SavannaGuard
A serene savanna landscape showcasing animals like elephants, lions, and hyenas against a beautiful sunrise

PRIVATE PREVIEW / Q2 2026

Protect your app from bots, without frustrating your users.

We built SavannaGuard because we were tired of terrible puzzle captchas. Instead of forcing your users to click traffic lights, we use silent proof-of-work challenges, physiological tremor analysis, and WebRTC topology detection to make automated attacks too expensive to run. Best part? Your data never leaves your servers.

Check out the GitHub Repo Join Managed Waitlist
  • 100% Own Your Data
  • Zero Puzzle Captchas
  • Tiny Drop-in Script
  • Self-host or Go Managed

How we catch bots

  • Adaptive PoW: Difficulty auto-adjusts to attack volume
  • Per-Site ML: Learns your real users' behavior patterns
  • Bot Signature DB: Flags recurring attackers by hash
  • Federated Intelligence: P2P threat sharing across instances
  • 10 Behavioral Signals: Mouse, keystroke, canvas, WebGL, timing, tremor, WebRTC & more
  • Cryptographic Tokens: Blocks replay attacks entirely

Deployment

Docker

Integration

1 Snippet

Database

SQLite

Mission

Frictionless UX

Why we built this

Enterprise-grade protection that you actually control.

Invisible Checks

Stop punishing your real users. We catch bots entirely in the background, keeping your conversion rates high and user experience smooth.

No Creepy Tracking

We don't track your users across the internet to sell ads. Behavioral scores stay completely anonymous and never leave your infrastructure.

True Self-Hosting

Don't want to rely on third-party SaaS? You don't have to. Pull our Docker image and run the entire verification engine on your own VPS.

5-Minute Install

Drop a tiny (~6kb gzip) script onto your frontend, add one verification endpoint to your backend, and you're fully protected.

Detection Science

Ground truth in biology and networking.

Physiological Tremor Analysis

Human hands exhibit involuntary tremor at 8–12 Hz — a neurological constant present in all healthy users. We apply FFT to mouse velocity streams and measure power in this frequency band. Bots produce either flat noise or programmatic smoothness; neither matches biological entropy.

WebRTC Topology Oracle

Before any form interaction, we passively collect WebRTC ICE candidates — the browser's own network self-report. Datacenter environments, single-interface VMs, and VPN leaks produce topology signatures that real home/office users never exhibit. Zero network requests required.

Federated P2P Intelligence

Self-hosted instances share bot signatures peer-to-peer via gossip protocol. When one instance detects a bot, all instances learn. No central server, no raw data leaves your network — only hashed signatures.

Editions

Pick the setup that fits your team

Community Edition

Free, Open-Core, Self-Hosted

  • ✓ Silent adaptive Proof-of-Work engine
  • ✓ Per-site ML learning (Online Gaussian)
  • ✓ Bot signature tracking & flagging
  • Federated P2P threat intelligence
  • ✓ 10 behavioral signal collectors
  • Physiological tremor analysis (FFT)
  • WebRTC topology oracle
  • ✓ Secure, time-based HMAC tokens
  • ✓ Zero-dependency SQLite database
  • ✓ Built-in admin dashboard w/ Threat Intel

Managed Cloud & Enterprise

Waitlisting for Early Access

  • Mobile SDK (iOS & Android)
  • Advanced ML Behavioral Scoring
  • VPN / Proxy Detection
  • ✓ High-availability clustering (Postgres)
  • ✓ Multi-tenant API & dedicated SLA
  • ✓ We host, monitor, and scale it for you

The Game Plan

How we're rolling this out

01

Community Foundation (Live)

Adaptive PoW, per-site ML learning, bot signature tracking, 10 behavioral signal collectors including physiological tremor analysis and WebRTC topology oracle, federated P2P threat intelligence, and a built-in admin dashboard with threat intel. All open-source, all self-hosted.

02

Mobile SDK (In Development)

Native iOS and Android SDKs that bring bot protection to mobile apps. Protect login, signup, and payment screens without WebView hacks or browser dependencies.

03

Managed Cloud General Release

For teams that don't want to manage Docker containers, we're building a fully managed, globally distributed cloud infrastructure with VPN detection, multi-tenant API, and dedicated SLA.

Let's chat

Skip the devops. Join the managed waitlist.

Ready to ditch captchas but don't want to host it yourself? Drop your details below to get early access to our managed cloud platform and advanced machine learning features. We'd love to learn about your current bot headaches.