⚠️ GDPR Alert: reCAPTCHA's data-sharing deadline passed April 2, 2026 — your org may be liable. See the compliant alternative →
For CISOs & IT Security Teams

Stop Bot Fraud
Without Blocking
Real Users

TrueLens replaces reCAPTCHA with 3-second facial liveness verification. Zero false positives, no Google data sharing, GDPR compliant out of the box. Your users verify once — bots can't fake a live face.

⚡ Start Free Pilot — 50 Verifications Compare to reCAPTCHA →
0.3s
Bot CAPTCHA solve time
100%
Liveness spoof resistance
3s
Avg. verification time
Compliance ready
GDPR Compliant SOC 2 Ready No Biometric Storage Zero Google Data Sharing CCPA Friendly
The Problem

Your Current Stack Has Gaps

Security teams protect the perimeter — but bots walk straight through your login and signup forms.

🤖
$6B
Annual Credential Stuffing Losses
Automated bots test stolen credentials at massive scale. reCAPTCHA scores don't stop sophisticated credential stuffing attacks — they're tuned to avoid detection.
⏱️
0.3s
How Fast Bots Solve CAPTCHAs
CAPTCHA farms and AI solvers defeat reCAPTCHA in under a second for under $0.001 per solve. The technology your team relies on has been commercially defeated.
⚖️
€20M
Max GDPR Penalty for reCAPTCHA
reCAPTCHA sends user behavioral data to Google's servers. Post-GDPR enforcement (April 2026), regulators are scrutinizing this as unauthorized data transfer. Your legal team needs an answer.
📉
12%
Real Users Blocked by CAPTCHAs
Legitimate users — especially on mobile and with accessibility needs — fail CAPTCHA challenges at alarming rates. You're blocking real customers to stop bots that bypass it anyway.
How TrueLens Works

Liveness Can't Be Faked by Scripts

A bot cannot hold a live human face in front of a camera. TrueLens uses this simple physical constraint as the verification mechanism.

01
Trigger at Risk Points
Deploy on login, account creation, or high-risk actions via your existing auth flow with a single API call.
02
3-Second Liveness Scan
User looks at camera. Our AI confirms a live human face — not a photo, video, or deepfake. No puzzles, no typing.
03
Pass/Fail in Real Time
API returns a signed verification token. Store it — the user is verified for 12 months. No re-verification on every visit.
REST API Integration — 5 lines Node.js
// 1. Start a verification session const session = await fetch('https://truelens-2.polsia.app/api/verify/init', { method: 'POST', headers: { 'Authorization': `Bearer ${YOUR_API_KEY}` } }).then(r => r.json()); // 2. Redirect user to liveness widget with session ID const verifyUrl = `https://truelens-2.polsia.app/verify?id=${session.verification_id}`; // 3. Webhook fires when user completes — store the result // { verified: true, token: "eyJ...", expires_at: "2027-04-08" }
🔒
No biometric data stored. TrueLens performs liveness detection in real-time and discards the video immediately. The result is a binary pass/fail verdict tied to a session token — no facial images or templates persist on our servers or yours.
Comparison

TrueLens vs reCAPTCHA

For security-conscious teams, the choice isn't close.

Criterion TrueLens reCAPTCHA v3
Bots bypassed Liveness can't be scripted Bypassed in 0.3s by farms
False positive rate 0% — face present = human ~12% real users blocked
GDPR compliance No data shared externally Sends data to Google
Biometric storage Zero — real-time only No facial data
SOC 2 readiness Architecture is SOC 2 ready ~ Third-party dependency
Accessibility Camera only, no puzzles Puzzle variants fail users
Integration time ~5 minutes, REST API ~ Script tag, but complex config
Data jurisdiction Your server, your control Google infrastructure
Start Free Pilot Full 12-row comparison →
Use Cases

Where Security Teams Deploy TrueLens

Purpose-built for the attack surfaces your SOC defends every day.

