While the exact terms of your use of FusionAuth are spelled out in the license agreement and you should definitely have your lawyer read it, we wanted to provide a more human readable version.
(That said, if there is any conflict between this FAQ and the license agreement, the license agreement wins.)
The FusionAuth license applies to the FusionAuth bundle fusionauth-app which is used by all of our installation methods (ZIPs, DEBs, RPMs, Docker, K8s, etc).
The fusionauth-search bundle is vanilla ElasticSearch, and is covered by the version appropriate ElasticSearch license.
All other code such as client libraries and example applications are covered under their own licenses, which are usually Apache 2.0. Refer to each project for the correct license.
If you use the community edition, you typically won't have to pay us. However, there are some scenarios where you need to have an agreement with us.
You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.
You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.
You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.
We have a standard DPA (Data Processing Addendum) we can provide. However, we only execute DPAs with Enterprise Edition customers with a contract in place. You should contact our sales team to discuss DPA options. They can be reached at sales@fusionauth.io.
Besides a DPA, you can always reference our license and privacy policies in your documentation. Here are the URLs for those documents:
Custom contracts and legal reviews require various contract minimums. These include the fees and contract length. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.
If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:
We know that companies often require in-depth on-boarding processes, including security audits. We are happy to work with you to complete these tasks, but we require contract minimums in order to do so. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.
If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:
You do. You grant us a license to use this data solely for the purpose of fulfilling our obligations to you.
Absolutely. If you self host, you can use the APIs or access the underlying database. If you host with us, we can provide you with a database dump; please open a support ticket with this request.
Yes!
In general, we guarantee that this software will work as outlined in the documentation.
If you have a support contract, please file a ticket and we'll get it fixed. If you have found a bug, please open a GitHub issue.
Not currently. If you have a feature you'd like added, please let us know. The best way to do that is to file a support ticket if you have a support contract. Otherwise, please open a GitHub issue detailing the feature request.
If you change anything within FusionAuth, we won't guarantee it will continue to work as expected, or at all.
Not currently. The source code for the fusionauth-app bundle and all closed source libraries owned by FusionAuth cannot be decompiled or reverse engineered. This prevents companies from forking FusionAuth and creating their own solution to sell to their customers (i.e. like Amazon has done with ElasticSearch).
Yes.
We release example apps, supporting libraries and documentation under the Apache2 license, and those are modifiable as specified by that license.
This FAQ only applies to the code distributed under the FusionAuth license.
If you log in to your account portal, you will see both a "Production license id" and a "Non-production license id" under the "Edition" section.
Use the latter for your non production environments.
We plan to be around for a long long time! But we understand your concerns.
We are happy to add contract provisions for source code release if FusionAuth dissolves. This is sometimes known as source code escrow.
This requires purchase of an Enterprise edition with a custom contract. You should contact our sales team to discuss options. They can be reached at sales@fusionauth.io.
Yes. We love to promote our customers, but understand that sometimes you may be in stealth mode or otherwise averse to publicity.
Let us know this by filing a support ticket stating you wish to remain anonymous.
If we publish something and you need it to be removed, please contact us and we'll resolve the issue.
We're more than happy to chat about this topic, but the rule of thumb is: if you have more than one production instance of FusionAuth and are charging money to access it, you are reselling and need a reseller's license.
A few examples of reselling:
If you have one production instance and you are charging your users, you are not reselling FusionAuth. If you have multiple production instances but are not charging users for application access, you are not reselling either.
A few examples of what is not reselling:
If you have more questions about reselling, please feel free to contact us.
We can bill month-to-month or annually, your choice. You may also sign a multi-year agreement if you'd like. Such an agreement typically requires a contract and wire transfer. Please contact us for more details about this option.
Month-to-month billing occurs on actual MAUs of the preceding month. If you have 10,000 MAUs one month, 30,000 the next and then 10,000 the third, you'd be billed for the MAU count for each month (10,000, then 30,000, then 10,000).
