%20--%3e%3csvg%20version='1.1'%20xmlns='http://www.w3.org/2000/svg'%20x='0px'%20y='0px'%20viewBox='0%200%20207.3%2029'%20style='enable-background:new%200%200%20207.3%2029;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%231E293B;}%20.st1{fill:%232563eb;}%20%3c/style%3e%3cg%20id='Ebene_1'%3e%3cg%20id='Ebene_2_00000023959154727838081460000010218683892316788135_'%3e%3cg%3e%3cg%3e%3cpath%20class='st0'%20d='M24.3,7.4c0-0.8,0-1.5,0-2.2c0-0.6-0.4-1-1-1c-4.4,0-7.6-1.2-10.4-3.9c-0.4-0.3-1-0.3-1.5,0%20C8.7,2.9,5.4,4.1,1.1,4.1c-0.6,0-1,0.5-1,1c0,0.7,0,1.5,0,2.2c-0.2,7.4-0.4,17.3,11.8,21.6l0.3,0.1l0.3-0.1%20C24.6,24.6,24.4,14.7,24.3,7.4z%20M11.4,17.5C11.4,17.5,11.3,17.5,11.4,17.5c-0.3,0.2-0.5,0.3-0.8,0.3l0,0c-0.3,0-0.5-0.2-0.7-0.3%20l-2.7-3c-0.3-0.3-0.3-0.9,0.1-1.1L7.5,13c0.3-0.3,0.9-0.3,1.1,0.1l1.4,1.6c0.3,0.3,0.8,0.3,1.1,0.1l4.4-4.2%20c0.3-0.3,0.9-0.3,1.1,0l0.3,0.3c0.3,0.3,0.3,0.9,0,1.1L11.4,17.5z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%20id='Ebene_2'%3e%3cg%3e%3cpath%20class='st1'%20d='M46.3,8.6h-5.1v14.1h-2.8V8.6h-5.1V6.2h13V8.6z'/%3e%3cpath%20class='st1'%20d='M54.3,16.2h-3.2v6.3h-2.8V6.2h5.8c1.9,0,3.3,0.4,4.4,1.3S60,9.6,60,11.2c0,1.1-0.3,2-0.8,2.8%20c-0.5,0.7-1.3,1.3-2.2,1.7l3.7,6.8v0.2h-3L54.3,16.2z%20M51.1,13.9H54c1,0,1.7-0.2,2.2-0.7s0.8-1.1,0.8-2s-0.2-1.5-0.8-2%20C55.7,8.7,55,8.5,54,8.5h-3v5.4H51.1z'/%3e%3cpath%20class='st1'%20d='M74.3,6.2v10.9c0,1.7-0.6,3.1-1.7,4.1s-2.6,1.5-4.4,1.5c-1.9,0-3.4-0.5-4.5-1.5c-1.1-1-1.6-2.3-1.6-4.1V6.2%20h2.8v10.9c0,1.1,0.3,1.9,0.8,2.5c0.5,0.6,1.4,0.9,2.5,0.9c2.2,0,3.3-1.1,3.3-3.5V6.2H74.3z'/%3e%3cpath%20class='st1'%20d='M85.7,18.3c0-0.7-0.2-1.3-0.8-1.7c-0.5-0.4-1.4-0.8-2.7-1.2c-1.3-0.4-2.4-0.8-3.1-1.3%20c-1.5-0.9-2.2-2.2-2.2-3.7c0-1.3,0.5-2.4,1.6-3.3s2.5-1.3,4.2-1.3c1.1,0,2.2,0.2,3,0.6c0.8,0.4,1.6,1,2.1,1.8s0.8,1.6,0.8,2.6%20h-2.8c0-0.9-0.3-1.5-0.8-2s-1.3-0.7-2.3-0.7c-0.9,0-1.7,0.2-2.2,0.6s-0.8,1-0.8,1.7c0,0.6,0.3,1.1,0.8,1.5s1.5,0.8,2.7,1.2%20c1.2,0.4,2.3,0.8,3.1,1.3c0.8,0.5,1.3,1,1.7,1.7c0.4,0.6,0.5,1.4,0.5,2.2c0,1.4-0.5,2.5-1.6,3.2c-1,0.8-2.5,1.2-4.2,1.2%20c-1.2,0-2.3-0.2-3.3-0.7c-1-0.4-1.8-1-2.3-1.8s-0.8-1.7-0.8-2.7h2.8c0,0.9,0.3,1.6,0.9,2.2c0.6,0.6,1.5,0.8,2.6,0.8%20c1,0,1.7-0.2,2.2-0.6C85.4,19.5,85.7,19,85.7,18.3z'/%3e%3cpath%20class='st1'%20d='M102.6,8.6h-5.1v14.1h-2.8V8.6h-5.1V6.2h13V8.6z'/%3e%3cpath%20class='st0'%20d='M117,17.2c-0.2,1.7-0.8,3.1-1.9,4.1s-2.6,1.5-4.5,1.5c-1.3,0-2.4-0.3-3.4-0.9c-1-0.6-1.8-1.5-2.3-2.6%20c-0.5-1.1-0.8-2.5-0.8-4v-1.5c0-1.5,0.3-2.9,0.8-4.1s1.3-2.1,2.3-2.7s2.2-0.9,3.5-0.9c1.8,0,3.3,0.5,4.4,1.5s1.7,2.4,1.9,4.1h-2.8%20c-0.1-1.2-0.5-2-1-2.5c-0.6-0.5-1.4-0.8-2.4-0.8c-1.2,0-2.2,0.5-2.8,1.4c-0.7,0.9-1,2.2-1,4v1.5c0,1.8,0.3,3.1,0.9,4.1%20s1.6,1.4,2.8,1.4c1.1,0,1.9-0.2,2.5-0.8c0.6-0.5,0.9-1.3,1.1-2.5L117,17.2L117,17.2z'/%3e%3cpath%20class='st0'%20d='M128.5,18.8h-6.4l-1.3,3.8h-2.9l6.2-16.4h2.6l6.2,16.4h-3L128.5,18.8z%20M122.9,16.5h4.7l-2.4-6