Deniability infrastructure,
on your terms.
A breach shouldn't mean a leak. Stolen credential, dumped database, injected agent: the attacker gets a convincing decoy, your on-call gets paged, and on programmatically-managed secrets your rotation hook kills the real key first. Keys stay in your own KMS, the audit chain proves it to your regulator, and you deploy it in your product, on your own infrastructure, or both.
Six engineering controls.
Every claim on this page is backed by code in production. These are the operational primitives a procurement team and a security team will both ask about. Each one links to a working dashboard and customer-facing docs.
01 · live
BYOK envelope (AWS KMS)
Per-record AES-256-GCM DEK wrapped under your AWS KMS CMK. A DB-only breach of us yields nothing readable. Revoke is dark. Customer-controlled blast-radius cap.
02 · live
Audit chain + signed receipts
Tamper-evident hash chain over every operation, RFC 3161 trusted timestamps, signed receipts for the regulator.
03 · live
Durable usage metering
Per-tier daily metering, response headers, 80 / 95 / 100 percent email alerts. Quota events join the audit chain.
04 · live
Pre-built integrations
AWS Secrets Manager custodian, signed outbound webhooks (Datadog, PagerDuty, Slack), SAML SSO with JIT provisioning.
05 · live
Compliance umbrella
Trust Center, public controls map against SOC 2 TSC and ISO 27001 Annex A, lightweight status page, honest roadmap blog post.
What the managed layer adds.
The SDK is Apache 2.0 and you can run it yourself. Several things are materially better as a managed service than as a DIY build, and each is something a security team's engineering org cannot easily replicate without a six-figure year-one cost.
BYOK (AWS KMS, live)
Slot deny.sh on top of your existing data and a breach of us is worthless without you: every server-stored vault ciphertext blob is envelope-encrypted under your own AWS KMS CMK. A DB-only compromise of deny.sh yields no plaintext and no readable ciphertext without your KMS access. We STS-AssumeRole into your account on every wrap and unwrap, so your CloudTrail logs every call we make under our IAM role and a deterministic STS session name (deny-sh-byok-<tenant>). Revoke us in one click and historical blobs go dark. Available now on agents-infra and enterprise. Azure Key Vault, GCP KMS, and HSM-direct adapters land post-launch. Setup: /byok-walkthrough. Reference: /docs#byok.
Realism engine API (honey mode)
This is the honey-mode engine you call from the API: every protected record can return a fully plausible decoy to the wrong password instead of an error, so an attacker who coerces or steals a credential walks away with believable-but-false data and never knows it. The decoy engine combines an LLM generator with a deterministic validator suite (Luhn, mod-97, BIP39 checksum, JWT structural, PEM tag, more), tuned against attack patterns as they emerge across the tenant base. Per-tier durable daily quotas (survive restarts), proactive 80/95/100% email alerts before the cap, and an in-app usage dashboard. Engine quality compounds with usage: every decoy scored across the tenant base sharpens the validators every customer receives.
Threat intel across tenants
Attacks against the realism engine and validator-fail signatures get triaged centrally and shipped as validator/signature updates every tenant receives. One analyst for the whole base, instead of one per shop. Self-hosters get every signature once we ship it.
Audit-grade cryptographic evidence
Per-tenant append-only audit log, hash-chained (each entry binds the previous, so any tampered record breaks the chain), third-party timestamped via RFC 3161 trusted timestamp authorities with nonce-verified responses. Each customer receives signed PDF receipts they can hand to their regulator, plus an open-source verifier CLI so anyone can re-prove the chain offline: "this record was protected with deniability at timestamp T, here's the proof." Enterprise and Agents Infrastructure tenants can self-serve a one-click compliance evidence pack from the dashboard: a zip of audit chain, TSA tokens, signed receipts, BYOK custody and a SOC 2 / ISO 27001 control mapping, branded for your auditor. Doing this correctly is a six-figure engineering project. We do it once for everyone.
Length-privacy bucketing
Pad every ciphertext to a fixed size band (padToBucket) so a dumped store reveals only a coarse size class, never the true length of each secret. A metadata side-channel most encryption layers leave wide open, closed on request.
Honey-oracle hygiene
The public decrypt API never exposes the real-vs-decoy branch, so your own integration code can't become the oracle that leaks which password was right. The deniability holds even against the developer who wired it in.
Offline receipt verifier
An open-source CLI re-proves any audit-chain receipt with no call back to us: hash chain plus RFC 3161 timestamp, verified locally on the regulator's own machine. Hand them the proof, not a promise.
Compliance umbrella
Cyber Essentials certified today. UK GDPR and DPA live, with a published DPA. SOC 2 trust services criteria and ISO 27001:2022 Annex A mapped and operating; the formal SOC 2 Type II examination and ISO 27001 certification are on the post-launch roadmap and will be announced with firm, scope, and dates once engaged. HIPAA, PCI DSS, and FedRAMP are out of scope today. Full posture and procurement-pack contents on /compliance.
Pre-built integrations
Shipped today: SAML SSO (Okta-compatible, JIT provisioning), AWS Secrets Manager as a customer-side custodian for critical encrypted material (we fetch via IAM AssumeRole, never store the value), and signed outbound webhooks for Datadog, PagerDuty, and Slack. OIDC, additional secrets-manager custodians (HashiCorp Vault, Azure Key Vault, GCP Secret Manager), additional log sinks (Splunk, CloudWatch, OpenTelemetry), and Microsoft Teams are on the roadmap. Each integration costs us once and benefits every customer. Self-hosters write each integration from scratch and maintain it forever.
