a result of End-Users answering prompts through the Service ("Labeled Data"), such as image labeling data, text converted from audio files played to those End-Users, answers to questions, and other prompts generated by the Service for purposes of labeling data for use in machine learning applications. Note that Labeled Data is not tied to any identified individual.
- Other information collected from End-Users as part of the Service to that is required to determine whether they
are human, such as mouse movements, scroll position, keypress events, touch events, and gyroscope / accelerometer information as applicable. - We may collect additional information from End-Users who wish to work with us as Individual Data Labelers.
How We Use Information
We use the information we collect for the following purposes:
- To administer Integrator and Customer accounts and provide the Service. We use Personal Information in order to associate specific accounts with Integrators and Customers and to provide them the Service, to respond to requests or inquiries, to provide support or technical assistance, and to facilitate payments.
- To improve to Site and the Service. We use Analytics Information to improve our existing and develop new services and offerings and to customize existing and future product offerings.
- To derive market insights. We use Analytics Information to analyze the market and conduct business analyses related to the Site and our Services, and for other research purposes.
- To provide a market for Labeled Data. Our Service enables high volume data labeling and human review for machine learning systems as a service to website owners and companies who need help getting their data labeled. To that end, we disclose Labeled Data to our Customers interested in acquiring Labeled Data.
- To secure our services and systems. We use Analytics Information to secure our systems by identifying potential threats and vulnerabilities, and to otherwise protect the information we collect.
- For any legitimate business purpose, provided that the information is de-identified or aggregated such that it cannot be reasonably tied to an individual.
How We Share Information
We share or disclose personal information in the following cases:
- Upon direct request from an Integrator to identify the fraud risk of a specific CAPTCHA challenge request or IP address, or otherwise where specific consent was given.
- With vendors we engage to provide essential aspects of the Sites and the Service, such as data storage, hosting, and Analytics, and only for those purposes.
- As necessary to comply with applicable law, including governmental requests, law enforcement requests, and otherwise to public and private entities in order to protect the rights, privacy, safety, or property of you, us, or others.
- With others for any legitimate business purpose, provided the information is de-identified
or aggregated such that it cannot be reasonably tied to an individual.
Third Party Analytics and Tracking Technologies
As discussed above, we (and our third party vendors) collect Analytics Information in part through the use of cookies, web beacons, and other tracking technologies. In some instance, we work with third party vendors to employ cookies for the purposes of collecting Analytics Information.
We use Sentry to collect debugging data when a user experiences an error. For information on how Sentry collects and processes data:
Please see their detailed policy
We use Cloudflare to optimize our web traffic. For information on how Cloudflare collects and processes data:
Please see their detailed policy
We use ZoomInfo to provide a chat widget. For information on how ZoomInfo collects and processes data:
Please see their detailed policy
We use TypeForm to conduct surveys. For information on how TypeForm collects and processes data:
Please see their detailed policy
If you would prefer not to block the use of cookies or other tracking technologies, please see "Managing Your Information," below. Please note that doing so may negatively impact your experience using the Sites or Service, as some features may not work properly.
How We Secure Information
We implement appropriate technical and organizational measures to protect the information we collect and store, and require all agents who carry out our processing on our behalf to do the same. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at:
Warranty Disclaimers
To the fullest extent permitted by law, the Site and the Service (and any other associated services, information, data, features, and other content or materials) are provided on an “as-is” and “as-available” basis. To the fullest extent permitted by law, IMI excludes all warranties, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Managing Your Information (Your Rights)
In accordance with applicable law, you may have the right to:
• Confirm Whether We Are Processing Your Personal Information (the right to know);
• Access to and Portability of Your Personal Information, including: (i) obtaining access to or a copy of your Personal Information; and (ii) receiving an electronic copy of Personal Information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (also known as the “right of data portability”);
• Request Correction of your Personal Information where it is inaccurate or incomplete;
• Request Deletion of your Personal Information;
• Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your Personal Information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your Personal Information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws); and
• Appeal our Decision to decline to process your request.
