AMA: I replaced reCAPTCHA with math — building GDPR-compliant forms without cookies or puzzles

Hey Product Hunt 👋

I'm Noah, the maker of nForms. Before the launch, I wanted to open up the floor for real questions.

The problem I kept running into:

Every form I built for EU clients needed three things — spam protection, accessibility compliance, and GDPR compliance. reCAPTCHA handles one (badly). WCAG needs manual ARIA work. GDPR means more cookie banners.

So I rebuilt the whole stack around one idea:

→ What if your browser solved a math problem instead of a traffic light puzzle?

That's Proof-of-Work. SHA-256. ~200ms. Invisible to the user.

Brutal for bots at scale.

I'm happy to answer anything about:

• How PoW actually works in a WebWorker

• Why reCAPTCHA creates GDPR exposure (and what the Austrian DSB ruling means for your forms)

• How WCAG 2.2 AA form validation works without a library

• What the EAA means for EU SaaS in 2025

• How we built it on Cloudflare Workers + D1 — and what broke along the way

Ask me anything. No question too technical or too basic.