License
A plain-language summary of the Caisson Commercial License — one perpetual license across every edition and module.
Summary only — the EULA is the binding document
This page is a plain-language summary of the Caisson Commercial License. It is informational and is not a substitute for the full Commercial License Agreement (“EULA”), which is the binding document and is provided at purchase. Where this summary and the EULA differ, the EULA governs.
The licensing model
Caisson is a fully commercial developer library. Every module — including the Local-first AI edition — ships under a single proprietary Commercial License (LicenseRef-Caisson-Commercial). There is no AGPL, free, or permissive tier.
The model is the commercial kit pattern: you purchase, you build, you ship your own products without per-seat or per-project fees — but you do not redistribute or resell the kit itself.
What you may do
Under the Caisson Commercial License, purchasing an entitlement grants you a perpetual, non-exclusive, worldwide license to use, modify, and integrate the source code in your own products and services, subject to the restrictions below.
You may
- Use the source code in unlimited commercial projects and products you build and operate yourself.
- Modify the source code to fit your product's requirements.
- Deploy the code on your own infrastructure or cloud accounts.
- Include compiled or bundled output from the code in your products (subject to the no-redistribution restriction — your product ships, the kit source does not ship as a kit).
- Transfer the license to another entity that acquires your business or the product in which the code is embedded (contact us for transfer terms).
You may not
- Redistribute, resell, or publish the source code as a standalone kit, boilerplate, library, or template that competes with Caisson.
- Sub-license the kit to third parties as a kit — your customers may use your product, not the underlying Caisson source.
- Remove or obscure license notices, SPDX identifiers, or the attribution in the code.
- Use the code in a product whose primary purpose is to provide a competing compliance infrastructure kit, boilerplate service, or source-code library.
The full text of the Commercial License Agreement, which is the binding document, will be published at caisson.sh/legal/eula before the first sale. The LicenseRef-Caisson-Commercial SPDX identifier in each package's package.json resolves to that document.
How the license is delivered
Caisson uses an offline Ed25519 license key for entitlement verification. When you purchase:
- You receive an entitlement record and a signed Ed25519 offline license key covering the modules you purchased.
- Your entitlement grants access to the GitHub Packages private registry for entitled packages under the
@caissonscope. - The license key is verified at install time and optionally at runtime (for license-gated features). Verification is local — no call home is required for the perpetual license.
- A Compliance Updates subscription delivers new package versions with updated control mappings as regulations change. This is optional; the perpetual license does not expire.
Which license applies where
One license, the whole library. Every package under the @caisson scope — the base, every module, and all four editions — ships under the same commercial license.
LicenseRef-Caisson-Commercial — perpetual paid license, no redistribution of the kit.
Common questions
Can I use Caisson to build a SaaS product I sell to customers?
Yes. Building and operating your own commercial product — including a product you sell to paying customers — is the primary intended use. Your customers use your product; they do not receive the Caisson kit source.
Can I include Caisson in an open-source project I publish?
No. Open-sourcing the Caisson kit source (or a project that is substantially the kit) would make it freely redistributable, which the Commercial License prohibits. You can still build and ship your own product on Caisson — your customers use your product, not the kit source.
What happens when I modify the source?
Modifications you make are yours to use in your own products. The Commercial License terms still govern the underlying Caisson code in any derivative work — you cannot strip the license and redistribute.
Is the license perpetual?
Yes. The Commercial License is perpetual for the version you purchased. Compliance Updates is an optional subscription that delivers new versions with updated control mappings; it is not required to continue using the version you bought.
Does Caisson claim to be SOC 2 certified or HIPAA certified?
No. Caisson ships the technical controls that SOC 2, HIPAA, and other frameworks require — fail-closed RLS, WORM storage, an append-only audit chain, field encryption, and an evidence-pack generator. The audit itself, the organizational controls (HR, vendor management, incident response), and the certification decision remain yours. Your auditor certifies your organization; Caisson provides the code that makes the technical evidence.
Licensing questions
For licensing questions, volume pricing, transfer requests, or EULA negotiation:
GridWork Digital LLC
Atlanta, Georgia, USA
legal@gridwork.dev