pricing & tiers

Deniability infrastructure,
priced honestly.

Three ways in: every browser tool, the CLI and the SDKs are free forever; a self-serve API from $99/mo for builders; and Agents Infrastructure from $999/mo for teams that need isolation, audit, BYOK and an SLA. No overage charges, no surprise bills. Pick your row below.

Start here

Three ways to use deny.sh

Pick the row that matches you. Everything below is one of these three, priced in detail further down.

Free & local

Browser tools, CLI & SDKs

Encrypt, decrypt, deny, vault. Runs on your device, zero-knowledge. No account, no card, no expiry.

$0 forever
Open the tools →
Hosted API

Self-serve for builders

The same construction behind an API key, metered monthly. Free, Dev, Pro, or Scale. Sign up and upgrade through Stripe, no sales call.

Free · $99 · $199 · $299/mo
See the tiers →
Infrastructure

Teams & enterprise

Hosted runtime with per-tenant isolation, audit chain, BYOK, SSO and an SLA. Plus self-hosting and commercial licensing.

Infrastructure · flagship

Agents Infrastructure

$999/mo

The hosted runtime that puts decoys in front of every prompt-injected leak. Same construction as the free SDK, with multi-tenant operational discipline on top. For engineering teams shipping an AI agent with secrets in customer context.

  • 1,000,000 API calls / month
  • Per-tenant key isolation
  • Scoped audit log
  • Live decoy feed + cross-network threat intel
  • Hash chain + RFC 3161 receipts
  • Compliance evidence pack (self-serve export)
  • SAML SSO
  • Signed webhooks
  • BYOK (AWS KMS)
  • MCP server (10 tools, 3 offline)
  • Named SLA, 30-min P1
  • Quarterly architecture review
  • Onboarding, monthly or annual
Talk to the team → Onboarding is hands-on, so this tier is contact-led.

Read the pillar page · operate layer in whitepaper §6

Hosted API · self-serve

Self-serve API tiers

For individual builders and small teams. Sign up and upgrade through Stripe, no sales call. Every browser tool, the CLI, and the SDKs stay free forever.

Free
$0
free forever
  • 500 API calls/month
  • Encrypt, decrypt, deny
  • Realism engine: 10 decoys/day
  • Vault (25 items)
  • All browser tools + CLI + SDKs
Get free API key
Pro
$199
/month
  • 100,000 API calls/month
  • Realism engine: 1,000 decoys/day
  • Live decoy feed + cross-network threat intel
  • Vault (10,000 items)
  • Full audit log
  • Priority support + SLA
Upgrade to Pro
Scale
$299
/month
  • 250,000 API calls/month
  • Realism engine: 25,000 decoys/day
  • 365-day audit retention
  • Vault (10,000 items)
  • Self-serve via Stripe
  • Email support
Upgrade to Scale

Apache 2.0 SDK + AGPL application layer

Need SAML SSO, signed webhooks, BYOK, a named SLA or hands-on onboarding? That's the Agents Infrastructure tier at the top.

Other products & plans

Beyond the API tiers

Enterprise deployment and licensing, priced separately. Not required to use the API tiers above.

Enterprise & self-hosting

For regulated organisations

From $25K/yr

On-prem deployment, commercial application-layer licensing, custom limits and SLA. For teams that need deny.sh inside their own perimeter. BYOK (AWS KMS) and Agents Infrastructure options included.

Enterprise plans →

UK operator. Cyber Essentials Certified (IASME, May 2026). BYOK setup walkthrough · compliance details on the enterprise page.

Self-serve checkout

Self-serve upgrade

How upgrades work

Enter your API key, pick a plan, and Stripe handles the rest. Your tier upgrades instantly after checkout.

Don't have an API key yet? Get one free. Takes 10 seconds.

Questions

Frequently asked

Can you see my data?

It depends on which surface you use, and we make the tradeoff visible up front.

