How to Enable Bot Protection with reCAPTCHA

reCAPTCHA Bot Protection - Prevent Spam Bookings

TidyCal integrates with Google reCAPTCHA v3 to protect your booking pages from automated spam submissions and bot traffic. When enabled, reCAPTCHA runs invisibly in the background to distinguish between real users and bots without disrupting the booking experience.

Plan Required: ✅ Available on all plans (Free, Individual, Agency)

What is reCAPTCHA v3?

Google reCAPTCHA v3 is an advanced bot detection system that:

• Works invisibly: No interaction required from legitimate users
• Scores user behavior: Assigns a trust score (0.0 to 1.0) based on how they interact with your site
• Blocks suspicious activity: Prevents submissions from known bots and malicious actors
• No CAPTCHA challenges: Unlike older versions, v3 doesn't show "select all traffic lights" puzzles

Where reCAPTCHA is applied in TidyCal:

• Booking submission forms
• Account registration
• Review and rating submissions
• Contact forms (if applicable)

How reCAPTCHA Works in TidyCal

When someone visits your booking page:

1. Google reCAPTCHA v3 loads invisibly in the background
2. It monitors user behavior (mouse movements, clicking patterns, typing speed)
3. When user clicks "Schedule Event", reCAPTCHA assigns a trust score
4. High scores (likely human) → Booking proceeds normally
5. Low scores (likely bot) → Booking is blocked with error message
6. User never sees CAPTCHA challenges - completely transparent

For legitimate users: No disruption - they book as usual

For bots: Submission is blocked before reaching your calendar

How to Enable reCAPTCHA Protection

Prerequisites

Before enabling reCAPTCHA in TidyCal, you need Google reCAPTCHA API keys. Don't worry - it's free and takes about 5 minutes!

Step 1: Get Google reCAPTCHA API Keys

1. Go to Google reCAPTCHA Admin Console
2. Sign in with your Google account
3. Click "+" or "Add a new site"
4. Fill in the registration form:
   • Label: "TidyCal" (or your business name)
   • reCAPTCHA type: Select "reCAPTCHA v3"
   • Domains: Enter your TidyCal booking page domain
     • If using TidyCal subdomain: yourusername.tidycal.com
     • If using custom domain: book.yourdomain.com
     • You can add multiple domains separated by commas
   • Accept reCAPTCHA Terms of Service
5. Click "Submit"
6. You'll see two keys:
   • Site Key (starts with 6Le...)
   • Secret Key (starts with 6Le...)
7. Copy both keys - you'll need them for TidyCal

Step 2: Add API Keys to TidyCal

Note: Currently, reCAPTCHA API keys are configured at the system level by TidyCal. If you need custom API keys, contact TidyCal support.

For most users, TidyCal's built-in reCAPTCHA is pre-configured and you can simply enable it in your settings (see Step 3 below).

Step 3: Enable reCAPTCHA in Settings

1. Log into your TidyCal account
2. Click on Settings (hamburger menu → Settings)
3. Scroll to the Security or Preferences section
4. Find "Spam protection (reCAPTCHA)"
5. Change the dropdown from "Disabled" to "Enabled"
6. Click "Save Changes" at the bottom of the page

That's it! reCAPTCHA is now active on all your booking pages.

How to Test reCAPTCHA is Working

Test Your Booking Page

1. Open your booking page in a private/incognito window
2. Open browser Developer Tools (F12)
3. Go to the Console tab
4. Look for messages mentioning "grecaptcha" or "recaptcha"
5. Make a test booking and submit
6. In Console, you should see reCAPTCHA score (0.0 - 1.0)

Verify reCAPTCHA Badge

When reCAPTCHA v3 is enabled, you'll see a small badge in the bottom-right corner of your booking page:

• Badge text: "protected by reCAPTCHA"
• Links to: Google Privacy Policy and Terms
• Visibility: Usually appears when page loads or user interacts

If you see this badge, reCAPTCHA is active!

What Your Bookers Experience

With reCAPTCHA v3, legitimate users see:

• Normal booking page - no changes
• Small "protected by reCAPTCHA" badge (bottom-right)
• No CAPTCHA challenges to solve
• No delay or interruption to booking process
• Seamless, invisible protection

If a bot or suspicious activity is detected:

• Booking submission is blocked
• Error message appears: "reCAPTCHA validation failed" or similar
• Prevents fake bookings from reaching your calendar

reCAPTCHA vs Booking Approval

Both features help control who books with you, but serve different purposes:

💡 Recommendation: Use BOTH features together for maximum protection:

• reCAPTCHA stops bots before they submit
• Approval lets you screen the real humans who get through

📚 Learn more: How to Enable Booking Approval Workflow

Troubleshooting reCAPTCHA

reCAPTCHA Not Loading on Booking Page

Q: I enabled reCAPTCHA but don't see the badge on my booking page.

A: Try these solutions:

1. Clear browser cache: Hard refresh (Ctrl+F5 or Cmd+Shift+R)
2. Check in incognito: Open booking page in private/incognito window
3. Verify settings saved: Go to Settings → Confirm "Enabled" is selected
4. Check browser console: F12 → Console tab → Look for reCAPTCHA errors
5. Ad blockers: Some ad blockers block reCAPTCHA - temporarily disable to test

Legitimate Users Being Blocked

Q: Real people are getting "reCAPTCHA validation failed" errors.

