License Guidance

Frequently Asked Questions About the FusionAuth License

This page provides information about our license and how it affects your use of FusionAuth.

License questions

Answers to some commonly asked questions.

While the exact terms of your use of FusionAuth are spelled out in the license agreement and you should definitely have your lawyer read it, we wanted to provide a more human readable version.

(That said, if there is any conflict between this FAQ and the license agreement, the license agreement wins.)

What does the FusionAuth license apply to?
Do I have to pay you to use FusionAuth?
What are scenarios where I don't have to pay you?
What are scenarios where I do have to pay you?
I am reselling FusionAuth to my customers. What type of license do I need?
I sell downloadable software that contains FusionAuth. What type of license do I need?
I provide private cloud hosting for FusionAuth for each of my customers. What type of license do I need?
What about the GDPR? Do you have a standard data processing addendum (DPA)?
My organization requires vendors to use our license agreements, is that possible?
My organization requires vendors to undergo security audits and vendor on-boarding, is that possible?
Who owns my data in FusionAuth?
Can I migrate my data off of FusionAuth?
Do you keep my information I share with you confidential?
What if FusionAuth breaks my stuff?
Can I modify the FusionAuth software?
Can I decompile the source code?
What about code or docs released as open source? Can I modify those?
I have a paid license for a premium edition. Do I need a license key for my development/QA/UAT servers to access the premium features?

What does the FusionAuth license apply to?

The FusionAuth license applies to the FusionAuth bundle fusionauth-app which is used by all of our installation methods (ZIPs, DEBs, RPMs, Docker, K8s, etc).

The fusionauth-search bundle is vanilla ElasticSearch, and is covered by the version appropriate ElasticSearch license.

All other code such as client libraries and example applications are covered under their own licenses, which are usually Apache 2.0. Refer to each project for the correct license.

Do I have to pay you to use FusionAuth?

If you use the community edition, you typically won’t have to pay us. However, there are some scenarios where you need to have an agreement with us.

What are scenarios where I don't have to pay you?

Using FusionAuth internally.
Using FusionAuth for your web or mobile application.

What are scenarios where I do have to pay you?

If you buy a licensed edition to get access to our premium features.
If you host with us, you have to pay us for the hosting.
If you buy a support or professional services contract.
If you redistribute FusionAuth as part of your application (this is generally referred to as embedding or distributing).
If you resell, distribute, or provide FusionAuth hosting for your customers.

I am reselling FusionAuth to my customers. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

I sell downloadable software that contains FusionAuth. What type of license do I need?

I provide private cloud hosting for FusionAuth for each of my customers. What type of license do I need?

What about the GDPR? Do you have a standard data processing addendum (DPA)?

We have a standard DPA (Data Processing Addendum) we can provide. However, we only execute DPAs with Enterprise Edition customers with a contract in place. You should contact our sales team to discuss DPA options. They can be reached at sales@fusionauth.io.

Besides a DPA, you can always reference our license and privacy policies in your documentation. Here are the URLs for those documents:

My organization requires vendors to use our license agreements, is that possible?

Custom contracts and legal reviews require various contract minimums. These include the fees and contract length. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.

If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:

My organization requires vendors to undergo security audits and vendor on-boarding, is that possible?

We know that companies often require in-depth on-boarding processes, including security audits. We are happy to work with you to complete these tasks, but we require contract minimums in order to do so. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.

If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:

Who owns my data in FusionAuth?

You do. You grant us a license to use this data solely for the purpose of fulfilling our obligations to you.

Can I migrate my data off of FusionAuth?

Of course. If you self host, you can use the APIs or access the underlying database. If you host with us, we can provide you with a database dump; please open a support ticket with this request.

Do you keep my information I share with you confidential?

Yes.

What if FusionAuth breaks my stuff?

In general, we guarantee that this software will work as outlined in the documentation.

If you have a support contract, please file a ticket and we’ll get it fixed. If you have found a bug, please open a GitHub issue.

Can I modify the FusionAuth software?

Nope. If you have a feature you'd like added, please let us know. The best way to do that is to file a support ticket if you have a support contract. Otherwise, please open a GitHub issue detailing the feature request.

If you change anything within FusionAuth, we won't guarantee it will continue to work as expected, or at all.

Can I decompile the source code?

Nope. The source code for the fusionauth-app bundle and all closed source libraries owned by FusionAuth cannot be decompiled or reverse engineered. This prevents companies from forking FusionAuth and creating their own solution to sell to their customers (i.e. like Amazon has done with ElasticSearch).

What about code or docs released as open source? Can I modify those?

Yes.

We release example apps, supporting libraries and documentation under the Apache2 license, and those are modifiable as specified by that license.

This FAQ only applies to the code distributed under the FusionAuth license.

I have a paid license for a premium edition. Do I need a license key for my development/QA/UAT servers to access the premium features?

If you log in to your account portal, you will see both a "Production license id" and a "Non-production license id" under the "Edition" section.

Use the latter for your non production environments.

Also, check out our Enterprise Sales FAQ

FusionAuth is Complete Auth for Any App

FusionAuth is a complete solution with no sacrifices.
We got this. Go build something awesome.

GET STARTED FOR FREE