🔑
Account Takeover Prevention
Trigger liveness verification on suspicious login patterns — new device, unusual location, or after credential rotation. Bots can't pass a live face check.
🚫
Credential Stuffing Mitigation
Require facial verification after a threshold of failed login attempts, blocking automated attack tools while allowing real users through without friction.
📋
Privileged Access Verification
Re-verify identity before accessing sensitive admin panels, financial operations, or config changes — even for already-authenticated users.
🏦
High-Risk Transaction Gating
Layer liveness verification before password resets, fund transfers, or API key generation to stop automated exploitation of self-service flows.
📝
Fake Account Prevention
Require a liveness check at registration to prevent bulk account creation by bots — no phone verification friction, no email verification loops.
⚙️
SOC 2 Audit Trail
Every verification generates a signed token with timestamp, session ID, and result — ready for security audits and incident response documentation.
Pricing

Start with a Free Pilot

50 free verifications to test in your environment. No credit card. No contracts. Cancel anytime.

Starter
$19/mo
500 verifications / month
  • REST API access
  • Liveness detection
  • 12-month verification tokens
  • Usage dashboard
  • Email support
Get Started
Most Popular
Growth
$49/mo
2,000 verifications / month
  • REST API access
  • Liveness detection
  • 12-month verification tokens
  • Usage dashboard
  • Priority email support
  • Custom branding
Get Started
Business
$149/mo
10,000 verifications / month
  • REST API access
  • Liveness detection
  • 12-month verification tokens
  • Usage dashboard
  • Priority support
  • Custom branding
  • Webhook callbacks
Get Started
Enterprise
Unlimited verifications, SLA guarantees, dedicated support. For organizations that need compliance documentation and custom volume pricing.
Unlimited verifications SLA guarantee Dedicated onboarding Compliance docs Volume discounts
Contact Sales →
FAQ

Security Team Questions

The questions CISOs and IT directors ask before deploying.

Does TrueLens store biometric data or facial templates? +
No. TrueLens performs liveness detection in real-time and immediately discards all video data. The result is a binary pass/fail verdict tied to a session token — no facial images, no biometric templates, and no identifiable data persists on our servers. This means TrueLens falls outside the scope of most biometric data regulations (BIPA, GDPR Art. 9).
How does liveness detection resist spoofing attacks? +
Our liveness detection uses multi-frame analysis to distinguish live human faces from photos, videos, and deepfakes. It requires natural facial micro-movements and 3D depth cues that cannot be replicated by a static image or pre-recorded video. Headless browsers and automated scripts cannot interact with a physical camera feed.
Is TrueLens GDPR compliant? What data leaves our environment? +
TrueLens does not share user behavioral data, session data, or biometric data with any third parties — including advertising platforms. Unlike reCAPTCHA, which sends browser fingerprinting data to Google's infrastructure, TrueLens processes verification entirely through our API. The only data transmitted is the video stream during verification, which is discarded immediately after the pass/fail decision.
Can I integrate TrueLens into our existing SSO / auth stack? +
Yes. TrueLens is a REST API — it integrates as a step in your existing authentication flow, not a replacement for it. You trigger a verification session via POST request, redirect the user to the liveness widget, and receive a signed token via webhook. Compatible with any identity provider (Okta, Auth0, Ping, Azure AD) and any application stack.
How do verified tokens work? Does the user need to re-verify every session? +
No. After a successful verification, TrueLens returns a signed token with a 12-month expiration. Your application stores this token and presents it on subsequent logins — the user only re-verifies if the token expires or if you trigger re-verification (e.g., on suspicious activity). This eliminates per-session friction while maintaining security.
What happens if a user doesn't have a camera (desktop without webcam)? +
TrueLens works on any device with a camera — desktop webcam, laptop camera, or mobile front camera. For the rare case of a non-camera device, we recommend deploying TrueLens only on the verification flows where camera access is reasonable (e.g., not every page load). You can configure fallback paths for administrative exceptions. Mobile coverage is near-universal: over 97% of your users have a front camera.

Ready to Close the Gap Bots Exploit?

Start a free pilot with 50 verifications. Test it in your staging environment, see the API docs, and decide in minutes.

— or —
⚡ Start Free Pilot Now Request a Demo
No credit card required · GDPR compliant · Cancel anytime