.8L122.9,16.5z'%20/%3e%3cpath%20class='st0'%20d='M137.2,16.5v6.1h-2.8V6.2h6.3c1.8,0,3.3,0.5,4.3,1.4c1.1,1,1.6,2.2,1.6,3.8c0,1.6-0.5,2.9-1.6,3.7%20c-1.1,0.8-2.5,1.3-4.4,1.3C140.6,16.4,137.2,16.4,137.2,16.5z%20M137.2,14.2h3.4c1,0,1.8-0.2,2.3-0.7s0.8-1.2,0.8-2.1%20s-0.3-1.6-0.8-2.1s-1.3-0.8-2.2-0.8h-3.5C137.2,8.6,137.2,14.2,137.2,14.2z'/%3e%3cpath%20class='st0'%20d='M160.7,8.6h-5.1v14.1h-2.8V8.6h-5.1V6.2h13V8.6L160.7,8.6z'/%3e%3cpath%20class='st0'%20d='M175.1,17.2c-0.2,1.7-0.8,3.1-1.9,4.1c-1.1,1-2.6,1.5-4.5,1.5c-1.3,0-2.4-0.3-3.4-0.9c-1-0.6-1.8-1.5-2.3-2.6%20c-0.5-1.1-0.8-2.5-0.8-4v-1.5c0-1.5,0.3-2.9,0.8-4.1s1.3-2.1,2.4-2.7c1-0.6,2.2-0.9,3.5-0.9c1.8,0,3.3,0.5,4.4,1.5%20s1.7,2.4,1.9,4.1h-2.8c-0.1-1.2-0.5-2-1-2.5S170,8.4,169,8.4c-1.2,0-2.2,0.5-2.9,1.4s-1,2.2-1,4v1.5c0,1.8,0.3,3.1,0.9,4.1%20c0.6,0.9,1.6,1.4,2.8,1.4c1.1,0,1.9-0.2,2.5-0.8c0.6-0.5,0.9-1.3,1.1-2.5L175.1,17.2L175.1,17.2z'/%3e%3cpath%20class='st0'%20d='M190.4,22.5h-2.8v-7.2h-7.3v7.2h-2.8V6.2h2.8v6.8h7.3V6.2h2.8V22.5z'/%3e%3cpath%20class='st0'%20d='M202.8,18.8h-6.3l-1.3,3.8h-2.9l6.2-16.4h2.6l6.2,16.4h-3L202.8,18.8z%20M197.3,16.5h4.7l-2.4-6.8L197.3,16.5z'%20/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
'%3e%3crect%20width='32'%20height='24'%20fill='white'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M0%200V24H32V0H0Z'%20fill='%232E42A5'/%3e%3cmask%20id='mask0_270_67386'%20style='mask-type:luminance'%20maskUnits='userSpaceOnUse'%20x='0'%20y='0'%20width='32'%20height='24'%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M0%200V24H32V0H0Z'%20fill='white'/%3e%3c/mask%3e%3cg%20mask='url(%23mask0_270_67386)'%3e%3cpath%20d='M-3.56323%2022.2854L3.47846%2025.2635L32.1597%203.23787L35.874%20-1.18761L28.344%20-2.18297L16.6456%207.3085L7.22956%2013.7035L-3.56323%2022.2854Z'%20fill='white'/%3e%3cpath%20d='M-2.59924%2024.3719L0.988173%2026.1001L34.5402%20-1.59881H29.5031L-2.59924%2024.3719Z'%20fill='%23F50100'/%3e%3cpath%20d='M35.5631%2022.2854L28.5214%2025.2635L-0.159817%203.23787L-3.87415%20-1.18761L3.65593%20-2.18297L15.3543%207.3085L24.7703%2013.7035L35.5631%2022.2854Z'%20fill='white'/%3e%3cpath%20d='M35.3229%2023.7829L31.7355%2025.5111L17.4487%2013.6518L13.2129%2012.3267L-4.23151%20-1.17246H0.805637L18.2403%2012.0063L22.8713%2013.5952L35.3229%2023.7829Z'%20fill='%23F50100'/%3e%3cmask%20id='path-7-inside-1_270_67386'%20fill='white'%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M19.7777%20-2H12.2222V8H-1.97253V16H12.2222V26H19.7777V16H34.0275V8H19.7777V-2Z'/%3e%3c/mask%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M19.7777%20-2H12.2222V8H-1.97253V16H12.2222V26H19.7777V16H34.0275V8H19.7777V-2Z'%20fill='%23F50100'/%3e%3cpath%20d='M12.2222%20-2V-4H10.2222V-2H12.2222ZM19.7777%20-2H21.7777V-4H19.7777V-2ZM12.2222%208V10H14.2222V8H12.2222ZM-1.97253%208V6H-3.97253V8H-1.97253ZM-1.97253%2016H-3.97253V18H-1.97253V16ZM12.2222%2016H14.2222V14H12.2222