The fusionauth-search bundle is vanilla ElasticSearch, and is covered by the version appropriate ElasticSearch license.

All other code such as client libraries and example applications are covered under their own licenses, which are usually Apache 2.0. Refer to each project for the correct license.

Do I have to pay you to use FusionAuth?

If you use the community edition, you typically won't have to pay us. However, there are some scenarios where you need to have an agreement with us.

What are scenarios where I don't have to pay you?

• Using FusionAuth internally.
• Using FusionAuth for your web or mobile application.

What are scenarios where I do have to pay you?

• If you buy a licensed edition to get access to our premium features.
• If you host with us, you have to pay us for the hosting.
• If you buy a support or professional services contract.
• If you redistribute FusionAuth as part of your application (this is generally referred to as embedding or distributing).
• If you resell, distribute, or provide FusionAuth hosting for your customers.

I am reselling FusionAuth to my customers. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

I sell downloadable software that contains FusionAuth. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

I provide private cloud hosting for FusionAuth for each of my customers. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

What about the GDPR? Do you have a standard data processing addendum (DPA)?

We have a standard DPA (Data Processing Addendum) we can provide. However, we only execute DPAs with Enterprise Edition customers with a contract in place. You should contact our sales team to discuss DPA options. They can be reached at sales@fusionauth.io.

Besides a DPA, you can always reference our license and privacy policies in your documentation. Here are the URLs for those documents:

• https://fusionauth.io/license/
• https://fusionauth.io/privacy-policy/
• https://fusionauth.io/product-privacy-policy/

My organization requires vendors, such as FusionAuth, to use our license agreements, is that possible?

Custom contracts and legal reviews require various contract minimums. These include the fees and contract length. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.

If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:

• https://fusionauth.io/license/
• https://fusionauth.io/privacy-policy/
• https://fusionauth.io/product-privacy-policy/

My organization requires vendors, such as FusionAuth, to undergo security audits and vendor on-boarding, is that possible?

We know that companies often require in-depth on-boarding processes, including security audits. We are happy to work with you to complete these tasks, but we require contract minimums in order to do so. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.

If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:

• https://fusionauth.io/license/
• https://fusionauth.io/privacy-policy/
• https://fusionauth.io/product-privacy-policy/

Who owns my data in FusionAuth?

You do. You grant us a license to use this data solely for the purpose of fulfilling our obligations to you.

Can I migrate my data off of FusionAuth?

Of course. If you self host, you can use the APIs or access the underlying database. If you host with us, we can provide you with a database dump; please open a support ticket with this request.

Do you keep my information I share with you confidential?

Yes.

What if FusionAuth breaks my stuff?

In general, we guarantee that this software will work as outlined in the documentation.

If you have a support contract, please file a ticket and we'll get it fixed. If you have found a bug, please open a GitHub issue.

Can I modify the FusionAuth software?

Nope. If you have a feature you'd like added, please let us know. The best way to do that is to file a support ticket if you have a support contract. Otherwise, please open a GitHub issue detailing the feature request.

If you change anything within FusionAuth, we won't guarantee it will continue to work as expected, or at all.

Can I decompile the source code?

Nope. The source code for the fusionauth-app bundle and all closed source libraries owned by FusionAuth cannot be decompiled or reverse engineered. This prevents companies from forking FusionAuth and creating their own solution to sell to their customers (i.e. like Amazon has done with ElasticSearch).

What about code or docs released as open source? Can I modify those?

Yes.

We release example apps, supporting libraries and documentation under the Apache2 license, and those are modifiable as specified by that license.

This FAQ only applies to the code distributed under the FusionAuth license.

I have a paid license for a premium edition. Do I need a license key for my development/QA/UAT servers to access the premium features?

If you log in to your account portal, you will see both a "Production license id" and a "Non-production license id" under the "Edition" section.

Use the latter for your non production environments.

How can we obtain FusionAuth source code should the business cease?

We plan to be around for a long long time! But we understand your concerns.

We are happy to add contract provisions for source code release if FusionAuth dissolves. This is sometimes known as source code escrow.

This requires purchase of an Enterprise edition with a custom contract. You should contact our sales team to discuss options. They can be reached at sales@fusionauth.io.

Can our company be excluded from your customer list and other promotional materials?

Yes. We love to promote our customers, but understand that sometimes you may be in stealth mode or otherwise averse to publicity.

Let us know this by filing a support ticket stating you wish to remain anonymous.

If we publish something and you need it to be removed, please contact us and we'll resolve the issue.

Do I need a reseller's agreement?

