The 512-Bit Anonymous License
VuAppStore licenses are anonymous by construction. Your device generates a random 512-bit license seed, blinds it with a one-time random factor, sends the blinded value plus a cryptocurrency payment proof to our signing endpoint, and unblinds the resulting signature locally. We learn that a license was issued. We do not learn what was inside it, and we do not learn who issued the request.
The interactive walkthrough lives at /how-licensing-works. The page you are reading is the canonical reference for the licensing terms and pricing.
The pricing rule
Prices are not chosen by feel. They are chosen by arithmetic: $0.01 per bit.
| Tier | What you get | Bits | Price |
|---|---|---|---|
| Single app | One VU app, perpetual license | 256 | $2.56 |
| 10-App Pack | Any ten apps, perpetual licenses | 2,560 | $25.60 |
| VU Suite | Every app today plus every app we ever ship | 25,600 | $256 |
$2.56 is exactly correct. $4.99 is dishonest. We do not run promotions that pretend a price has changed.
Why "512-bit"?
The license token itself is a 512-bit random value, generated by your device with crypto.getRandomValues. The number is not the price; the price is set by the
amount of encryption you actually receive in the app you bought (256 bits per app,
multiplied by ten or one hundred for the bundle tiers). The 512-bit token is what makes
the license itself unguessable; the per-app encryption is what makes your data private.
Both numbers happen to be powers of two for the same engineering reason.
The math, in one paragraph
Let L be the 512-bit license seed your device generated. Let (e, n) be our public RSA modulus and exponent. Your device picks a random r, computes L_blind = L · r^e mod n, and sends L_blind to our endpoint along with a Monero (or other supported chain)
transaction ID. We verify the payment, sign the blinded value with our private exponent d, and return S_blind = L_blind^d mod n. Your device computes S = S_blind · r^(-1) mod n, which is a valid signature on the original L. Anyone holding the public key can later verify this signature offline.
The endpoint never sees L, never sees r, and cannot link the
signed license to the payment. The relevant code lives in src/routes/api/license/sign/+server.ts and src/routes/api/payment/address/+server.ts.
Accepted payment methods
In order of privacy:
- Monero (XMR). Strongest privacy: ring signatures, stealth addresses, confidential amounts.
- Lightning (BTC). Channel-private, near-instant settlement.
- Bitcoin (BTC). Pseudonymous, public ledger.
- Ethereum and major stablecoins. Pseudonymous, public ledger.
We do not accept credit cards, bank transfers, PayPal, or any payment method that would require us to know who you are.
What the license grants
- Perpetual right to install and use the licensed app on any device you own. There is no per-device count and no DRM check that ever phones home.
- Free updates for the lifetime of the licensed app. If we ever stop publishing updates, the license remains valid for the version you installed.
- Free price-lock. If we raise prices later, your existing license is never re-priced.
- No transferability restrictions you would not expect. You may keep a backup of your license token and restore it on a new device.
Refunds and revocation
Refunds are processed by burning the original license token and issuing a new one to the payment address you specify. Because we cannot link a license to a person, we cannot reverse a payment without your cooperation. The full refund window is documented at /legal/refund.
We do not have a unilateral revocation mechanism for issued licenses. We could refuse to sign new ones in extreme abuse cases, but we cannot retroactively invalidate a signature that has already been given to you.
Honest tradeoffs
- If you lose your license token and you did not back it up, we cannot reissue it without re-running the payment flow.
- Because the chain of custody between payment and license is intentionally broken, support cases that depend on us correlating the two are not possible. Keep your token.
- The signing endpoint is a centralized component. If our private key were compromised, attackers could mint licenses. The key is rotated on a documented schedule, and old keys remain valid only for verification of pre-rotation tokens.
Further reading
- /how-licensing-works — interactive walkthrough.
- /privacy — what the storefront and the endpoints can see.
- /threat-model — where the licensing system can fail.
- /no-recovery — what we cannot help with after the fact.