If you'd like to be billed annually because you want a fixed monthly payment, we'll bill you on your estimated average MAUs. At the end of the year, we will settle up any differences from the estimate.
Monthly active users (MAUs) are calculated and reported nightly. An MAU is someone that uses your application in some fashion during the course of a calendar month. This could be a user registering, logging in, or opening your app. MAUs don't include failed logins or users imported with the Import API.
For example, if a user logs in 1,000 times during a month, they count as 1 MAU.
Since version 1.26, FusionAuth supports airgapped licensed deployments. You can install your license text in the administrative user interface or via the API. FusionAuth's advanced features will work without any internet access.
One limitation is the breached password feature. This relies on network access in order to retrieve the database, and so cannot be fully functional in an airgapped environment.
No. We do not collect VAT on FusionAuth purchases. If VAT applies to you, this is something you will need to ensure is handled correctly to comply with your local tax laws.
Yes. Please open a support ticket with your preferred organization name and we'll change it.
However, we cannot modify any previously issued invoices.
Yes. Please open a support ticket with your preferred email address or email addresses and we'll update where the invoice is delivered.
Service level agreements (SLAs) document the availability of your FusionAuth instance. For full details, please review the license, including Exhibit C, which specifies how credits are applied. In particular, unexpected downtime counts against the SLA, but scheduled maintenance does not.
The applicable SLA depends on how you run FusionAuth.
If you have further questions about SLAs, contact our sales team. They can be reached at sales@fusionauth.io.
Yes, in certain circumstances, we offer discounts to non-profits or educational institutions. You should contact our sales team to discuss this option further. They can be reached at sales@fusionauth.io.
The simple answer is that there are pros and cons to making our intellectual property open source. At this point we have chosen a closed source model for the core product but open source many components as well. All of the docs, website, client libraries, jwt library, mvc, and domains are open source.
We continually discuss this strategy internally and evaluate what is best for the longevity and quality of the product. From our perspective there is a misconception that open source equates to longevity. While it is true that anyone could fork and maintain FusionAuth if it was open source, many open source projects die because there is no maintainer. It is also possible that a company such as IBM - that now owns KeyCloak/RedHat could choose to no longer support KeyCloak, or change the source code licensing model. In other words, the licensing model does not necessarily mean it will be supported or properly maintained.
We understand this is a sensitive topic for many and we do certainly see positive aspects of making the entire platform open source. However, there are no current plans to modify our licensing model.
Please see the license for details. In particular, exhibit C, section 3.
We're sorry to see you go! First, if applicable, migrate your data.
Next, in order to delete your FusionAuth account via an email request, you must follow these steps:
Once you have deleted all of your deployments and downgraded to Community Edition, your subscription will be canceled and you won’t be billed going forward.
If you would then like your user information completely removed please contact sales. Historical payment information must be maintained and does not contain any PII.
In FusionAuth Cloud, all data is transparently encrypted at rest and in transit. It is stored in the region you select when creating your deployment.
Authorized support personnel, who are all background-checked full time employees and members of the engineering team, have access to the database. They would only do so when a support issue required it, and such access is logged. Only the engineering team is allowed to access the systems and the database. All commands which escalate privileges on a system are logged, including those which allow access to PII.
Please read these instructions which cover the license installation process in detail. If you have further questions, please contact us.
FusionAuth is a generic storage mechanism for user data, similar to MySQL, Oracle or PostgreSQL. Every organization has different integration strategies. Companies often store user data in many different places. Therefore, it's challenging for FusionAuth to determine where all of the user data for a particular user exists. However, the FusionAuth APIs allow you to collect all of the data you've stored in FusionAuth and combine it with any data stored outside of FusionAuth. Once the data is combined, you can provide it to the user however you wish.
Nope, we don't hold that particular certification. We have SOC2 Type 2, which is similar, but not ISO 27001.