Hi OsTicket Team,
I hope you're doing well. I'm reaching out with a suggestion regarding the current use of Google reCAPTCHA in your platform, particularly on the community forum and possibly within the ticketing system.
As you may know, Google has announced significant changes to its reCAPTCHA service, effective April 2, 2026. From that date, Google will transition from being a data controller to a data processor under GDPR for reCAPTCHA data. While this improves compliance clarity, it still requires website operators to:
Remove direct links to Google’s Privacy Policy and Terms of Use related to reCAPTCHA.
Ensure proper legal basis (often user consent) before loading reCAPTCHA scripts.
Implement additional compliance measures, especially in the EU, due to data transfers to the U.S. and behavioral tracking.
Moreover, Google reCAPTCHA (especially v2 and v3) collects user data such as IP addresses, browser fingerprints, and interaction patterns—even when users aren’t completing a challenge. This raises privacy concerns and complicates GDPR and ePrivacy compliance for organizations using OsTicket in regulated environments.
Given these challenges, I’d like to suggest considering a privacy-first alternative CAPTCHA solution, such as:
PoW-Captcha (Proof-of-Work CAPTCHA): A lightweight, client-side challenge that uses minimal JavaScript to verify human users without tracking or personal data collection.
hCaptcha (with privacy mode): Offers a more privacy-conscious option and supports regional data processing.
Friendly Captcha: Based in the EU, it uses zero-knowledge proofs and doesn’t rely on cookies or personal data, making it fully GDPR-friendly out of the box.
These alternatives reduce legal risk, improve accessibility, and maintain strong bot protection—without requiring complex privacy disclosures or consent banners.
Adopting a privacy-respecting CAPTCHA by default (or offering it as a recommended option) would position OsTicket as a more secure and compliant choice for schools, healthcare providers, government agencies, and other privacy-sensitive organizations.
This will be important also for the new OsTicket 2.0
Thanks for your continued work on this great open-source project!
Best regards
