简体中文
GeeTest CAPTCHA v4 Compliance Guide
In accordance with the Personal Information Protection Law, the Data Security Law, the Cybersecurity Law, and other applicable laws, regulations, and regulatory requirements, application developers and operators ( Developers) must respect and protect the personal information of end users when providing network products and services. Developers shall not illegally collect or use personal information, and must ensure that processing activities are based on end-user authorization and consent. Developers are required to follow the principle of data minimization and adopt effective technical and organizational measures to ensure the security of personal information.
To support Developers in meeting user data protection requirements when using GeeTest CAPTCHA v4, and to avoid potential risks of infringing upon end-user rights, this Compliance Guide is provided as a reference for Developers to conduct self-assessments and configure the service appropriately, with the goal of continuously improving personal information protection practices.
GeeTest CAPTCHA v4 Configuration Capabilities
1. Integration / Upgrade to the Latest SDK Version in Compliance with Regulatory Requirements
We place great importance on SDK functionality optimization, personal information security, and protection. To ensure compliance with the latest regulatory and industry requirements, the SDK is continuously updated and iterated to enhance product security and stability.
We strongly recommend Developers to integrate the latest SDK version in order to access the latest features and avoid adverse consequences resulting from delayed updates (e.g., app removal from app stores due to non-compliance).
Upon each SDK release, update details are published in the [Documentation Center] on the official website. Developers may also log into the user console to obtain the latest SDK version.
(英文后台中心对应位置需加入SDK Download Center 入口以及具体下载内容)
2. Configuration of SDK Extended Business Functions
Regulatory Requirement: The SDK Compliance Usage Guidelines must describe all extended business functions provided by the SDK, and explain how Developers can disable them, including configuration examples.
Integration Notes:
The extended business functions provided by GeeTest CAPTCHA v4 include:
- Usage statistics of CAPTCHA APIs
- Exception detection of CAPTCHA APIs
- Ensuring product and/or service compatibility across different devices
- Attribution analysis for CAPTCHA failures
GeeTest CAPTCHA v4 provides Developers with APIs to disable the above functions. Developers must implement these APIs in their applications to allow end users to opt out of such extended business functions. Once the end user opts out, Developers must ensure that GeeTest CAPTCHA v4 core verification functionality continues to work properly.
iOS Configuration Documentation: https://docs.geetest.com/BehaviorVerification/apirefer/api/ios
Android Configuration Documentation: https://docs.geetest.com/BehaviorVerification/apirefer/api/android
HarmonyOS Configuration Documentation: https://docs.geetest.com/BehaviorVerification/apirefer/api/harmonyos
3. Configuration of Optional Personal Information in the SDK
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly describe each category of optional personal information collected by the SDK, its purpose, applicable scenarios, and how Developers can disable such collection, with configuration examples.
Integration Notes: GeeTest CAPTCHA v4 currently does not provide any personal information collection items that users can choose to provide or withhold. In line with the principle of data minimization, only the personal information strictly necessary for functionality is collected. Should any optional personal information collection configurations be introduced in the future, Developers will be promptly notified.
4. Configuration of Data Collection Frequency and Granularity
Regulatory Requirement: If the SDK allows personal information to be collected at different frequencies or levels of granularity, the SDK Compliance Usage Guidelines must explain the purposes and scenarios for such collection, as well as provide configuration instructions and examples.
Integration Notes:
- Collection Frequency: Data collection by GeeTest CAPTCHA v4 occurs only when the app invokes related functions or when triggered by end-user interactions. The SDK does not perform background or scheduled collection, and no configurable frequency controls are involved.
- Collection Granularity: GeeTest CAPTCHA v4 does not support collection of personal information at varying levels of precision.
Summary of GeeTest CAPTCHA v4 Data Collection Frequency and Configuration:
Device Information
| Type of Personal Information | Configurable | Purpose and Use | Frequency | Platforms |
|---|---|---|---|---|
| Device Brand | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS |
| Device Model | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS |
| Operating System | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS |
| System Version | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS |
| System Language | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS |
| Device Name | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS |
| Memory Size | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS |
| Carrier Name | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS |
| Screen Height | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS |
| Screen Width | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS |
| Tablet Indicator (Yes/No) | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS |
| OAID | User configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android |
Network Information
| Type of Personal Information | Configurable | Purpose and Use | Frequency | Platforms |
|---|---|---|---|---|
| IP Address | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS / Web / Mini Program |
| Wi-Fi Indicator (Yes/No) | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS / Web / Mini Program |
| Network Type | Not configurable | Supporting business operations and security strategies | Collected passively upon each invocation | Android / iOS / HarmonyOS / Web / Mini Program |
5. SDK System Permissions
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly explain which system permissions the SDK requires, how each permission relates to specific business functions, and when these permissions are requested.
Integration Notes: For optional system permissions in GeeTest CAPTCHA v4, Developers can refer to the table below to understand the relationship between each permission and its corresponding business function, as well as the appropriate timing for requesting the permission.
