Acceptable use policy.

Capzy is a CAPTCHA-solving API used by automation engineers, QA teams, accessibility tooling, web archivists, and security researchers. This Acceptable Use Policy ("AUP") lists what you may and may not do with the Service. It is incorporated by reference into our Terms of Service.

Violating this AUP can result in immediate suspension of your account, refusal of refunds, retention of your funds for fraud review, and reporting to law enforcement when criminal activity is suspected.

You may use the Service to solve CAPTCHAs in support of:

Automated testing of your own websites and apps.

Accessibility tooling for visually-impaired or disabled users.

Public-data web scraping that respects robots.txt and the target site's rate limits.

Price comparison, market research, and academic research.

SEO monitoring, brand protection, and ad-fraud verification.

Authorized security research (penetration tests, bug bounty scope, red-team engagements).

QA automation and CI for sites that intentionally deploy CAPTCHAs in their staging or production environments.

You may NOT use the Service for, or in support of, any of the following — and we will refuse, refund, and ban accounts associated with them:

Account-takeover, credential stuffing, password spraying, or any brute-force authentication attempt against accounts you do not own or have authorization to test.

Bypassing CAPTCHAs that gate access to government identity systems, voting infrastructure, healthcare portals, or other systems where unauthorized access is a criminal offense in the user's jurisdiction.

Adult-content sites that gate age verification, or any flow whose purpose is to evade the site's age-verification.

Ticket scalping in violation of the BOTS Act or local ticket-resale laws.

Mass account creation on social platforms where their ToS prohibits automation. (Solving CAPTCHAs for one account that is yours is fine; running a botnet to create thousands is not.)

Distributing spam, sending unsolicited messages, or abusing contact forms.

Financial fraud, including but not limited to: stolen-card testing, fake-charge automation, and any flow that interacts with payment systems on behalf of unauthorized parties.

Generating, distributing, or amplifying disinformation — including coordinated inauthentic behavior on social platforms.

Cyberstalking, harassment, or evading bans imposed by a platform on a real person who has been harmed.

Any activity that would violate the Computer Fraud and Abuse Act (US), the Computer Misuse Act (UK), or equivalent computer-misuse statutes in your jurisdiction.

Any activity that violates applicable export-control or sanctions law.

Capzy maintains an internal blocklist of sitekeys we will refuse to solve regardless of customer or use-case — typically government-ID flows, voter portals, and a small set of payment processors.

Submissions that hit the blocklist return ERROR_TASK_NOT_SUPPORTED and are not billed. The list is updated as we identify new high-risk surfaces. We will not publish the list (publishing it becomes a how-to-bypass guide), but if you believe a target you control has been blocked in error, contact abuse@capzy.ai with proof of ownership and we will review.

If you have evidence that the Service is being used in violation of this AUP — for example, captchas being solved against your site in pursuit of an attack — email abuse@capzy.ai with timestamps, source IPs, and any captcha-token traces you have.

We respond to credible abuse reports within one business day and will preserve evidence and freeze the offending account while investigating.

We may update this AUP as new attack patterns emerge or as legal requirements change. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after a change constitutes acceptance of the updated policy.