Licensing: the standard infrastructure split.

The Encrypt pillar is Apache 2.0: SDKs in four languages, free for any use, no copyleft, no legal review, no commercial licence required to embed. The Operate pillar application layer (vault, dispatcher, dashboard, hosted-API server source) is AGPL-3.0 with a commercial-licence path for proprietary self-hosting. Same split Stripe, Supabase, Auth0, and HashiCorp use. This page explains it.

The split Application-layer tiers

The licence split, in plain language.

The SDK (the cryptographic primitive)

Apache License 2.0. The TypeScript, Rust, Go, and Python SDKs at github.com/deny-sh-crypto are permissively licensed. You can:

  • Embed the SDK in closed-source, proprietary, or commercial products without any obligation to release your code.
  • Ship it in your wallet, your AI agent, your security platform, or your CI pipeline. No legal review, no procurement friction.
  • Modify the SDK without contributing changes back. (We would love it if you did, but the licence does not require it.)
  • Distribute the SDK as part of a larger product under any compatible licence.

Apache 2.0 includes a patent grant from us to you. We do not charge for the SDK and do not gate features behind a commercial tier.

The application layer (the rest of the codebase)

AGPL-3.0. The vault, dead-man's switch, inheritance dispatcher, MCP server orchestration, hosted-API server source code, browser-tool source, and website source code remain copyleft. AGPL section 13 attaches when you self-host these components and offer them as part of a network service. You can:

  • Self-host the application layer for personal use, internal tools, research, or any non-service deployment, freely under AGPL-3.0.
  • Modify and contribute back, freely.
  • Run your own deniable-encryption SaaS as long as your modifications are released under AGPL-3.0.

If you want to run the application layer as part of a proprietary service without the AGPL copyleft obligation, that is what the commercial application-layer licence covers (tiers below).

Calling the hosted deny.sh API

If your code only calls our hosted API over HTTPS and does not embed, copy, or link the deny.sh application-layer source, AGPL places no obligation on your codebase. You are a user of our hosted service, governed by the Terms of Service, not a distributor of AGPL software. No commercial licence required.

Integration is one function call.

View code example26 lines 
// npm install deny-sh
import { encrypt, decrypt } from 'deny-sh';
import { generateDeniableControl } from 'deny-sh';

// Encrypt with deniable decoy
const result = encrypt(seedPhrase, {
  password1, password2
});

// Real key
decrypt(result.ciphertext, {
  password1, password2,
  controlData: result.controlData
});
// -> real seed phrase

// Decoy key (same ciphertext, different result)
const decoy = generateDeniableControl(
  result.ciphertext,
  password1, password2, decoySeed
);
decrypt(result.ciphertext, {
  password1, password2,
  controlData: decoy
});
// -> decoy seed phrase

Node.js, Python, Go, and Rust SDKs. Apache License 2.0. Embed freely.

Application-layer licence: who it's for.

The SDK is permissively licensed and free for everyone. The tiers below are only for organisations that want to self-host the deny.sh application layer (vault, dead-man's switch, MCP orchestration, hosted-API server source) as part of a proprietary commercial product without the AGPL copyleft obligation.

Wallet providers

Self-host the deny.sh vault as part of a wallet product. Users encrypt their seed phrase with a decoy; when the backup leaks, the decoy decrypts to a dust wallet. Real holdings stay separated. The SDK alone is enough for most wallet integrations (Apache 2.0, embed freely); a commercial licence is needed only if you want to ship the deny.sh vault application-layer code itself.

Exchanges and custody

Protect cold-storage key files and operational hot-wallet backups against insider exfiltration and storage-tier compromise. If a backup or key file leaves the perimeter, the recovered ciphertext decrypts to a convincing decoy. Real keys stay separated, behind a control file the storage tier never holds.

Secure messaging

Encrypt message archives at rest with deniable encryption. If a database backup, retention export, or stolen device exposes the archive, the leaked bytes decrypt to a decoy and the real message history stays separated. Same database, same ciphertext, separated truth.

Security platforms

Offer deniable file encryption as a platform feature. Password managers, secure notes, document vaults. The algorithm is audited and open. The integration is three lines of code.

Want a commercial application-layer licence?

Commercial application-layer licences are custom, scoped to your deployment, and start at $25,000/year. Higher tiers add multi-product rights, white-label, named support, and SLAs. One contact path covers self-hosting and private deployments together.

Talk to us about a licence

Looking at per-seat licensing for a wallet or hardware product? See partnerships.

FAQ.

I just want to use the SDK in my product. Do I need anything from you?

No. The SDK is Apache 2.0. Install from npm, crates.io, pkg.go.dev, or PyPI. Use it freely. No notification, no licence fee, no commercial agreement required.

Does calling the deny.sh hosted API require me to open-source my application?

No. AGPL obligations attach to distributors and operators of the application-layer source code. If your application calls our hosted API over HTTPS, you are a user of the service, not a distributor of the software, and AGPL places no obligations on your codebase. The hosted API is governed by the Terms of Service.

When do I need an application-layer commercial licence?

If you want to take the deny.sh application-layer source (vault server, dead-man's switch dispatcher, inheritance service, MCP server orchestration, hosted-API server code) and run it as part of a proprietary commercial product without releasing your modifications under AGPL-3.0. The tiers above cover this case.

Why the split? Why not all Apache or all AGPL?

The SDK is a small piece of cryptography that should be embeddable without legal review by anyone, including commercial teams. Apache 2.0 is the licence for that. The application layer is six months of operational engineering (vault server, dispatcher, orchestration, hosted API) that defines our managed-service value. AGPL keeps that part open while protecting against a competitor cloning the service. The split is what makes both halves of the business defensible.

Does AGPL section 13 attach to the SDK?

No. The SDK ships under Apache 2.0, which has no copyleft clause. AGPL-3.0 (including section 13) applies only to the application layer.

If I want the application-layer position written into my contract for procurement comfort, can you do that?

Yes. We ship that language as standard in the Enterprise MSA Addendum.

Don't build the crypto. Build the product.

Most teams need only the Apache-licensed SDK. npm install deny-sh (or the crates.io, PyPI, Go module equivalent) and ship. If you are self-hosting application-layer components and want a commercial licence, tell us what you are shipping and we will scope the right tier in one call.

Get in touch