Free. Forever.

Every browser tool, no account needed, no limits. The API is for when you want to build on top. No surprises, no overage charges.

🔓 All browser tools are free. Forever. No account needed. Paid plans are for API access only.
Free
Yours. No card needed.
$0
free forever
  • 500 API calls/month
  • Encrypt, decrypt, deny
  • Vault (5 items)
  • Dead man's switch (1 switch)
  • All browser tools + CLI + SDKs
Get free API key
Most Popular
Dev
For the things you ship
$39
/month
  • 10,000 API calls/month
  • Vault (100 items)
  • Dead man's switch (5 switches)
  • Steganography API
  • Full audit log
  • Email support
Upgrade to Dev
Pro
When 10K calls isn't enough
$99
/month
  • 100,000 API calls/month
  • Vault (1,000 items)
  • Dead man's switch (20 switches)
  • Steganography API
  • Full audit log
  • Priority support + SLA
Upgrade to Pro

How upgrades work

Enter your API key below and choose a plan. You'll be taken to Stripe for secure payment. Your tier upgrades instantly after checkout.

FAQ

Can you see my data?

No. All browser tools run entirely in your browser. Your plaintext, passwords, and seed phrases never leave your device. The API endpoints receive only pre-encrypted data. We never see your plaintext. By design, not by policy.

Do you store my encryption keys or passwords?

No. Keys are derived from your passwords using scrypt and exist only in memory during the operation. We store a one-way hash for API authentication. If you lose your password, we cannot recover your data. That's the point.

What algorithm do you use?

scrypt KDF (N=16384, r=8, p=1) for key derivation, AES-256-CTR for encryption, and XOR composition for deniability. 4-byte little-endian length prefix inside the encrypted portion. The entire implementation is open source and uses only Node.js built-in crypto. Zero runtime dependencies. Full technical docs here.

Has the cryptography been audited?

An independent security review is in progress. The source code is open for inspection and we publish a 22-test browser verification suite you can run yourself. We use only standard, well-studied primitives (AES-256, scrypt) in well-understood compositions.

How is this different from just using a strong password?

A strong password protects your data, but it doesn't protect you. If someone forces you to hand over your password, your data is exposed. Deniable encryption lets you give them a different password that decrypts to different, plausible data. One ciphertext, multiple valid plaintexts. The attacker can't prove the decoy isn't the real thing.

What if your servers go down?

All browser tools work offline after the first page load (service worker cached). The CLI and SDKs have zero server dependency. Only the API, vault, and dead man's switch features require our servers, which target 99.9% uptime.

Is this legal?

Encryption is legal in the vast majority of jurisdictions. deny.sh is a cryptographic tool, like GPG or VeraCrypt. We're a UK-registered company operating under UK and EU law. See our licensing page for export compliance details.

What counts as an API call?

Each call to /api/encrypt, /api/decrypt, /api/deny, /api/text/*, /api/vault/*, or /api/generate-control counts as one call. Health checks (/api/health) and usage queries (/api/usage) don't count against your limit.

What happens if I exceed my limit?

You get a 429 response with a clear error message and your monthly reset date. No overage charges, ever. No surprise bills. Your existing encrypted data remains accessible.

Can I downgrade?

Yes. Cancel anytime from your Stripe dashboard. Your tier reverts to Free at the end of the billing period. Your vault data is preserved (within Free tier limits). No cancellation fees.

Do you offer annual billing?

Yes. Toggle "Annual" at the top of the pricing cards. You get 2 months free (about 20% off). Dev is $374/year, Pro is $948/year. Billed as a single annual charge via Stripe.

Need more?

Custom limits, dedicated infrastructure, AGPL-free licensing, and SLA.

Enterprise plans →