MTCaptcha - CAPTCHA Security Widget Consent Controls

Overview

MTCaptcha provides bot detection and human verification through embedded challenge widgets. It operates as a privacy-focused CAPTCHA alternative, offering GDPR-compliant verification without relying on behavioral tracking across websites. The service is designed to function as a security layer rather than a data collection mechanism, distinguishing it from services like reCAPTCHA that perform broader behavioral analysis.

What This Script Does

MTCaptcha loads a JavaScript SDK from service.mtcaptcha.com that renders a challenge widget within designated form elements. The script generates a visual or invisible challenge, evaluates the user's interaction, and returns a verification token to the host page. This token is submitted with the form data and validated server-side via MTCaptcha's API.

The script makes network requests to service.mtcaptcha.com for challenge retrieval and token validation. It stores a session-scoped identifier in localStorage to maintain verification state during the page session. MTCaptcha does not set persistent cookies for cross-session tracking. The widget loads CSS and image assets from its CDN to render the challenge interface.

Data collected is limited to challenge response metrics, IP address (for abuse detection), and browser environment details needed to distinguish human interaction from automated requests. No personal data beyond IP address is processed, and MTCaptcha states it does not share verification data with third parties.

Consent & Compliance

MTCaptcha falls into the essential/strictly necessary category under GDPR and the ePrivacy Directive. CAPTCHA verification is a security mechanism required to protect form submissions from automated abuse, which constitutes a legitimate interest under GDPR Article 6(1)(f).

Under the ePrivacy Directive, cookies and storage used strictly for security purposes are exempt from consent requirements. MTCaptcha's session storage usage qualifies for this exemption as it serves no purpose beyond the active verification process.

CCPA implications are minimal since MTCaptcha does not sell personal information or build user profiles. The IP address processing for bot detection does not constitute a sale of personal data under CCPA definitions.

Should You Block This Without Consent?

No.

MTCaptcha is a security service that protects forms from bot abuse. Blocking it without consent would break form functionality and remove critical spam protection. CAPTCHA services are classified as strictly necessary under ePrivacy Directive Article 5(3), exempt from consent requirements.

Visit website

Consent Categories

Essential

Also Known As

mtcaptchamt captchacaptcha widgetbot verification consentmtcaptcha security

Industries

Computers Electronics and Technology

Tracked Domains (1)

mtcaptcha.comEssential

Frequently Asked Questions

Does MTCaptcha require user consent to operate?

No. MTCaptcha is classified as strictly necessary under GDPR and the ePrivacy Directive. CAPTCHA verification is a security mechanism protecting forms from automated abuse, qualifying as legitimate interest under GDPR Article 6(1)(f). Its session storage usage is exempt from consent requirements.

What data does MTCaptcha collect during verification?

MTCaptcha collects challenge response metrics, IP address for abuse detection, and browser environment details to distinguish human interaction from automated requests. It does not set persistent tracking cookies, uses only session-scoped localStorage, and does not share verification data with third parties.

How does ConsentStack treat MTCaptcha?

ConsentStack classifies MTCaptcha as essential and excludes it from consent-gating entirely. Because it is a security service protecting form submissions from bots, ConsentStack loads it unconditionally alongside other strictly necessary scripts, regardless of whether the visitor has made any consent selection.