简体中文
GeeTest CAPTCHA v3 Compliance Guide
In accordance with the Personal Information Protection Law, the Data Security Law, the Cybersecurity Law, and other applicable laws, regulations, and regulatory requirements, application developers and operators ( Developers) must respect and protect the personal information of end users when providing network products and services. Developers shall not illegally collect or use personal information, and must ensure that processing activities are based on end-user authorization and consent. Developers are required to follow the principle of data minimization and adopt effective technical and organizational measures to ensure the security of personal information.
To support Developers in meeting user data protection requirements when using GeeTest CAPTCHA v3, and to avoid potential risks of infringing upon end-user rights, this Compliance Guide is provided as a reference for Developers to conduct self-assessments and configure the service appropriately, with the goal of continuously improving personal information protection practices.
GeeTest CAPTCHA v3 Configuration Capabilities
1. Integration / Upgrade to the Latest SDK Version in Compliance with Regulatory Requirements
We place great importance on SDK functionality optimization, personal information security, and protection. To ensure compliance with the latest regulatory and industry requirements, the SDK is continuously updated and iterated to enhance product security and stability.
We strongly recommend Developers to integrate the latest SDK version in order to access the latest features and avoid adverse consequences resulting from delayed updates (e.g., app removal from app stores due to non-compliance).
Upon each SDK release, update details are published in the [Documentation Center] on the official website. Developers may also log into the user console to obtain the latest SDK version.
(英文后台中心对应位置需加入SDK Download Center 入口以及具体下载内容)
2. Configuration of SDK Extended Business Functions
Regulatory Requirement: The SDK Compliance Usage Guidelines must describe all extended business functions provided by the SDK, and explain how Developers can disable them, including configuration examples.
Integration Notes:
The extended business functions provided by GeeTest CAPTCHA v3 SDK include:
- Usage statistics of CAPTCHA APIs
- Exception detection of CAPTCHA APIs
- Ensuring product and/or service compatibility across different devices
- Attribution analysis for CAPTCHA failures
GeeTest CAPTCHA v3 provides Developers with APIs to disable the above functions. Developers must implement these APIs in their applications to allow end users to opt out of such extended business functions. Once the end user opts out, Developers must ensure that GeeTest CAPTCHA v3 core verification functionality continues to work properly.
iOS Configuration Documentation: https://docs.geetest.com/captcha/apirefer/api/ios
Android Configuration Documentation: https://docs.geetest.com/captcha/apirefer/api/android
3. Configuration of Optional Personal Information in the SDK
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly describe each category of optional personal information collected by the SDK, its purpose, applicable scenarios, and how Developers can disable such collection, with configuration examples.
Integration Notes: GeeTest CAPTCHA v3 currently does not provide any personal information collection items that users can choose to provide or withhold. In line with the principle of data minimization, only the personal information strictly necessary for functionality is collected. Should any optional personal information collection configurations be introduced in the future, Developers will be promptly notified.
4. Configuration of Data Collection Frequency and Granularity
Regulatory Requirement: If the SDK allows personal information to be collected at different frequencies or levels of granularity, the SDK Compliance Usage Guidelines must explain the purposes and scenarios for such collection, as well as provide configuration instructions and examples.
Integration Notes:
- Collection Frequency: Data collection by GeeTest CAPTCHA v3 occurs only when the app invokes related functions or when triggered by end-user interactions. The SDK does not perform background or scheduled collection, and no configurable frequency controls are involved.
- Collection Granularity: GeeTest CAPTCHA v3 does not support collection of personal information at varying levels of precision.
Summary of GeeTest CAPTCHA v3 Data Collection Frequency and Configuration:
Device Information
| Type of Personal Information | Configurable | Purpose and Use | Frequency | Platforms |
|---|---|---|---|---|
| Device model | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Device brand | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Device charging status | Not configurable | Used for security policies | Collected passively with each request | Android / iOS |
| Device battery level | Not configurable | Used for security policies | Collected passively with each request | Android / iOS |
| Operating system platform | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Operating system version | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| System language | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Screen height | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Screen width | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Tablet indicator | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Memory size | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| Device name | Not configurable | Used for security policies | Collected passively with each request | Android / iOS / HarmonyOS |
| User Agent (UA) | Not configurable | Supports business data | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
| Jailbreak / Root flag | Not configurable | Supports security capabilities | Collected passively with each request | Android / iOS |
| Device debugging indicator | Not configurable | Supports security capabilities | Collected passively with each request | Android / iOS |
| Proxy indicator | Not configurable | Supports security capabilities | Collected passively with each request | Android / iOS |
| Emulator indicator | Not configurable | Supports security capabilities | Collected passively with each request | Android / iOS |
| Code tampering indicator | Not configurable | Supports security capabilities | Collected passively with each request | Android / iOS |
Network Information
| Type of Personal Information | Configurable | Purpose and Use | Frequency | Platforms |
|---|---|---|---|---|
| IP address | Not configurable | Supports business operations and security policies | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
| Wi-Fi status | Not configurable | Supports business operations and security policies | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
| Network type | Not configurable | Supports business operations and security policies | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
5. SDK System Permissions
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly explain which system permissions the SDK requires, how each permission relates to specific business functions, and when these permissions are requested.
