Switching Google’s role with reCAPTCHA from Data Controller to Data Processor

​@Sheik 

Hi there, I linked to Google’s Privacy Policy and Terms of Use in my own Privacy Policy before. Since I’ve removed these links now, what will I need to add to my own Privacy Policy and/or Cookie Policy that is of importance to the user? As cookies are still being placed, I need to explain to the user what they do.

Same question, we are just starting to use this and were going to hide the badge and state: 

This site is protected by reCAPTCHA and the Google Privacy Policy</a> and    Terms of Serviceapply.

I need to know now what - if anything - we need to display on the relevant pages. Do we still need to prompt that “This site is protected by reCAPTCHA” and if so, what form?

Hola 

Hola soy Alberto 

Recaptcha 

利用規約に則り正しく利用できます宜しくお願い申し上げます

Hi there, could you please confirm what timezone the rollout date is in? I’m based in New Zealand (NZDT), and I want to make sure I’m interpreting the date correctly

Show my payments account 

check

Tradewill, a multinational company a trading Global service provider

NNnone

Ebel Tanneo

Can we get an update please? Here are my questions again, since I don’t want them do get lost between the bot comments…

1. Up until now, we were only allowed to hide the reCAPTCHA badge, if we linked to Google’s Privacy Policy and Terms of use on the website. How is this handled now? Are we allowed to still hide the badge, even if we remove the links to Google’s Privacy Policy and Terms of use?
2. Are there any consequences/”punishments” if those links are not removed in time?
3. Is it okay to remove them now or do we need to wait for April 2? We have many client websites to go through and adjust and that will take some time, so I’d prefer doing this early if possible.

Is Google able to give guidance on the language we should now use in our privacy policies as Data Controllers of the data individuals use for reCAPTCHA? I understand the removal of reference to Google for reCAPTCHA as you are no longer Data Controllers but what should customers say in their privacy policy and/or when we collect information for reCAPTCHA?

Hi there,

We need to update our SuiteCommerce Recaptcha & Security product and have the same questions as most of the community:
Should we remove the badge information or not? 
Should the website owners have their own statements on their privacy policies or not?

We have updated our FAQs page addressing the questions from this blog for easier reference. 

If you have additional questions or require further assistance, please contact your Field Sale Representative or Partner Development Manager or Google Cloud Support.

II dont understand

​@Sheik Thanks for the reply above and for updating the FAQ

It still references the Terms of Service and Privacy Policy in the hiding the badge section:

https://docs.cloud.google.com/recaptcha/docs/faq#hiding-the-badge

Then there is a note:

Starting April 2, 2026, reCAPTCHA is switching from data controller to data processor. You can still hide the badge, but must remove any references to Google's Terms of Service and Privacy Policy because those will no longer be applicable.

Can we presume the HTML example code would be removed after April 2?

​@Sheik So basically, you’ll stop using reCAPTCHA data for machine learning? But won’t that hurt its performance and reduce its ability to detect bots?

I have the same question!

Ayela

So we have something along these lines “This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.” on all of our websites and forms. Are we good to remove this completely?

Thanks

I don’t understand why something that should be so simple is totally beyond the knowledge of a user that just wants information.

​@Sheik are you considering moving reCAPTCHA Enterprise from google.com to a googleapis.com domain as all other Google Cloud APIs to clearly separate reCAPTCHA from google.com and the consumer terms of service?