The fusionauth-search bundle is vanilla ElasticSearch, and is covered by the version appropriate ElasticSearch license.

All other code such as client libraries and example applications are covered under their own licenses, which are usually Apache 2.0. Refer to each project for the correct license.

Do I have to pay you to use FusionAuth?

If you use the community edition, you typically won’t have to pay us. However, there are some scenarios where you need to have an agreement with us.

What are scenarios where I don't have to pay you?

• Using FusionAuth internally.
• Using FusionAuth for your web or mobile application.

What are scenarios where I do have to pay you?

• If you buy a licensed edition to get access to our premium features.
• If you host with us, you have to pay us for the hosting.
• If you buy a support or professional services contract.
• If you redistribute FusionAuth as part of your application (this is generally referred to as embedding or distributing).
• If you resell, distribute, or provide FusionAuth hosting for your customers.

I am reselling FusionAuth to my customers. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

I sell downloadable software that contains FusionAuth. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

I provide private cloud hosting for FusionAuth for each of my customers. What type of license do I need?

You will need a reseller license for FusionAuth in order to resell it to your customers. This license is usually charged per customer rather than per monthly active user. You should contact our sales team to discuss licensing options. They can be reached at sales@fusionauth.io.

What about the GDPR? Do you have a standard data processing addendum (DPA)?

We have a standard DPA (Data Processing Addendum) we can provide. However, we only execute DPAs with Enterprise Edition customers with a contract in place. You should contact our sales team to discuss DPA options. They can be reached at sales@fusionauth.io.

Besides a DPA, you can always reference our license and privacy policies in your documentation. Here are the URLs for those documents:

• https://fusionauth.io/license/
• https://fusionauth.io/privacy-policy/
• https://fusionauth.io/product-privacy-policy/

My organization requires vendors, such as FusionAuth, to use our license agreements, is that possible?

Custom contracts and legal reviews require various contract minimums. These include the fees and contract length. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.

If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:

• https://fusionauth.io/license/
• https://fusionauth.io/privacy-policy/
• https://fusionauth.io/product-privacy-policy/

My organization requires vendors, such as FusionAuth, to undergo security audits and vendor on-boarding, is that possible?

We know that companies often require in-depth on-boarding processes, including security audits. We are happy to work with you to complete these tasks, but we require contract minimums in order to do so. In most cases, we require a minimum of a 24-month agreement and fees of $15,000/month. We are happy to discuss your specific needs and figure out what will work in your budget. Feel free to contact our team at sales@fusionauth.io.

If you prefer to use our standard pricing, we encourage you to purchase on our website and review our license agreement and privacy policies here:

• https://fusionauth.io/license/
• https://fusionauth.io/privacy-policy/
• https://fusionauth.io/product-privacy-policy/

Who owns my data in FusionAuth?

You do. You grant us a license to use this data solely for the purpose of fulfilling our obligations to you.

Can I migrate my data off of FusionAuth?

Of course. If you self host, you can use the APIs or access the underlying database. If you host with us, we can provide you with a database dump; please open a support ticket with this request.

Do you keep my information I share with you confidential?

Yes.

What if FusionAuth breaks my stuff?

In general, we guarantee that this software will work as outlined in the documentation.

If you have a support contract, please file a ticket and we’ll get it fixed. If you have found a bug, please open a GitHub issue.

Can I modify the FusionAuth software?

Nope. If you have a feature you'd like added, please let us know. The best way to do that is to file a support ticket if you have a support contract. Otherwise, please open a GitHub issue detailing the feature request.

If you change anything within FusionAuth, we won't guarantee it will continue to work as expected, or at all.

Can I decompile the source code?

Nope. The source code for the fusionauth-app bundle and all closed source libraries owned by FusionAuth cannot be decompiled or reverse engineered. This prevents companies from forking FusionAuth and creating their own solution to sell to their customers (i.e. like Amazon has done with ElasticSearch).

What about code or docs released as open source? Can I modify those?

Yes.

We release example apps, supporting libraries and documentation under the Apache2 license, and those are modifiable as specified by that license.

This FAQ only applies to the code distributed under the FusionAuth license.

I have a paid license for a premium edition. Do I need a license key for my development/QA/UAT servers to access the premium features?

If you log in to your account portal, you will see both a "Production license id" and a "Non-production license id" under the "Edition" section.

Use the latter for your non production environments.

How can we obtain FusionAuth source code should the business cease?

We plan to be around for a long long time! But we understand your concerns.

We are happy to add contract provisions for source code release if FusionAuth dissolves.

This requires purchase of an Enterprise edition with a custom contract. You should contact our sales team to discuss options. They can be reached at sales@fusionauth.io.

Can our company be excluded from your customer list and other promotional materials?

Yes. We love to promote our customers, but understand that sometimes you may be in stealth mode or otherwise averse to publicity.

Let us know this by filing a support ticket stating you wish to remain anonymous.

If we publish something and you need it to be removed, please contact us and we'll resolve the issue.

Do I need a reseller's agreement?

We're more than happy to chat about this topic, but the rule of thumb is: if you have more than one production instance of FusionAuth and are charging money to access it, you are reselling and need a reseller's license.

A few examples of reselling:

• Managed applications, each running in a customer's data centers with FusionAuth as the auth system.
• An application running in a private cloud, with one instance of the application and FusionAuth per customer.

If you have one production instance and you are charging your users, you are not reselling FusionAuth. If you have multiple production instances but are not charging users for application access, you are not reselling either.

A few examples of what is not reselling:

• A SaaS application where users may create their own tenants in FusionAuth. Even if these customers then have customers of their own who are logging in using FusionAuth and are charging money, this is not reselling.
• A consulting company who buys FusionAuth on behalf of customers and builds their custom applications on top of it. (Contact us if this is your situation, in certain situations we offer commissions if the customer purchases FusionAuth based on a recommendation.)

If you have more questions about reselling, please feel free to contact us.

How often is billing done?

We can bill month-to-month or annually, your choice. You may also sign a multi-year agreement if you'd like. Such an agreement typically requires a contract and wire transfer. Please contact us for more details about this option.

Month to month billing occurs on actual MAUs of the preceding month. If you have 10,000 MAUs one month, 30,000 the next and then 10,000 the third, you'd be billed for the MAU count for each month (10,000, then 30,000, then 10,000).

If you'd like to be billed annually because you want a fixed monthly payment, we'll bill you on your estimated average MAUs. At the end of the year, we will settle up any differences from the estimate.

How are monthly active users calculated?

Monthly active users (MAUs) are calculated and reported nightly. An MAU is someone that uses your application in some fashion during the course of a calendar month. This could be a user registering, logging in, or opening your app. MAUs don't include failed logins.

For example, if a user logs in 1,000 times during a month, they count as 1 MAU.

Here's a more technical description of an 'active' user.

I need to run my servers airgapped. How does licensing work in this scenario?

Since version 1.26, FusionAuth supports airgapped licensed deployments. You can install your license text in the administrative user interface or via the API. FusionAuth's advanced features will work without any internet access.

One limitation is the breached password feature. This relies on network access in order to retrieve the database, and so cannot be fully functional in an airgapped environment.