Privacy Policy
Last updated: 17 July 2026
This Privacy Policy explains what personal data Tiger Captcha (“we”, “us”) collects when you use our website, API and dashboard (the “Service”), why we collect it, who we share it with, and the choices you have. By using the Service you agree to this Policy.
1. Data we collect
| Category | Examples | Source |
|---|---|---|
| Account | Username, email address, password (stored only as a salted hash), account ID, API key | You, at sign-up |
| Usage | Number of solves, success/failure counts, timestamps, task IDs, plan and limits | Automatically |
| Billing | Credit balance, transactions, redeem codes, crypto payment order IDs and status | You / payment provider |
| Technical | IP address, request metadata, error logs | Automatically |
| Submitted content | The captcha images (or image URLs) you send to the API, and the result returned | You, via the API |
| Communications | Emails you send us and support correspondence | You |
We do not collect or store payment card numbers. Crypto payments are handled by our payment provider; we only receive the order reference, amount and status.
2. Images you submit
This is the part most relevant to an OCR service, so we want to be explicit:
- Images you submit are processed to produce a recognition result and returned to you.
- A sample of submitted images may be retained temporarily for debugging, abuse investigation, quality measurement and to improve our recognition models. Retained samples are stored on our own infrastructure with restricted access.
- Retained samples are kept in a rolling, size-limited store and are automatically overwritten as new samples arrive.
- We do not attempt to identify individuals from submitted images, and we do not sell them.
3. How we use data
- To provide the Service: authenticate you, process solves, return results.
- To bill accurately: meter usage, apply charges, credit payments.
- To secure the Service: rate limiting, fraud and abuse prevention, investigating misuse.
- To improve the Service: measure accuracy, debug failures, and train/refine recognition models.
- To communicate: verification emails, service and billing notices, and support replies.
- To comply with law and enforce our Terms of Use.
We do not sell your personal data, and we do not use it for third-party advertising.
4. Legal bases
We operate from Bangladesh and process personal data in accordance with the Personal Data Protection Act, 2026. We rely on the following bases:
- Consent — you give it at sign-up by agreeing to this Policy and our Terms of Use, and you may withdraw it at any time (see section 9).
- Performance of a contract — to deliver the Service you signed up for and to bill it.
- Legal obligation — record-keeping and responding to lawful requests.
- Legitimate interests — securing the Service, preventing abuse and fraud, and improving our recognition models.
If the EU/UK GDPR or another law applies to you because of where you are located, we rely on the equivalent bases available under that law.
5. Who we share with
We share data only with service providers who help us run the Service, and only as needed:
| Provider | Purpose | Data shared |
|---|---|---|
| Payment provider (NOWPayments) | Crypto payments and callbacks | Order ID, amount, payment status |
| Email provider (Resend) | Verification and service emails | Email address, message content |
| Hosting / infrastructure | Running the Service | All data, at rest on our servers |
We may also disclose data if required by law, to enforce our Terms, or to protect our rights, users or the public. If our business is transferred, data may transfer with it under this Policy.
6. Cookies
We use a small number of cookies, and no third-party advertising or tracking cookies:
- Session cookie — keeps you signed in to the dashboard. Strictly necessary; HTTP-only and secure.
- Login hint — a non-sensitive marker so our website can show “Dashboard” instead of “Sign in”.
Blocking these will prevent the dashboard from working. The API itself uses your API key and does not require cookies.
7. Retention
- Account data — kept while your account exists, and for a reasonable period afterwards for legal, tax and dispute purposes.
- Task results — kept briefly so you can retrieve them, then purged.
- Usage and billing records — retained for accounting and audit.
- Retained image samples — kept in a rolling store and overwritten automatically; images incorporated into model training data may persist in that dataset.
- Logs — retained for a limited period for security and debugging.
8. Security
We use HTTPS everywhere, store passwords only as salted hashes, keep API keys secret to your account, restrict administrative access, apply rate limiting and abuse controls, and take regular encrypted backups. No system is perfectly secure, and we cannot guarantee absolute security.
9. Your rights
Under the Personal Data Protection Act, 2026 (and comparable laws elsewhere) you have the right to:
- Access the personal data we hold about you, and obtain a copy (portability);
- Rectify or update inaccurate or incomplete data;
- Erase your data, subject to exceptions such as legal, tax or audit obligations;
- Withdraw consent at any time, without affecting processing already carried out;
- Object to or restrict certain processing.
To exercise any of these, email support@tigercaptcha.com from your account address. We may need to verify your identity first. Some data must be retained where we have a legal obligation or an overriding legitimate interest.
If you are unhappy with our response, you may complain to the National Data Management Authority in Bangladesh, or to the data protection authority in your own country.
10. International transfers
We operate from Bangladesh. Some of our providers (payments and email) process data outside Bangladesh, so your email address and payment references may be transferred to them. Where required, we rely on appropriate safeguards for such transfers.
We do not collect or transfer the categories of sensitive data that the Personal Data Protection Act, 2026 restricts from cross-border transfer — such as National Identity Card, passport or TIN numbers, biometric, genetic or criminal-record data. Please do not send us any of it.
11. Children
The Service is not for anyone under 18. We do not knowingly collect data from children. If you believe a child has given us data, contact us and we will delete it.
12. Changes
We may update this Policy. The “Last updated” date will change, and material changes will be notified by email or an in-dashboard notice where reasonably practicable.
13. Contact
Privacy questions or requests: support@tigercaptcha.com.
The data controller responsible for your personal data is:
Raysul Rabbi
Khulna, Bangladesh
support@tigercaptcha.com
Tiger Captcha Legal