Integration Notes: For optional system permissions in GeeTest CAPTCHA v3, Developers can refer to the table below to understand the relationship between each permission and its corresponding business function, as well as the appropriate timing for requesting the permission.
GeeTest CAPTCHA v3 does not automatically request optional system permissions. However, not granting certain permissions may impact the functionality associated with them. Developers should configure permissions reasonably based on actual business needs.
Android Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| android.permission.INTERNET | Mandatory | Enables device access to the internet | At initial app installation |
| android.permission.ACCESS_NETWORK_STATE | Mandatory | Enables device access to the internet | At initial app installation |
iOS Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| Cellular | Optional | Enables network requests | When accessing the internet via cellular network |
6. SDK Initialization and Business Function Invocation Timing
- SDK Initialization and Business Function Invocation Timing
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly specify the proper timing for SDK initialization and the invocation of its business function interfaces in a compliant manner. Applications are required to inform end users, through clear and easily accessible means such as pop-ups, text links, or attachments, about the rules for processing personal information. This disclosure must include information regarding the data controller, the purposes of processing, the methods and types of data collected, and the data retention periods. End-user authorization and consent must be obtained before any personal data is processed.
Integration Notes:
- Initialization Timing: Developers must ensure that GeeTest CAPTCHA v3 is initialized only after the end user has provided consent to the App’s privacy policy.
- Sensitive Permissions: Before obtaining user consent, the App should not request any sensitive device permissions related to personal information.
- Data Collection: Personal information must not be collected or uploaded prior to obtaining end-user consent.
- Background Execution: When the App is not actively providing services, for example, when it is running in the background, the SDK services should not be invoked.
For detailed guidance on initialization timing and platform-specific integration, please refer to the following documentation:
iOS Integration and Initialization: https://docs.geetest.com/captcha/deploy/client/ios
Android Integration and Initialization: https://docs.geetest.com/captcha/deploy/client/android
7. SDK Privacy Policy Disclosure Requirements and Example
Requirements:
The SDK Compliance Usage Guidelines shall provide an example of how the application should disclose the SDK privacy policy terms to end users. Such disclosure must include the SDK name, company name, types and purposes of personal information processed, collection methods, and links to the SDK’s privacy policy.
Integration Notes:
When developers integrate GeeTest CAPTCHA v3 into their applications, the normal operation of GeeTest CAPTCHA v3 will collect necessary end-user information to enable the behavior verification functionality. By analyzing users’ behavioral characteristics, it builds a machine learning model with protections against simulation, forgery, and brute force attacks. This model can continuously evolve and self-adjust to effectively distinguish between human and automated bots, thereby improving legitimate user experience. Developers should disclose, in their application’s privacy policy, the SDK name, company name, types and purposes of personal information processed, collection methods, and links to the SDK’s privacy policy, based on the actual integration of GeeTest CAPTCHA v3.
It is recommended that developers:
- Confirm the version and functional modules of GeeTest CAPTCHA v3 being integrated.
- Identify the data exchanged with GeeTest CAPTCHA v3 based on the selected version and modules.
- Disclose relevant information about GeeTest CAPTCHA v3 in the application’s privacy policy, either in textual or tabular form, for public transparency.
Example of Privacy Policy Disclosure:
GeeTest CAPTCHA v3 SDK Privacy Policy
- Third-Party SDK Name: GeeTest CAPTCHA v3 SDK
- Third-Party Entity: Wuhan Jiyi Network Technology Co., Ltd.
- Purpose of Use: To analyze user behavioral characteristics in order to effectively distinguish between human and automated behaviors
- Types of Personal Information Collected: Device brand, device model, battery charging status, battery level, operating system, system version, system language, device name, memory size, carrier name, screen height, screen width, tablet indicator, OAID, IP address, user agent (UA), jailbreak/root indicator, device debugging identifier, proxy indicator, emulator indicator, code tampering indicator
- Collection Method: On-device collection by the SDK
- Third-Party Privacy Policy Link: 【GeeTest CAPTCHA v3 Privacy Policy】
8. End-User Consent Mechanism Example
Regulatory Requirement: The SDK Compliance Usage Guidelines shall clearly describe the recommended approaches for obtaining end-user authorization and consent. Where separate and explicit consent from end users is required, the application must provide a prominent notice and include an example.
Integration Notes:
When the App is launched for the first time, a privacy pop-up should be displayed. The pop-up must show a brief version of the privacy policy with a link to the full policy and clearly prompt end users to read and decide whether to consent. The pop-up should provide both an “Agree” button and a “Decline” button, allowing end users to make an active choice.
Example:
9. End-User Rights Configuration
Regulatory Requirement: End users have the right to be informed about, decide on, access, copy, supplement, correct, withdraw consent for, delete, and request the deactivation of their personal information. If these rights are provided to end users through embedded interfaces, the SDK Compliance Usage Guidelines must specify the interface invocation methods and provide usage examples.
Integration Notes: After integrating GeeTest CAPTCHA v3 into the App, the SDK collects only the personal information necessary to enable the one-click verification functionality. Developers are responsible for providing end users with clear mechanisms or features to exercise their personal information rights in accordance with applicable laws and regulations.
If cooperation from GeeTest CAPTCHA v3 is required to fulfill end-user requests, developers should promptly contact us so that we may work jointly to resolve such matters.
Contact Email: service@geetest.com