  • Browser tools, CLI, SDK: zero-knowledge. Plaintext, passwords, and the deniable construction all run on your device. We never see the inputs.
  • Hosted API (/api/encrypt, /api/decrypt, /api/deny): you opt into sending plaintext + passwords to the server so the server can do the work for you. We process them in memory, return the result, and do not persist plaintext or passwords. This is a deliberate convenience tradeoff. If your threat model rules it out, use the SDK locally; ciphertext-shape is identical, and the SDK is Apache 2.0 with a single runtime dependency (hash-wasm for portable Argon2id).
  • Managed vault: we store the ciphertext (which you encrypted in your browser) and the metadata you choose to attach. The vault layer never receives plaintext or passwords.
  • Agents Infrastructure: per-tenant key isolation, scoped audit log, the hosted runtime. Audit log captures call metadata against the tenant key, not plaintext. If you want zero-knowledge for an agent workflow, use the three local MCP tools instead of the seven hosted ones (documented at /agents).

By design, not by policy. The split between zero-knowledge surfaces and hosted-convenience surfaces is part of the construction, not a billing wall. Full surface-by-surface table at /what-we-see.

Do you store my encryption keys or passwords?

No. Keys are derived from your passwords using Argon2id and exist only in memory during the operation. We store a one-way hash for API authentication. If you lose your password, we cannot recover your data. That's the point.

What algorithm do you use?

The stack is Argon2id KDF (t=3, m=64 MiB, p=1, v=0x13) for key derivation, AES-256-CTR for encryption, and XOR composition for deniability. 4-byte little-endian length prefix inside the encrypted portion. The entire implementation is open source and uses standard, vetted cryptography libraries. Full technical docs here.

Has the cryptography been audited?

The source code is fully open for inspection and we publish a 22-test browser verification suite you can run yourself. The construction uses only standard, well-studied primitives (AES-256, Argon2id) in well-understood compositions. A formal third-party cryptographic audit is on the roadmap; we will announce the firm and scope once engaged.

Why does the realism engine have a separate daily limit?

The realism engine (69 shape-correct decoy types, deterministic validators, LLM-distilled bundles) is the only feature that costs us per call in LLM tokens. The monthly API quota covers the encryption and vault surfaces, which are essentially free for us to run. Decoy generation has its own daily cap per tier so heavy engine use cannot starve out the rest of your quota. When you exceed it you get a 429 with X-RateLimit-Reset and Retry-After headers; the engine resets on a 24-hour sliding window, not a calendar day.

Can I see my realism-engine usage?

Yes. The usage dashboard shows your daily decoy calls by type for the last 30 days, the current 24-hour cap utilisation, the count of 429-blocked calls, and the recent quota-alert history. You also receive an email at 80%, 95%, and 100% of your daily cap, capped at three per UTC day per key.

How is this different from just using a strong password?

A strong password protects your data while you hold the key. It doesn't help once the encrypted bytes leave your control: a cloud breach, a stolen device, an exfiltrated backup, an AI agent that gets prompt-injected into reading its own context. Deniable encryption lets the same ciphertext decrypt to different, plausible data depending on which control file is used. One ciphertext, multiple valid plaintexts. When the bytes leak, what they get is a decoy. The real content never appears in the breach.

What if your servers go down?

All browser tools work offline after the first page load (service worker cached). The CLI and SDKs have zero server dependency. Only the API and managed vault features require our servers, which target 99.9% uptime.

Is this legal?

Encryption is legal in the vast majority of jurisdictions. deny.sh is a cryptographic tool, like GPG or VeraCrypt. We're a UK-registered company operating under UK and EU law. See our licensing page for export compliance details.

What counts as an API call?

Each call to /api/encrypt, /api/decrypt, /api/deny, /api/text/*, /api/vault/*, or /api/generate-control counts as one call. Health checks (/api/health) and usage queries (/api/usage) don't count against your limit.

What happens if I exceed my limit?

You get a 429 response with a clear error message and your monthly reset date. No overage charges, ever. No surprise bills. Your existing encrypted data remains accessible.

Can I downgrade?

Yes. Cancel anytime from your Stripe dashboard. Your tier reverts to Free at the end of the billing period. Your vault data is preserved (within Free tier limits). No cancellation fees.

Do you offer annual billing?

Yes. Toggle "Annual" at the top of the pricing cards. You get 2 months free (about 20% off). Dev is $950/year, Pro is $1,910/year. Billed as a single annual charge via Stripe.