This page is a short orientation for procurement and counsel. The binding instrument is the full Data Processing Addendum (May 15, 2026), incorporated by reference into the Terms of Service.
This summary is not the legal instrument. Final DPA terms require counsel review for your entity and jurisdiction.
What we expect in an executed DPA
Roles: You as controller (or processor-to-subprocessor chain) and CapchaCloud as processor where applicable — roles depend on facts.
Instructions: Processing limited to providing the service per your configuration and our Terms.
Subprocessors: Listed or incorporated by reference with notice mechanism (Subprocessors Policy).
International transfers: SCCs / UK IDTA / Swiss adaptations as described in DPA §11 — finalized with counsel.
Assistance: Reasonable cooperation for breach notifications subject to law and technical feasibility.
For product questions (embed, billing, capture, trust pages), use the live support assistant — hosted inference on Cloudflare. It is not legal counsel and cannot sign or negotiate agreements.
For an executed enterprise addendum, prepare: legal entity, regions/subsidiaries, planned data categories, and review the full DPA with your counsel. Human review and contracting follow outside this chat (typical turnaround: business days, not instant).