FAQ
Answers to common questions about setup, scoring, privacy, and billing.
Does Botardo work with single-page apps?
Yes. The snippet auto-discovers forms added to the DOM after initial page load using a MutationObserver. React, Vue, Angular, and plain JavaScript SPAs all work without additional configuration.
What happens if the snippet fails to load?
If the CDN is unreachable, the snippet silently fails and no token is injected. Your server SDK will return { score: 0, confidence: "low" } when verify() is called with an empty string or missing token.
**Warning:** Do not block submissions based on a missing token alone. A CDN outage or aggressive ad blocker can legitimately prevent the token from being present. Use `confidence: "low"` as an additional signal, not a hard gate.
Does Botardo block real users?
Botardo is designed to minimize false positives. The behavioral model is personalized per device, so users with unusual (but legitimate) input patterns — e.g. users with motor disabilities who type slowly — are compared to their own baseline, not a global one.
Is Botardo GDPR compliant?
Yes. See the GDPR & DPA page for details. All behavioral data is ephemeral and never linked to a persistent user identity.
What's the latency added to form submissions?
The sentinel.verify() call typically resolves in < 5 ms from a co-located server region. The token is pre-computed client-side before submission, so there's no blocking on the client.
Can I use Botardo without a server?
Passive mode (data-mode="passive") lets you use Botardo without server-side verification. Scores are accessible in the Console dashboard but are not enforced. This is useful for auditing traffic before committing to a block policy.