GeeTest CAPTCHA v4 does not automatically request optional system permissions. However, not granting certain permissions may impact the functionality associated with them. Developers should configure permissions reasonably based on actual business needs.
Android Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| android.permission.INTERNET | Mandatory | Enables device access to the internet | At initial app installation |
iOS Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| Cellular | Optional | Allows network requests | When accessing the internet via cellular data |
HarmonyOS Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| ohos.permission.INTERNET | Mandatory | Allows the device to access the network | At initial app installation |
6. SDK Initialization and Business Function Invocation Timing
- SDK Initialization and Business Function Invocation Timing
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly specify the proper timing for SDK initialization and the invocation of its business function interfaces in a compliant manner. Applications are required to inform end users, through clear and easily accessible means such as pop-ups, text links, or attachments, about the rules for processing personal information. This disclosure must include information regarding the data controller, the purposes of processing, the methods and types of data collected, and the data retention periods. End-user authorization and consent must be obtained before any personal data is processed.
Integration Notes:
- Initialization Timing: Developers must ensure that GeeTest CAPTCHA v4 is initialized only after the end user has provided consent to the App’s privacy policy.
- Sensitive Permissions: Before obtaining user consent, the App should not request any sensitive device permissions related to personal information.
- Data Collection: Personal information must not be collected or uploaded prior to obtaining end-user consent.
- Background Execution: When the App is not actively providing services, for example, when it is running in the background, the SDK services should not be invoked.
For detailed guidance on initialization timing and platform-specific integration, please refer to the following documentation: - iOS Integration and Initialization: https://docs.geetest.com/BehaviorVerification/deploy/client/ios
- Android Integration and Initialization: https://docs.geetest.com/BehaviorVerification/deploy/client/android
- HarmonyOS Integration and Initialization: https://docs.geetest.com/BehaviorVerification/deploy/client/harmonyos
7. SDK Privacy Policy Disclosure Requirements and Example
Regulatory Requirement: TThe SDK Compliance Usage Guidelines shall provide an example of how the application should disclose the SDK privacy policy terms to end users. Such disclosure must include the SDK name, company name, types and purposes of personal information processed, collection methods, and links to the SDK’s privacy policy.
Integration Notes: After integrating GeeTest CAPTCHA v4, the SDK collects only the personal information necessary for performing verification functions. GeeTest CAPTCHA v4 is an upgraded version of the GeeTest CAPTCHA v3 product. It continuously adapts to evolving attack methods, increasing the difficulty and cost of fraudulent attacks. Its modular design ensures seamless adaptation to different interaction environments and deep integration with business scenarios. This approach balances security and user experience across industries and enterprise lifecycles.
Developers should disclose in their App privacy policy:
- The specific version and functional modules of GeeTest CAPTCHA v4 being used.
- The data collected and processed by the SDK.
Example of Privacy Policy Disclosure:
GeeTest CAPTCHA v4 SDK Privacy Policy:
- Third-Party SDK Name: GeeTest CAPTCHA v4 SDK
- Third-Party Entity: Wuhan Jiyi Network Technology Co., Ltd.
- Purpose of Use: Continuous dynamic adaptation to balance security and user experience under varying attack scenarios
- Types of Personal Information Collected: Device brand, device model, operating system, system version, system language, device name, memory size, carrier name, screen height, screen width, tablet indicator, OAID, IP address
- Collection Method: On-device collection by the SDK
- Third-Party Privacy Policy Link: [GeeTest CAPTCHA v4 Privacy Policy 上线后替换成隐私政策链接]
8. End-User Consent Mechanism Example
Regulatory Requirement: The SDK Compliance Usage Guidelines shall clearly describe the recommended approaches for obtaining end-user authorization and consent. Where separate and explicit consent from end users is required, the application must provide a prominent notice and include an example.
Integration Notes: When the Demo is first launched, a privacy pop-up must appear. It should display a brief version of the privacy policy with a link to the full version and clearly prompt end users to decide whether to agree. The pop-up must include both an “Agree” and a “Decline” button for users to make their choice.
Example:
9. End-User Rights Configuration
Regulatory Requirement: End users have the right to be informed about, decide on, access, copy, supplement, correct, withdraw consent for, delete, and request the deactivation of their personal information. If these rights are provided to end users through embedded interfaces, the SDK Compliance Usage Guidelines must specify the interface invocation methods and provide usage examples.
Integration Notes: After integrating GeeTest CAPTCHA v4 into the App, the SDK collects only the personal information necessary to enable the one-click verification functionality. Developers are responsible for providing end users with clear mechanisms or features to exercise their personal information rights in accordance with applicable laws and regulations.
If cooperation from GeeTest CAPTCHA v4 is required to fulfill end-user requests, developers should promptly contact us so that we may work jointly to resolve such matters.
Contact Email:service@geetest.com