Controller
HumanProof is a brand of Synergy Solutions GmbH.
Synergy Solutions GmbH, Tal 35, 80331 München, Germany
Phone: +49 (0)89 919 29 13 00
Email:
support@humanproof.eu
Data protection officer
DSZ GmbH
Wolfgang Evers
Brandlweg 5
83543 Rott am Inn
Phone: +49 8039 40 69 95 0
Email: wolfgang.evers@datenschutzzentrale.de
Hosting
HumanProof is hosted on infrastructure from Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. We do not use Cloudflare for HumanProof hosting or CDN delivery.
Data processed by the host may include IP addresses, technical request metadata, account data, project configuration, verification telemetry, logs, and other data generated through use of the platform. Hosting is used to provide the service, protect availability, and operate HumanProof securely and efficiently.
The legal basis is contract performance where hosting is required to provide the service, Art. 6(1)(b) GDPR, and our legitimate interest in secure and efficient service operation, Art. 6(1)(f) GDPR.
Data we process
We process account data, organization membership, project configuration, allowed domains, site keys, billing metadata, support messages, security logs, challenge starts, redeem results, verification outcomes, usage counters, risk reasons, and lightweight browser interaction signals required for bot protection and abuse analysis.
Purposes and legal bases
Data is used to provide authentication, project management, hosted proof-of-work challenges, server-side verification, billing, support, abuse prevention, usage accounting, security monitoring, and compliance records. Depending on the context, processing is based on contract performance, legitimate interests, legal obligations, or consent where required.
Cookies and local storage
HumanProof may use technically necessary cookies or session storage for login, security, CSRF protection, preferences, and application operation. We do not use these technologies for advertising retargeting. If optional cookies or similar technologies are introduced, they should be disclosed separately and used only with the required legal basis.
Website analytics
We use Umami for privacy-friendly website analytics to understand page views, referrers, browser and device categories, approximate visitor location, and basic usage patterns of the public website. The analytics setup is used without advertising retargeting or cross-site profiling and is intended to operate without analytics cookies.
The legal basis is our legitimate interest in measuring website performance, improving public content, and understanding launch and product interest, Art. 6(1)(f) GDPR. If we introduce analytics cookies, advertising pixels, heatmaps, or similar optional tracking, we will update this notice and request consent where required.
Contact and support
If you contact us by form or email, we process the information you provide to handle the request and follow-up questions. The legal basis is contract performance or pre-contractual measures where the request relates to a contract, and otherwise our legitimate interest in responding to inquiries.
Payment processing
Paid plans are processed through the configured payment provider. HumanProof stores billing status, customer and subscription identifiers, billing email, selected plan, billing interval, and audit events needed to reconcile account access and plan limits. Payment method details are handled by the payment provider, not stored directly by HumanProof.
Retention
Personal data is retained only as long as needed for the relevant purpose or as required by law. Account and billing records are retained while the account exists and where legal retention duties apply. Usage history, verification telemetry, audit logs, and billing webhook diagnostics are retained for limited operational periods according to the platform configuration and active plan.
Subprocessors
We use selected providers for hosting, payments, email delivery, support, monitoring, and diagnostics where required to operate HumanProof.
Your rights
You may request access, correction, deletion, restriction, portability, or object to certain processing under applicable law. You may also withdraw consent where processing is based on consent and lodge a complaint with a supervisory authority.
Security
HumanProof uses TLS encryption, server-side verification, domain enforcement, rate limits, plan gates, role-based account access, and operational logging to protect the service.