A: This can happen if:

1. VPN usage: Ask user to disable VPN and try again
2. Suspicious behavior: Booking too quickly, automated clicking patterns
3. Shared IP addresses: Corporate networks or shared hosting
4. Browser issues: Ask user to try different browser or device
5. JavaScript disabled: reCAPTCHA requires JavaScript - ensure it's enabled

Workaround for affected users:

• Temporarily disable reCAPTCHA
• Allow user to book
• Re-enable reCAPTCHA afterward
• OR use Booking Approval instead to manually verify

Still Receiving Spam Despite reCAPTCHA

Q: I enabled reCAPTCHA but still get spam bookings.

A: Try these additional measures:

1. Enable Booking Approval: Manually screen all bookings (see above)
2. Add custom questions: Require answers that bots can't easily complete
3. Check reCAPTCHA score threshold: May need adjustment (contact support)
4. Require email verification: If available in TidyCal settings
5. Report spam: Contact TidyCal support with spam booking details

Note: reCAPTCHA v3 blocks most bots but sophisticated attackers may still get through occasionally.

reCAPTCHA Errors in Browser Console

Q: Browser console shows reCAPTCHA errors.

Common errors and solutions:

Error: "Uncaught (in promise) null"

• Cause: Domain mismatch in reCAPTCHA settings
• Solution: Verify domain in Google reCAPTCHA admin matches your TidyCal domain

Error: "Invalid site key"

• Cause: Wrong API keys configured
• Solution: Contact TidyCal support to verify API key configuration

Error: "reCAPTCHA has already been rendered"

• Cause: Script loaded multiple times
• Solution: Usually harmless - refresh page to clear

Privacy and Compliance

GDPR and Privacy Considerations

When using Google reCAPTCHA, be aware:

• Data collection: reCAPTCHA collects user behavior data (mouse movements, clicks)
• Google Privacy Policy: Users subject to Google's privacy policy
• Cookie usage: reCAPTCHA may use cookies for tracking
• GDPR: Disclose reCAPTCHA usage in your privacy policy

Recommended privacy policy language:

"This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply."

reCAPTCHA Badge Customization

The reCAPTCHA v3 badge is required by Google's terms of service. However, you can:

• Hide the badge: Possible with CSS, but you MUST still disclose reCAPTCHA usage in your privacy policy
• Reposition the badge: Move it to different corner (requires custom CSS)
• Include disclosure: If hiding badge, add text like "This site uses Google reCAPTCHA"

Google's requirement: If you hide the badge, you must include reCAPTCHA branding and links elsewhere on the page.

Alternatives to reCAPTCHA

If reCAPTCHA doesn't fit your needs, consider these alternatives:

1. Booking Approval Workflow

• Manually review every booking before confirming
• No third-party service required
• Full control over who books
• More time-intensive but guaranteed human review

2. Custom Questions as Screening

• Add questions bots can't easily answer
• Example: "How did you hear about us?" with text field
• Review responses to spot spam patterns
• Less effective than reCAPTCHA but helps

3. Email Verification

• Require bookers to verify email before confirming
• Reduces fake email addresses
• Check if TidyCal supports this feature

Frequently Asked Questions

Q: Is reCAPTCHA free?

A: Yes, Google reCAPTCHA v3 is completely free for most websites. TidyCal includes it at no extra cost.

Q: Will reCAPTCHA slow down my booking page?

A: Minimal impact. reCAPTCHA v3 loads asynchronously and doesn't delay page rendering.

Q: Can I use my own reCAPTCHA API keys?

A: This may depend on your TidyCal plan. Contact support for custom API key configuration.

Q: Does reCAPTCHA work on mobile devices?

A: Yes, reCAPTCHA v3 works seamlessly on mobile browsers with no user interaction required.

Q: What's the difference between reCAPTCHA v2 and v3?

A: v2 shows "I'm not a robot" checkboxes and image challenges. v3 is completely invisible and scores user behavior automatically. TidyCal uses v3.

Q: Can I disable reCAPTCHA for specific booking types?

A: reCAPTCHA is currently a global setting. If you need granular control, use Booking Approval on specific types instead.

Q: Will reCAPTCHA affect my SEO?

A: No negative SEO impact. Google reCAPTCHA is designed to be SEO-friendly.

Q: How accurate is reCAPTCHA at detecting bots?

A: Very accurate. Google's machine learning models have high success rates (95%+) at distinguishing bots from humans.

Getting Started with reCAPTCHA

Ready to protect your booking pages from spam? Follow these steps:

1. Go to TidyCal Settings
2. Find "Spam protection (reCAPTCHA)"
3. Change to "Enabled"
4. Save changes
5. Test your booking page to verify it's working
6. Update your privacy policy to disclose reCAPTCHA usage
7. Monitor for spam - should see significant reduction

Need help? Contact TidyCal support if you have questions about reCAPTCHA setup or troubleshooting.