GDPR & Privacy

Squeaker is designed for privacy-conscious teams. The widget does not load big-tech trackers; verification runs on squeaker.cc infrastructure you configure through the dashboard.

What Squeaker stores

What we do not store

• Raw IP addresses (only HMAC-hashed)
• Browser fingerprints or advertising cookies in the widget
• End-user identity from your forms (name, email — that stays in your app)
• Challenge solutions or intermediate PoW values
• Raw touch/mouse coordinates from behavior analysis
• Third-party analytics or advertising data

Widget data collection

The widget communicates only with api.squeaker.cc. It does not load scripts from Google, Cloudflare Turnstile vendors, or other third-party CAPTCHA providers. No tracking cookies are set by the widget.

Behavior analysis privacy

When triggered (elevated anomaly score only), the widget sends aggregated movement metrics — not raw coordinates. This data is used solely for the current verification attempt and is not stored long-term.

Lawful basis (typical EU use)

• Legitimate interest — protecting your service from automated abuse.
• Contract — if verification is necessary to provide your service.

Consult your legal team for your specific use case.

Data subject requests

Squeaker does not identify end users by name or account. GDPR access/erasure requests from website visitors typically do not apply to verification logs (hashed IP + timestamp only).

Privacy policy template (suggested wording)

• We use Squeaker bot protection on forms to prevent automated abuse.
• Verification may process a hashed version of your IP address and a timestamp.
• No Google reCAPTCHA or similar big-tech CAPTCHA services are used.
• Retention: verification logs are kept for [X] days then deleted.

Contact

For privacy questions about Squeaker, contact your account administrator or see squeaker.cc.