Please note that listing these rights above does not mean that we necessarily undertake any activity in which they would be relevant or applicable. If you would like to exercise any of these rights, please contact us at: [email protected] We will process such requests in accordance with applicable laws.
If applicable laws grant you an appeal right and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
Please note that IMI is not able to fulfill requests it receives from individuals regarding Personal Information that IMI processes on behalf of its Integrators. If you have a request related to Personal Information that IMI processes on behalf of an Integrator, please contact the relevant Integrator directly.
If you would prefer to block cookies or other tracking technologies, most browsers and mobile devices all you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. You may also use third party tools, including browser plug-ins, to control your cookie preferences. Note, however, that if you disable all cookies, some portions of our Sites may not function properly.
Information from Children
Our Sites and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information of a child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable, unless we have a legal obligation to retain it. Please contact us if you believe we have any information from or about a child under the age of 13:
Notice to California Residents
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
This remainder of this Notice to California Residents only applies toIMI’s processing of Personal Information that is subject to theCalifornia Consumer Privacy Act of 2018 (as amended from time to time) ("CCPA") where IMI is acting in its capacity as a "business". The CCPA provides California residents with the right to know what categories of Personal Information IMI has collected about them, and whether IMI disclosed that Personal Information for a business purpose (e.g., to a service provider) in the preceding twelve months. California residents can find this information below:
Professional or employment-related information
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
The categories of sources from which we collect Personal Information and our business and commercial purposes for using and disclosing Personal Information are set forth in "Information We Collect", "How We Use Information", and "How We Share Information" above, respectively. We will retain Personal Information in accordance with the time periods set forth in "Data Retention."
Additional Disclosures
Disclosure Regarding "Sales" of Personal Information under the CCPA. In the preceding twelve months, IMI has not "sold" any Personal Information (as defined by the CCPA), nor does IMI have actual knowledge of any "sale" of Personal Information of minors under 16 years of age.
Disclosure Regarding "Sharing" for "Cross-Context Behavioral Advertising" under the CCPA. In the preceding twelve months, IMI has not "shared" any Personal Information for "cross-context behavioral advertising" (as such terms are defined in the CCPA), nor does IMI have actual knowledge of any "sharing" of Personal Information of minors under 16 years of age for "cross-context behavioral advertising".
Disclosure Regarding Opt-Out Preference Signals. IMI does not "sell" Personal Information or "share" Personal Information for "cross-context behavioral advertising" so it does not respond to opt-out preference signals.
Disclosure Regarding Sensitive Personal Information. IMI only uses and discloses sensitive Personal Information for the following purposes:
- To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted Personal Information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at IMI and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by IMI, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by IMI.
- For purposes that do not infer characteristics about individuals.
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent.Only you, or someone legally authorized to act on your behalf,may make a verifiable consumer request related to your PersonalInformation. You may also make a verifiable consumer request onbehalf of your minor child. To authorize an agent, provide writtenaurization signed by you and your designated agent and contact usat [email protected] for additional instructions.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request submitted under the CCPA.These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. Examples of our verification process may include asking you to provide the email address or phone number we have associated with you, opening a link sent to the contact information provided, and following the instructions on the website you are taken to.
Notice to EU Data Subjects
Personal Information
With respect to EU data subjects, the term "personal information" as used in this Privacy Policy is equivalent to "personal data" as defined in the European Union General Data Protection Regulation (GDPR).
Sensitive Data
Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.
Legal Bases for Processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described below. If you have questions about the legal bases under which we process your personal information, contact us at [email protected]
Processing Purposes
To communicate with you
To optimize our platform
For compliance, fraud prevention, and safety
To provide our service
Legal Basis
These processing activities constitute our legitimate interests. We attempt to consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
Processing Purpose
With your consent
Legal Basis
Where our use of your personal information is based upon your consent, you have the right to withdraw it at any time in the manner indicated in the Service or by contacting us at [email protected]
Your Rights
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Opt-out
Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
Access
Provide you with information about our processing of your personal information and give you access to your personal information.
