Cookie Policy
We set a cookie only when you log in or register. If you never do either, no cookies are ever set. Zero tracking, zero advertising cookies.
✔ Short version: If you have not logged in or registered, we set zero cookies. Period. When you log in or register, we set one strictly necessary cookie (xcaptchatoken) that expires in 25 minutes. No tracking, no advertising, no third-party cookies — anywhere.
1. What Is a Cookie?
A cookie is a small text file stored in your browser by a website. Captxa uses cookies only for authentication — never for tracking or advertising.
2. Cookies on the Public Website
None. If you visit captxa.com without logging in or registering, no cookies are set. There are no analytics scripts, no tracking pixels, and no advertising tags on any Captxa page.
3. Cookie Set During Login or Registration
The following cookie is set only when you log in or register:
| Name | Purpose | Duration | Type |
|---|---|---|---|
| xcaptchatoken | Authentication token set when you log in or register. Used to verify your identity during the active session. | 25 minutes from creation | Strictly necessary |
This cookie expires automatically after 25 minutes and is not renewed passively — it is only set again upon a new login or registration action.
4. Local Storage
In addition to the cookie above, Captxa stores two items in your browser's Local Storage when you log in. Local Storage values are not cookies and are never transmitted to our servers automatically:
| Key | Purpose | Set when |
|---|---|---|
| sessiontoken | Stores your session token client-side so the application can authenticate requests during your logged-in session. | On login |
| cookies-accepted | Records that you have acknowledged the cookie notice, so it is not shown again on subsequent visits. | On dismissing the cookie banner |
You can clear Local Storage at any time via your browser's developer tools or settings. Clearing sessiontoken will log you out. Clearing cookies-accepted will cause the cookie banner to appear again on your next visit.
5. No Third-Party Cookies
We do not embed any third-party scripts that set cookies. There are no Google Analytics, Facebook Pixel, Hotjar, Intercom, or similar trackers on any Captxa page, ever.
6. Consent
Because our only cookie is strictly necessary for authentication, it does not legally require prior consent under the EU ePrivacy Directive and GDPR guidelines. We display a cookie notice purely for transparency. If you are not logged in or registered, dismissing the notice does not change anything — no cookies were set before or after you clicked "Got it."
7. Managing Cookies
You can view and delete cookies via your browser settings. Deleting the xcaptchatoken cookie will invalidate your current authentication token. Since it expires after 25 minutes regardless, this generally has minimal impact. This has no effect on the Captxa CAPTCHA widget running on other websites.
8. The CAPTCHA Widget
The Captxa CAPTCHA widget that runs on your visitors' browsers (when you integrate it into your site) does not set any cookies. It uses short-lived encrypted tokens — not cookies — to bind a challenge to a session.
9. Changes
If we ever add new cookies or Local Storage items, we will update this page and notify registered users by email at least 14 days in advance.
Questions about this document? hello@captxa.com