V16ZM12.2222%2026H10.2222V28H12.2222V26ZM19.7777%2026V28H21.7777V26H19.7777ZM19.7777%2016V14H17.7777V16H19.7777ZM34.0275%2016V18H36.0275V16H34.0275ZM34.0275%208H36.0275V6H34.0275V8ZM19.7777%208H17.7777V10H19.7777V8ZM12.2222%200H19.7777V-4H12.2222V0ZM14.2222%208V-2H10.2222V8H14.2222ZM-1.97253%2010H12.2222V6H-1.97253V10ZM0.0274658%2016V8H-3.97253V16H0.0274658ZM12.2222%2014H-1.97253V18H12.2222V14ZM14.2222%2026V16H10.2222V26H14.2222ZM19.7777%2024H12.2222V28H19.7777V24ZM17.7777%2016V26H21.7777V16H17.7777ZM34.0275%2014H19.7777V18H34.0275V14ZM32.0275%208V16H36.0275V8H32.0275ZM19.7777%2010H34.0275V6H19.7777V10ZM17.7777%20-2V8H21.7777V-2H17.7777Z'%20fill='white'%20mask='url(%23path-7-inside-1_270_67386)'/%3e%3c/g%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_270_67386'%3e%3crect%20width='32'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3crect%20width='32'%20height='24'%20fill='white'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M0%2016H32V24H0V16Z'%20fill='%23FFD018'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M0%208H32V16H0V8Z'%20fill='%23E31D1C'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M0%200H32V8H0V0Z'%20fill='%23272727'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_270_67353'%3e%3crect%20width='32'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3crect%20width='32'%20height='24'%20fill='white'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M22%200H32V24H22V0Z'%20fill='%23F50100'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M0%200H12V24H0V0Z'%20fill='%232E42A5'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M10%200H22V24H10V0Z'%20fill='%23F7FCFF'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_270_67361'%3e%3crect%20width='32'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
You’ve already ruled out reCAPTCHA
Good. Now you’re weighing two privacy-first European options and trying to figure out where they actually differ — because on the surface, both make similar promises.
This article lays out the real differences: where your users’ data goes at each plan tier, how deep the bot detection actually runs, what the widget looks like on your site, and what you pay for each level of protection.
The one question that settles most comparisons early
Before getting into features, there is a structural question that resolves the decision for a large share of European buyers: on which plan does EU-only data processing start?
Friendly Captcha routes verification traffic through a global endpoint by default. Their dedicated EU endpoint — processing within Germany — is documented as an Advanced plan feature. Friendly Captcha’s Advanced plan is priced at €200 per month.
TrustCaptcha processes all verification data exclusively on EU infrastructure on every plan, including the €8 per month Hobby plan. This is not a configuration option. It is the default.