Correct
Update or correct inaccuracies in your personal information.
Delete
Delete your personal information.
Transfer
Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict
Restrict the processing of your personal information.
Object
Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
Data Subject Access Rights Requests
We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected] or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator at this location.
Cross-Border Data Transfer
As described in our "A Note to Customers Outside the United States" section, please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Privacy Policy by visiting our Sites or using our Service.
Use for New Purposes
We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we may notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we may seek your consent for any unrelated purpose and allow you to terminate your use of the service at that time if you object.
Data Retention
We store your Personal Data securely throughout the life of your account with us. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. The criteria we use to determine storage periods include the applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements, and industry standards.
While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal data are described below.
Contact information for marketing purposes is retained on an ongoing basis until you un-subscribe. Thereafter we will add your details to our suppression list indefinitely. Email information collected from Accessibility Users will never be used for marketing purposes.
Records of communications with you (e.g. support tickets opened via email or Twitter) may be kept indefinitely.
Information collected via technical means such as cookies, webpage counters and other analytics tools is discarded as soon as practical, but may be kept for a limited period of up to one year from expiry of the cookie, typically in a de-identified and aggregated form unless we detect potential abuse of our service, in which case we will retain that information to aid us in preventing future abuse. We are unable to link this anonymized and aggregated information to you, your household, an IP address, or any personal information based on the information stored.
If you have any questions about this Privacy Policy, please contact us at:
Changes to this Privacy Policy
Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you, for example via email. The current version will always be posted to our Privacy Policy page.
If you have any questions about this Privacy Policy, please contact us at:
Cookie Policy
Last updated: July 18, 2020
We understand your privacy is important to you and are committed to being transparent about the technologies we use. This policy provides detailed information about how and when we use cookies on our Sites and Service.
Do we use Cookies?
Yes. We and our analytics or service providers, marketing partners, and affiliates may use cookies, web beacons, or pixels and other technologies to ensure everyone who uses the Sites has the best possible experience. Please see the "Third Party Analytics and Tracking Technologies" section of our Privacy Policy for more details.
GDPR Note: we believe the hCaptcha anti-bot service (i.e. the Service embedded by websites, games, or mobile apps) includes only so-called "consent-exempt" cookies pursuant to GDPR regulations. Examples of such exempt cookies include:
* Technical cookies strictly necessary for the provision of the service. These include preference cookies, session cookies, load balancing cookies, etc.
* Statistical cookies managed directly by us (i.e. first party, not third-party cookies), where the data is not used for profiling.
This is not legal advice, and no warranties are provided regarding this analysis. If you have additional questions or concerns, please contact us at:
The hCaptcha.com and BotStop.com websites (the Sites) may include additional cookies, as described in this Policy.
What is a Cookie?
A cookie ("Cookie") is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. You can find out more about each cookie by viewing our current cookie list below.
We update this list periodically, so there may be additional cookies that are not yet listed. Web beacons, tags and scripts may be used in the Sites or in emails to help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our service/analytics providers on an individual and aggregated basis.
Why do we use Cookies?
We generally use Cookies for the following purposes:
To recognize new or past users.
To store your login session information if you are registered on our Sites.
To improve our Site and to better understand your visits on our platforms and Site.
To integrate with third party social media websites.
To serve you with interest-based or targeted advertising.
To observe your behaviors and browsing activities over time across multiple websites or other platforms.
To better understand the interests of our Customers and Integrators.
Some Cookies are necessary for certain uses of the Sites, and without such Cookies, we would not be able to provide many services that you need to properly use the Sites. These Cookies, for example, allow us to operate our Sites so you may access it as you have requested and let us recognize that you have created an account and have logged into that account to access Site content. They also include Cookies that enable us to remember your previous actions within the same browsing session and secure our Sites.
