Skip to content

License Protection

A modern security model that protects what you bought, without watching what you do with it.

what we know about you
ready to seal
$ inspect license + this computer
licensezt-9F·3A·2C·•••• ••••issuedMay 2, 2026 · 8:14 AMvalid for7 daysyour computermainboard processor drive system id → fingerprintunique to this computer · same after reboot
[+] license now belongs to this computer
[!] any other computer → blocked
your sealed license
looks like noise to anyone else
00B16213C47526D78839EA9B4CFDAE5F10C17223D48536E79849FAAB5C0DBE6F20D18233E49546F7A8590ABB6C1DCE7F30E19243F4A55607B8691ACB7C2DDE8F40F1A25304B56617C8792ADB8C3DEE9F5001B26314C57627D8893AEB9C4DFEAF6011C27324D58637E8994AFBAC5D0EBF7021D28334E59647F8A95A0BBC6D1ECF8031E29344F5A65708B96A1BCC7D2EDF
status: SEALEDopens on: this computer onlycan be shared: no
What we promise

The principles your license is built on

Plain-language commitments — without naming the moving parts that an attacker would benefit from knowing

One license, one machine

Each license attaches to the specific computer you install it on. Stolen license keys can't be used elsewhere.

Sealed end-to-end

Every request between your computer and our servers is wrapped in fresh encryption. Recorded traffic stays unreadable, today and in the future.

Encrypted on your disk

Your license file is encrypted with a key tied to your machine. Copy the file to another computer and it simply doesn't decrypt.

Tamper-aware binary

The application checks its own integrity at startup. A modified copy refuses to run rather than silently misbehave.

Server is the source of truth

Whether your license is valid is decided on our server. Cracked clients can't lie their way past it — they have nothing to lie with.

You can move machines

Switching computers? Re-bind in seconds from the app. Reasonable daily limits prevent abuse without getting in your way.

In practice

How it feels for you

What the protection layer means for everyday use

First install

Enter your license. The app binds it to your machine, persists it locally in encrypted form, and you're in. No accounts to remember.

Moving to a new computer

On the new machine, click "Use this license here". The old binding is released, the new one is set, and your work continues.

Sharing it with a friend

It won't work for them. Their machine looks different to our system, so the license refuses to bind there. Friends need their own license.

Lost or stolen license string

Someone copying your license key off your screen gets nothing usable — the key alone doesn't authenticate without the bound machine.

Live look

Every request, sealed fresh

A new key is born, used once, and discarded. Watch a single round trip.

your app · this request
live
[+]made a one-time key just for this request
[~]locked the message with it
[~]added a timestamp so it can't be reused later
[→]sent it to the server · 11 ms
[✓]checked the reply was really from us · ok
[~]unlocked the reply
[!]threw the one-time key away · gone forever
our server
online
[~]received the message
[~]made sure it wasn't changed in flight
[~]checked the timestamp is recent
[~]looked up your license · bound to this computer
[+]decision: allowed · 5d 22h remaining
[~]locked the reply and signed it
[→]sent it back
what an attacker tries
all blocked
REPLAYBLOCKED

Recorded a real request and replayed it later → too old, the one-time key is gone

TAMPERBLOCKED

Changed a byte in the message on the way → seal broken, server drops it

FAKE SERVERBLOCKED

Pretended to be our server → identity didn't match, app refuses to talk

STOLEN KEYBLOCKED

Copied the license string → wrong computer fingerprint, server says no

Lifetime of a key

Used once, then erased

The key that locks your request lives for milliseconds. Then it's gone.

the life of one key
never reused
Total lifetime
~11milliseconds
Faster than you can blink.
Then it's gone.
born
locks the message
sent
verifies the reply
erased
Never written to disk
Only lives in memory while the request is happening.
Never reused
Tomorrow's key is unrelated to today's.
Overwritten on the way out
Memory is set back to zero before being released.
Privacy guarantees

What our auth layer doesn't do

Limits we hold ourselves to so you don't have to take our word for it

what our auth layer collects about you
0 things
ZeroTrace Typical app
Browsing history
0%
95%
Keystrokes
0%
70%
Background telemetry
0%
88%
Crash dumps with PII
0%
60%
Third-party SDKs
0%
80%

No browsing history

Our auth layer never sees what you visit, search, or research.

Never

No keystroke or input logging

We don't record what you type into the app or anywhere else on your machine.

Never

No background telemetry

The app doesn't beacon home. It only talks to our servers when it needs to validate your license.

Never

No kernel drivers

Nothing we install runs at the kernel level. Your computer remains your own.

Never

No silent updates

We don't push code to your machine without your knowledge. Updates are explicit.

Never

No silent error reports

When something goes wrong with auth, we don't dump details that someone reading your logs could exploit.

Never
Built on the same ground as the people we admire

Modern security, by design

The kind of cryptography that protects your messaging app, applied to your license

layers of armor around your license
all four active
01
The network
Your app refuses to talk to anyone pretending to be us.
02
The message
Each request is locked with a one-time key. Recordings can't be replayed.
03
Your saved license
Stored encrypted with a key tied to this computer. Copying it doesn't help.
04
The app itself
Checks its own integrity at startup. A modified copy refuses to run.
Each layer works on its own. Even if one slips, the others still hold.

Modern primitives

Built on the same generation of cryptography behind Signal, WireGuard, and modern TLS. No legacy or home-rolled algorithms.

Fresh keys per request

Each call to our backend uses a one-time encryption key. Compromise of one session can't unlock any other.

Defense in depth

Server pinning, machine binding, encrypted storage, and integrity checks — independent layers, each one doing one job well.

Nothing baked into the binary

Our app doesn't ship with shared secret keys that get extracted on day one. Reverse-engineering the installer doesn't reveal anything reusable.

Honest about limits

What we don't claim

A security model only earns trust by being clear about its edges

We don't claim invincibility

No license system is unbreakable forever. Our goal is to make working around the system more expensive than just buying a license.

We don't run as malware

We won't fight a determined attacker with rootkits or anti-debug tricks that compromise your computer. Your machine is yours.

We don't trust the network

Even on a hostile WiFi network, our app won't talk to a fake server pretending to be us. The trust anchor lives in the binary, not in your DNS.

Designed for the long game

A license isn't just a key — it's a relationship between you, your machine, and our service. We protect that relationship with modern cryptography, then stay out of your way.

Command Palette

Search for a command to run...