For organisations where EU data residency is a hard requirement — public sector, healthcare, regulated finance, any team that gets audited — this question alone often ends the comparison. If your DPO needs to sign off on data flows and you are not on a €200/month plan, TrustCaptcha’s answer is simpler to document.
If EU routing is handled at your plan tier already, or if budget is not a constraint, the comparison continues.
How bot detection actually works — and why a score changes everything
Both products use proof-of-work as a foundation. A small cryptographic computation runs in the visitor’s browser in the background. No puzzles. No clicks required. When it completes, a token is sent to your server for validation. Both products return a pass or fail on whether the token is valid.
TrustCaptcha goes further than that binary result.
Every verification response from TrustCaptcha includes a granular bot risk score, derived from a second analysis layer that evaluates static and dynamic signals: browser inconsistencies, automation indicators, device fingerprint anomalies, and behavioural patterns. Your server receives this score and you decide what to do with it.
That decision layer is what makes the practical difference. With a binary pass/fail, your options are limited: let the request through or block it. With a score, you can build graduated responses:
- Trusted score (e.g. 0–0.4): proceed normally
- Neutral score (e.g. 0.4–0.7): flag for review, require email confirmation, or add a secondary check
- Suspicious score (e.g. 0.7–1): block the request or route to a manual queue
This matters in scenarios where a blunt block creates friction for legitimate users but a straight pass allows low-confidence traffic through. Contact form abuse, login rate-limiting, and checkout protection all benefit from a graduated approach that proof-of-work alone cannot provide.
Friendly Captcha’s Advanced plan includes risk intelligence features, available at €200 per month. TrustCaptcha’s risk score is available from the Advanced plan at €36 per month.
Access control: acting on risk without custom backend logic
Having a risk score is one thing. Being able to act on it at a rules level — without writing custom backend logic every time — is another.
TrustCaptcha includes a multi-condition access rule builder that lets you define exactly what should happen based on IP address, country, language, time zone, browser, operating system, or device type. Rules can use match-any, match-all, or match-none logic. They support expiration dates. Named rule sets can be applied across multiple sites in a dashboard.
Geoblocking is available from the Business plan (€168/month). IP allowlists and blocklists are available from the Advanced plan (€36/month), with limits scaling by tier. Bypass keys allow test environments and CI pipelines to skip verification without disabling the integration in production.
Friendly Captcha does not document comparable access rule functionality at the plan tiers where most teams operate.
How the widget looks on your site
A CAPTCHA widget sits on your login page, your contact form, your checkout flow. An unstyled third-party widget that does not match your brand degrades the experience.
With TrustCaptcha, every element and text of the widget is configurable — colours, border, corner radius, and theme can all be adjusted to match your design system. Light and dark modes are included with automatic system preference detection. Any language is supported, since every text string in the widget can be customised or replaced entirely. Branding can be removed entirely upon request, which is relevant for agencies and SaaS platforms embedding verification into client products.
Friendly Captcha offers a light theme (default) and a dark theme, selectable via a data attribute. Custom styling beyond that requires writing and maintaining CSS directly using their skipStyleInjection option. That approach works, but it is developer work rather than a configuration option, and it needs to be maintained when the widget is updated.
For teams who want the widget to look like part of their product, TrustCaptcha’s approach requires significantly less ongoing effort.
Pricing: what you get per euro
Both products publish pricing publicly. The numbers are close at entry level and diverge meaningfully as plans scale.
| Plan level | Friendly Captcha | TrustCaptcha |
|---|---|---|
| Non-commercial free | 1,000 req/mo · 1 domain | 500 verifications/mo · 1 website |
| Entry paid | €9/mo · 1,000 req · 1 domain | €8/mo · 1,000 verifications · 1 website |
| Growth | €39/mo · 5,000 req · 5 domains | €36/mo · 10,000 verifications · 5 websites |
| Mid-market | €200/mo · 50,000 req · 50 domains + EU endpoint | €168/mo · 50,000 verifications · 20 websites |
| Enterprise | Custom | €289/mo · 150,000 verifications · 50 websites |
| Custom | — | Contact Sales · Unlimited |
At the growth tier, TrustCaptcha’s Advanced plan (€36/month) delivers more than double the verification volume of Friendly Captcha’s Growth plan (€39/month) — 10,000 versus 5,000 — at a lower price, and includes the risk score, access rules, and IP management not available on Friendly Captcha’s Growth plan.
For non-commercial projects, Friendly Captcha has a clear advantage: its free tier covers 1,000 monthly requests, twice TrustCaptcha’s 500. For open-source tools, community sites, or student projects, Friendly Captcha is the stronger starting point at zero cost.
