$0 free. $99 dev. $199 pro. $499 lifetime.

Can you see my data?

It depends on which surface you use, and we make the tradeoff visible up front.

• Browser tools, CLI, SDK: zero-knowledge. Plaintext, passwords, and the deniable construction all run on your device. We never see the inputs.
• Hosted API (/api/encrypt, /api/decrypt, /api/deny): you opt into sending plaintext + passwords to the server so the server can do the work for you. We process them in memory, return the result, and do not persist plaintext or passwords. This is a deliberate convenience tradeoff. If your threat model rules it out, use the SDK locally; ciphertext-shape is identical, and the SDK is Apache 2.0 with zero runtime dependencies.
• Managed vault: we store the ciphertext (which you encrypted in your browser) and the metadata you choose to attach. The vault layer never receives plaintext or passwords.
• Agents Infrastructure: per-tenant key isolation, scoped audit log, the hosted runtime. Audit log captures call metadata against the tenant key, not plaintext. If you want zero-knowledge for an agent workflow, use the four local MCP tools instead of the seven hosted ones (documented at /agents).

By design, not by policy. The split between zero-knowledge surfaces and hosted-convenience surfaces is part of the construction, not a billing wall.

Do you store my encryption keys or passwords?

No. Keys are derived from your passwords using scrypt and exist only in memory during the operation. We store a one-way hash for API authentication. If you lose your password, we cannot recover your data. That's the point.

What algorithm do you use?

The stack is scrypt KDF (N=16384, r=8, p=1) for key derivation, AES-256-CTR for encryption, and XOR composition for deniability. 4-byte little-endian length prefix inside the encrypted portion. The entire implementation is open source and uses only Node.js built-in crypto. Zero runtime dependencies. Full technical docs here.

Has the cryptography been audited?

The source code is fully open for inspection and we publish a 22-test browser verification suite you can run yourself. The construction uses only standard, well-studied primitives (AES-256, scrypt) in well-understood compositions. A formal third-party cryptographic audit is on the roadmap; we will announce the firm and scope once engaged.

Why does the realism engine have a separate daily limit?

The realism engine (17 shape-correct decoy types, deterministic validators, LLM-distilled bundles) is the only feature that costs us per call in LLM tokens. The monthly API quota covers the encryption and vault surfaces, which are essentially free for us to run. Decoy generation has its own daily cap per tier so heavy engine use cannot starve out the rest of your quota. When you exceed it you get a 429 with X-RateLimit-Reset and Retry-After headers; the engine resets on a 24-hour sliding window, not a calendar day.

Can I see my realism-engine usage?

Yes. The usage dashboard shows your daily decoy calls by type for the last 30 days, the current 24-hour cap utilisation, the count of 429-blocked calls, and the recent quota-alert history. You also receive an email at 80%, 95%, and 100% of your daily cap, capped at three per UTC day per key.

How is this different from just using a strong password?

A strong password protects your data while you hold the key. It doesn't help once the encrypted bytes leave your control: a cloud breach, a stolen device, an exfiltrated backup, an AI agent that gets prompt-injected into reading its own context. Deniable encryption lets the same ciphertext decrypt to different, plausible data depending on which key is used. One ciphertext, multiple valid plaintexts. When the bytes leak, what they get is a decoy. The real content never appears in the breach.

What if your servers go down?

All browser tools work offline after the first page load (service worker cached). The CLI and SDKs have zero server dependency. Only the API, vault, and dead man's switch features require our servers, which target 99.9% uptime.

Is this legal?

Encryption is legal in the vast majority of jurisdictions. deny.sh is a cryptographic tool, like GPG or VeraCrypt. We're a UK-registered company operating under UK and EU law. See our licensing page for export compliance details.

What counts as an API call?

Each call to /api/encrypt, /api/decrypt, /api/deny, /api/text/*, /api/vault/*, or /api/generate-control counts as one call. Health checks (/api/health) and usage queries (/api/usage) don't count against your limit.

What happens if I exceed my limit?

You get a 429 response with a clear error message and your monthly reset date. No overage charges, ever. No surprise bills. Your existing encrypted data remains accessible.

Can I downgrade?

Yes. Cancel anytime from your Stripe dashboard. Your tier reverts to Free at the end of the billing period. Your vault data is preserved (within Free tier limits). No cancellation fees.

Do you offer annual billing?

Yes. Toggle "Annual" at the top of the pricing cards. You get 2 months free (about 20% off). Dev is $950/year, Pro is $1,910/year. Billed as a single annual charge via Stripe.