Google reCaptcha privacy and terms references

General Installation & Upgrade
1

Good day. We (and many of you?) recently received an email notice from Google stating that beginning April 2, 2026, all references (links?) of privacy and terms of use regarding reCAPTCHA will need to be removed… I’m assuming within the reCaptcha logo/checkbox displayed within contact forms or in the corner of the page, etc.

Since we utilize the stock CSCart Google reCaptcha add-on, what will need to be done to accomplish this? Thank you for any thoughts.

2

Just a nudge to see if anyone has any thoughts… can’t imagine nobody else is facing this. Thanks much!

1 Like
3

I hope addon links will removed automatically.
If not, privacy page not found (404 error) may occur.

This addon may updated automatically?
I see the date as 20.01.2026 site > addons page.

resim
resim736×115 9.57 KB

4

Thanks for commenting, user, hoping things get automatically updated as you suggest. Would CS-Cart like to comment?

(I believe that add-on date is likely an install date, ours states “1.0 1/18/2018”)

1 Like
5

it’s not a functionality thing. you need to update your privacy policy.

Core change (effective 2 April 2026):

  • Google is changing reCAPTCHA’s legal role from a data controller to a data processor.
  • Before: Google decided how reCAPTCHA-collected user data (e.g., IP, form interactions) was handled.
  • After: website owners become the “data controller” — you decide the purpose/means of processing and take on compliance responsibility.

Practical impact:

  • Functionality doesn’t stop or change: reCAPTCHA will keep working as usual for bot detection.
  • Legal/compliance shift: Your site is now responsible for explaining to users what data is collected, why, and who processes it (including Google).
  • Privacy docs update: You’ll likely need to update your privacy/legal notices to reflect this change and include a proper Data Processing Agreement (DPA) with Google.

Why this matters:

  • It responds to GDPR/other privacy regulation concerns by clarifying accountability, but doesn’t change what data is collected or where it goes (e.g., U.S. servers).
  • Websites using reCAPTCHA must be more proactive about consent and documentation under data protection laws.

Optional actions to consider before April 2:

  1. Review/update your privacy policy to mention reCAPTCHA’s data processing under your control.
  2. Put a DPA in place with Google for reCAPTCHA.
  3. Evaluate whether to switch to a more privacy-focused CAPTCHA alternative.
1 Like
6

Thanks, chick. I’ll have to see if what you posted (not aware of all that) is in addition to what I’m referring to… I am referring to an email notice sent to us with the following:

What you need to do
Action required:
Starting April 2, 2026, if your website currently displays references to Google’s Privacy Policy and Terms of Use in connection with reCAPTCHA, you will need to remove those references from your website. See the reCAPTCHA frequently asked questions site for more information.

I guess that’s why I originally mentioned the privacy and terms links seen in the reCaptcha icon displayed on websites, which is what I assumed would need to be removed (and can’t be on our own if using the add-on).

? A little more confused, now, sorry if I’m missing something.