How it works for enterprise.
Three steps from evaluation to production.
Architecture review
One call. We map where deniable storage fits your stack (key management, backup pipeline, cold storage) and send the architecture memo in writing.
Licensed deployment
Dedicated or embedded, with commercial license. Deploy on your infrastructure or ours. Multi-language SDKs for native integration into your existing systems.
Ongoing support
Priority engineering support, SLA, security updates. Direct access to the team that built it, not a help desk.
Technical specifications.
Open source, independently verifiable, built for integration.
Algorithm
AES-256-CTR encryption, Argon2id KDF (t=3, m=64 MiB, p=1, v=0x13), XOR composition layer, 4-byte length prefix inside encrypted zone. Every parameter is auditable.
SDK
TypeScript/Node.js (published on npm as deny-sh), Python, Go, Rust. ~3 KB SDK core minified; one runtime dependency (hash-wasm for portable Argon2id), no further transitive runtime deps.
API
RESTful with OpenAPI 3.0 spec. Full documentation at /docs.
Verification
22 automated cryptographic tests run in-browser. Chi-squared, Kolmogorov-Smirnov, entropy analysis, serial correlation. Run them yourself →
Source code
Open source on GitHub: the SDK is Apache 2.0 (free for proprietary embedding), the application layer is AGPL-3.0. Self-hosting application-layer code in a proprietary product needs the commercial licence at /licensing. Full source review available under NDA.
Zero knowledge architecture
Browser tools run entirely client-side. API processes in memory only. No plaintext logging, no key storage, no payload persistence.
Compliance & certifications.
Honest status. Where we are today, and what's on the roadmap. The single-page reconciled view is at /compliance (procurement-friendly summary, claim-by-claim verifiability table, NDA-gated procurement pack).
Cyber Essentials
Certified 15 May 2026, valid through 15 May 2027. Issued by the IASME Consortium (UK government-appointed accreditation body) and recorded on the BlockMark Registry. Covers boundary firewalls, secure configuration, user access control, malware protection, and security update management. Verify on BlockMark.
GDPR
UK-registered data controller. Privacy policy covers all processing. Data deletion on request within 7 days. See privacy and DPA for the full position.
SOC 2 Type II
SOC 2 trust services criteria mapped and operating today (CC1–CC9, A1, C1, PI1). Independent SOC 2 Type II examination on the post-launch roadmap; firm, scope, and dates announced once engaged. Full controls map at /compliance.
ISO 27001
ISO 27001:2022 Annex A controls mapped against operational policies (A.5 organisational, A.6 people, A.7 physical, A.8 technological). Formal certification on the post-launch roadmap. Full mapping at /compliance.
PCI DSS
No payment card data processed directly. Stripe handles all billing under their own PCI DSS Level 1 certification.
Export controls
Encryption software. Customers are responsible for compliance with local export laws. UK OGEL covers most commercial use.
Independent audit
Cryptographic implementation review by an independent third-party security firm is on the roadmap. Firm and scope will be announced once engaged. Reach out to hello@deny.sh for current status. Today's verification: 22 automated tests covering statistical indistinguishability, ciphertext invariance, and correctness, runnable in-browser at /verify.
Procurement & legal documents.
Draft documents available for procurement and security review. Each is being prepared for execution and is not yet legally binding. Contact hello@deny.sh for executable counterparts.
Data Processing Agreement
UK GDPR Article 28 DPA covering instructions, security, sub-processors, breach notification, deletion, and audit rights. Annex 2 lists current sub-processors with locations and transfer mechanisms. View draft DPA.
Service Level Agreement
99.9% monthly uptime for paid Pro and Enterprise. Severity tiers, response and restoration commitments, sliding-scale service credits to 100% MRR, scheduled-maintenance and force-majeure exclusions. View draft SLA.
Master Services Agreement Addendum
Liability terms for executed Enterprise contracts. 1x ACV standard cap, 2x ACV elevated cap for breach of confidentiality, security, IP indemnity, and wilful misconduct. Worked examples and order of precedence included. View draft MSA Addendum.
Custom, from $25,000/year.
Scoped to your deployment, not per-seat. One commercial agreement covers whichever combination you need: self-hosting the application layer in your own product, a private deny.sh deployment on dedicated infrastructure, or both. We scope, you decide. Multi-product, white-label, and named-SLA tiers scale to $200K+/year.
- Commercial licence for the application-layer source (vault, MCP orchestration, hosted-API server) without AGPL-3.0 obligations
- Embed in your proprietary product
- Multi-language SDK access (Apache 2.0, free for everyone)
- Priority support and architecture review
- White-label and multi-product rights available at higher tiers
- Your own deny.sh instance on dedicated infrastructure
- Custom SLA and uptime guarantees
- Geographic deployment options (UK, EU, US, on-premise)
- DPA, SLA, and MSA Addendum executable
- Full API audit trail and compliance documentation
Looking at per-seat licensing for a wallet or hardware product instead? See partnerships.
Talk to our team.
Describe your use case. We aim to reply within 24 hours and turn procurement packs around within five business days. If a deadline is shorter, say so in the message.
Looking for individual or team pricing? See standard plans.
deny.sh is built and operated by Treehouse in Valhalla Ltd, a private limited company registered in England and Wales (Companies House no. 15770209). UK registered office, named director, Cyber Essentials certified.