At the mid-market tier, Friendly Captcha’s €200/month plan is where EU-only routing becomes available. TrustCaptcha’s €168/month Business plan — cheaper — already includes EU hosting, geoblocking, 30-day audit logs, and a 99.9% uptime SLA.
Integration: where each product plugs in
Both products follow the same pattern: a frontend widget snippet, a server-side token verification call, and a privacy notice update. The migration from one to the other is not architecturally complex for most teams.
TrustCaptcha maintains 25+ official integrations, all kept current by the TrustCaptcha team — covering React, Vue, Angular, Svelte, Node.js, PHP, WordPress, TYPO3, Magento 2, Shopware 6, Keycloak, Webflow, and more. On most mainstream platforms, teams can install TrustCaptcha without custom integration work.
Friendly Captcha also offers a solid integration ecosystem with official framework SDKs, community-maintained libraries, and comprehensive developer documentation — including migration guides from reCAPTCHA and hCaptcha.
What compliance and procurement teams need to see
When a DPO, legal counsel, or public-sector procurement desk reviews your CAPTCHA integration, they typically ask for four things: where data is processed, what data is collected, whether a DPA is in place, and whether there is an audit record of configuration changes.
Data processing location: TrustCaptcha processes exclusively on EU infrastructure on all plans. No US data transfers at any tier.
Data collected: TrustCaptcha operates without cookies and without personal data storage. Processing is purpose-limited to bot detection.
DPA: Included on all plans. Available for online signature. Custom terms available at Enterprise level.
Audit logs: TrustCaptcha logs all account-level events — user invitations, API key changes, access rule modifications, IP list updates, geoblocking changes, billing events, role updates, and contract changes. Retention is 7 days on Advanced, 30 days on Business, and 365 days with export on Enterprise.
For organisations preparing GDPR Article 30 Records of Processing Activities, the combination of default EU hosting and structured audit logs simplifies documentation considerably.
Full side-by-side comparison
| Criterion | Friendly Captcha | TrustCaptcha |
|---|---|---|
| Company base | Germany | Germany |
| EU-only processing | Advanced plan (€200/mo) and above | All plans, including €8/mo Hobby |
| Cookies | None | None |
| Profiling | None | None |
| Bot detection | Proof-of-work; risk intelligence on Advanced (€200/mo) | Adaptive PoW + granular risk score from €36/mo |
| Access rules / geoblocking | Not documented | Available from Advanced (€36/mo) |
| Widget customisation | Light / dark themes; custom CSS | Per-element and text configuration; theme options |
| Branding removal | Not documented | Available on request |
| Accessibility | WCAG 2.2 AA, WACA Gold | WCAG 2.2 AA, European Accessibility Act aligned |
| Integrations | Official plugins, framework SDKs, community libraries | 25+ officially maintained integrations and community libraries |
Which product fits your situation
TrustCaptcha is typically the stronger fit when:
- EU data residency is a hard procurement requirement regardless of plan tier
- You need a risk score to build graduated responses — not just pass or fail
- Your forms require geoblocking or IP-level access control without custom backend logic
- The widget needs to match your brand without writing and maintaining custom CSS
- You run an agency or SaaS platform and need branding removal
Friendly Captcha is worth choosing when:
- You need a non-commercial free plan with 1,000 monthly requests for an open-source or community project
- You want a broad integration ecosystem with established SDK libraries and migration guides
- Your evaluation is primarily developer-led and open-source tooling matters most
- Your procurement process specifically requires the highest available WACA certification grade (WACA Gold)
Moving from Friendly Captcha to TrustCaptcha
The migration is a configuration swap rather than an architectural rethink. Both products use the same general pattern.
1. List every protected flow. Identify all pages, forms, and API endpoints currently running Friendly Captcha. Note which endpoint your widgets use and what plan you are on.
2. Create a TrustCaptcha account and generate site keys. One key per domain. Free trial available, no credit card required.
3. Replace the widget. Remove Friendly Captcha’s script and markup. Load the TrustCaptcha widget for your stack — via the React component, the Vue plugin, the WordPress plugin, or whichever integration matches your platform.
4. Update server-side verification. Swap the verification endpoint URL, update the token field name, and adjust the credential parameter. Optionally, read the risk score from the response and add graduated logic based on the score value.
5. Revise privacy documentation. Update your privacy notice to reflect TrustCaptcha. Since EU-only processing is the default, the endpoint description is simple: all verification data is processed on EU infrastructure.
6. Test before deploying. Start with login and registration flows. Confirm completion rates, false-positive behaviour, and accessibility with keyboard navigation before rolling out to remaining forms.
Try TrustCaptcha for free
👉 Try TrustCaptcha for free — no credit card required. EU hosting included from day one.