We're more than happy to chat about this topic, but the rule of thumb is: if you have more than one production instance of FusionAuth and are charging money to access it, you are reselling and need a reseller's license.

A few examples of reselling:

• Managed applications, each running in a customer's data centers with FusionAuth as the auth system.
• An application running in a private cloud, with one instance of the application and FusionAuth per customer.

If you have one production instance and you are charging your users, you are not reselling FusionAuth. If you have multiple production instances but are not charging users for application access, you are not reselling either.

A few examples of what is not reselling:

• A SaaS application where users may create their own tenants in FusionAuth. Even if these customers then have customers of their own who are logging in using FusionAuth and are charging money, this is not reselling.
• A consulting company who buys FusionAuth on behalf of customers and builds their custom applications on top of it. (Contact us if this is your situation, in certain situations we offer commissions if the customer purchases FusionAuth based on a recommendation.)

If you have more questions about reselling, please feel free to contact us.

How often is billing done?

We can bill month-to-month or annually, your choice. You may also sign a multi-year agreement if you'd like. Such an agreement typically requires a contract and wire transfer. Please contact us for more details about this option.

Month to month billing occurs on actual MAUs of the preceding month. If you have 10,000 MAUs one month, 30,000 the next and then 10,000 the third, you'd be billed for the MAU count for each month (10,000, then 30,000, then 10,000).

If you'd like to be billed annually because you want a fixed monthly payment, we'll bill you on your estimated average MAUs. At the end of the year, we will settle up any differences from the estimate.

How are monthly active users calculated?

Monthly active users (MAUs) are calculated and reported nightly. An MAU is someone that uses your application in some fashion during the course of a calendar month. This could be a user registering, logging in, or opening your app. MAUs don't include failed logins or users imported with the Import API.

For example, if a user logs in 1,000 times during a month, they count as 1 MAU.

Here's a more technical description of an 'active' user.

I need to run my servers airgapped. How does licensing work in this scenario?

Since version 1.26, FusionAuth supports airgapped licensed deployments. You can install your license text in the administrative user interface or via the API. FusionAuth's advanced features will work without any internet access.

One limitation is the breached password feature. This relies on network access in order to retrieve the database, and so cannot be fully functional in an airgapped environment.

Can you add a VAT number to our invoices?

No. We do not collect VAT on FusionAuth purchases. If VAT applies to you, this is something you will need to ensure is handled correctly to comply with your local tax laws.

Can you change the company name on our invoice?

Yes. Please open a support ticket with your preferred organization name and we'll change it.

However, we cannot modify any previously issued invoices.

Can you change the email address to which our invoice is sent?

Yes. Please open a support ticket with your preferred email address or email addresses and we'll update where the invoice is delivered.

What kind of SLAs are available?

Service level agreements (SLAs) document the availability of your FusionAuth instance. For full details, please review the license, including Exhibit C, which specifies how credits are applied. In particular, unexpected downtime counts against the SLA, but scheduled maintenance does not.

The applicable SLA depends on how you run FusionAuth.

• For FusionAuth HA Cloud with full database replication enabled and an Enterprise support contract, the SLA is 99.9%. FusionAuth also offers a 99.99% SLA for an additional fee; contact sales@fusionauth.io for more details.
• For FusionAuth HA Cloud with full database replication enabled, the SLA is 99.5%.
• For any other FusionAuth Cloud instance, there is no SLA available.
• If you self-host FusionAuth, no FusionAuth provided SLA is available. Please consult with your operations team to determine the appropriate service level agreement.

If you have further questions about SLAs, contact our sales team. They can be reached at sales@fusionauth.io.

Do you offer non-profit discounts?

Yes, in certain circumstances, we offer discounts to non-profits or educational institutions. You should contact our sales team to discuss this option further. They can be reached at sales@fusionauth.io.

Why isn't FusionAuth open source?

The simple answer is that there are pros and cons to making our intellectual property open source. At this point we have chosen a closed source model for the core product but open source many components as well. All of the docs, website, client libraries, jwt library, mvc, and domains are open source.

We continually discuss this strategy internally and evaluate what is best for the longevity and quality of the product. From our perspective there is a misconception that open source equates to longevity. While it is true that anyone could fork and maintain FusionAuth if it was open source, many open source projects die because there is no maintainer. It is also possible that a company such as IBM - that now owns KeyCloak/RedHat could choose to no longer support KeyCloak, or change the source code licensing model. In other words, the licensing model does not necessarily mean it will be supported or properly maintained.

We understand this is a sensitive topic for many and we do certainly see positive aspects of making the entire platform open source. However, there are no current plans to modify our licensing model.