We also use functional Cookies and Cookies from third parties for analysis and marketing purposes. Functional Cookies enable certain parts of the Sites to work properly and your user preferences to remain known. Analysis Cookies, among other things, collect information on how Customers, Integrators, and End-users use our Sites, the content and products that users view most frequently, and the effectiveness of our third party advertising. Advertising Cookies assist in delivering ads to relevant audiences and having our ads appear at the top of search results. Cookies are either "session" Cookies which are deleted when you end your browser session, or "persistent," which remain until their deletion by you (discussed below) or the party who served the cookie. Full details on all of the Cookies used on the Sites are available at our Cookie Disclosure table below.
How to disable Cookies.
You can generally activate or later deactivate the use of cookies through a functionality built into your web browser. If you want to learn more about cookies, or how to control, disable or delete them, please visit https://www.knowcookies.com/ for detailed guidance.
We may link the information collected by Cookies with other information we collect from you pursuant to this Privacy Policy and use the combined information as set forth herein. Similarly, the third parties who serve cookies on our Sites may link your name or email address to other information they collect, which may include past purchases made offline or online, or your online usage information.
If you are located in the European Economic Area, you have certain rights that are described above under the header "Notice to EU Data Subjects", including the right to inspect and correct or delete the data that we have about you.
Cookie(s) Disclosure
Name:
1. hmt_id
Function
1. Used for strictly necessary anonymous service-related statistics, and for other technical purposes like assisting in accessibility support.
Party
1. 1st party
Type
1. Session
Duration
1. 30 days
Names:
INGRESSCOOKIE,
__cfduid,
__cflb,
session,
sessionid
Function
2. Used for strictly necessary technical purposes: load balancing, routing.
Party
2. 1st party
Type
2. Session
Duration
2. Varies; up to 30 days.
Name:
hc_accessibility
Function
3. Used for strictly necessary technical purposes: enables Accessibility User use.
Party
3. 1st party
Type
3. Session
Duration
3. Varies; up to 30 days.
If you have any questions about this Cookie Policy, please contact us at:
Impressum (Site Notice)
Last updated: December 23, 2020
hCaptcha is a service of Intuition Machines, Inc. ("IMI"), a Delaware US Corporation (#6393793).
Mailed inquiries may be sent to: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110.
Note while local COVID-19 orders remain in effect there are no guarantees that mail will be received in a timely manner, and email ([email protected]) is the correct channel to reach us. The company does not maintain telephone or fax numbers; this is the 21st century.
Information about the current management of the company may be obtained on the About page. The company's current CEO is the managing director responsible for content.
Regulatory authority: US Federal Communications Commission, 45 L Street NE, Washington, DC 20554 USA.
IMI does not commit to, nor is it obliged to participate in, the alternative dispute resolution for consumer disputes in front of a consumer dispute resolution entity.
European Commission official website for Online Dispute Resolution:
http://www.ec.europa.eu/consumers/odr
No guarantees regarding content
All information contained on our internet pages has been validated by IMI or a third party. However, neither IMI nor third parties can be held responsible for information being current, accurate, or complete. This also applies to other websites which can be reached via hyperlinks on our pages. IMI accepts no responsibility for the content of these external websites.
No advice
The information provided on the internet pages does not represent individual advice and cannot replace this. If you need individual advice, please contact our support staff.
Use of this site
The content and design of our web pages are protected under copyright law. Duplication of the pages and their content in a manner that exceeds reasonable fair use requires prior written consent from IMI if there are no other legal provisions specified for duplication on the page.
Copyright
All text, images, graphical animation, videos, music, sounds and other material on these pages are protected under copyright law by IMI or third parties if specified. It is forbidden to copy or modify this material for commercial use in a manner that exceeds reasonable fair use.
Responsibility for this website
IMI is responsible for this website.
If you have any questions, please contact us at: