On this page

Free vs. Pro Tiers

Necron Vault Manager offers two tiers: Free and Pro. Both tiers use the same encryption algorithms and vault architecture — the difference is in key storage, capacity limits, and the security posture of your key material.

Feature Comparison

Feature Free Pro
Price $0 (30-day trial) $3.99/month or $39.90/year
Trial period 30 days from first launch No limit
Number of vaults Unlimited Unlimited
Storage capacity Unlimited Unlimited
Key storage Software key (on computer) Hardware USB dongle
Cloud mirroring
Self-healing vault
Per-file encryption
2FA vault lock (PIN + TOTP)
Vault integrity check
Hardware dongle key
Backup dongle support ✓ (up to 5)
Key physically separated from data

Key Storage: The Core Difference

The fundamental difference between Free and Pro is where your encryption key lives.

Free Tier — Software Key

On the Free tier, your key material is stored as an encrypted file on your computer:

  • Location: Your user profile directory
  • Protection: The key file is encrypted at rest and bound to your Windows user profile. Only your user account can access it.
  • Pad size: 20 MiB of random key material

This means your key is secure against casual file theft (the key file is encrypted), but it is tied to your specific computer and user account. If your computer is compromised by malware with access to your user session, the key could theoretically be extracted.

Warning

If you reinstall Windows, delete your user profile, or experience a catastrophic disk failure, the encryption binding is lost and your software key becomes inaccessible. Always keep decrypted backups of critical files when using the Free tier.

Pro Tier — Hardware Dongle

On the Pro tier, your key material lives on a physical USB drive that you control:

  • Location: Removable USB drive root (e.g., E:\NECRON01.dat)
  • Protection: The key exists only on the USB device. It never resides on your computer's hard drive.
  • Pad size: Same random key material, stored directly on the dongle
  • Backup: Up to 5 backup dongles with identical key material

The dongle acts as a physical key — without it plugged in, no encryption or decryption is possible. This provides air-gapped key security: your encryption keys are physically separated from your data at rest.

Tip

The security advantage of a hardware dongle is significant. Even if your entire computer is compromised (malware, theft, forensic seizure), your encrypted files remain protected as long as the dongle is not present. This is the same principle used by hardware security modules (HSMs) in enterprise environments.

When to Choose Free

The Free tier is ideal for:

  • Evaluating Necron Vault Manager before committing
  • Casual encryption of non-critical files
  • Learning how vault-based encryption works
  • Testing multi-location setups and cloud mirroring

The Free tier includes a 30-day trial period from your first launch. During the trial, all encryption features work identically to Pro (minus hardware key separation). After the trial expires, you'll need to upgrade to Pro to continue using the app.

When to Choose Pro

The Pro tier is recommended for:

  • Sensitive personal data — tax records, medical documents, legal files
  • Business data — client files, financial records, intellectual property
  • Long-term archival — data you need to protect for years
  • Compliance scenarios — where demonstrating physical key separation matters
  • Anyone who wants backup dongles — insurance against key loss

Upgrading from Free to Pro

You can upgrade at any time without losing your encrypted data. The upgrade process:

  1. Start the upgrade from the website account page or click "Upgrade to Pro" in the desktop app
  2. Complete payment through the Paddle checkout overlay
  3. Relaunch the app — you'll be prompted to insert a USB drive
  4. Run the provisioning wizard — this copies your existing software key material onto the USB dongle
  5. Your vaults continue working — the same key identity is used, so all existing encrypted files remain accessible

Note

After upgrading, the software key on your computer is no longer used. All encryption operations go through the hardware dongle. You can create backup dongles for redundancy.

What Happens to Your Data During Upgrade?

Nothing changes about your encrypted files. The key material (random bytes) is identical — it's simply moved from a software file to a physical USB drive. Your vaults, file headers, and encryption state are all preserved.

Before Upgrade After Upgrade
Key on computer Key on USB dongle
Encrypted and profile-bound Physically separated
Cannot make backup keys Up to 5 backup dongles
Same encryption strength Same encryption strength

Downgrading from Pro to Free

If you cancel your Pro subscription, the behavior depends on your subscription status:

  • While subscription is active: Full Pro functionality continues until the end of the billing period
  • After subscription expires: At next app launch, the dongle check will show "subscription expired" with options to renew or continue in Free tier
  • Continuing in Free tier: You can still decrypt files using the dongle for the current session, but new vaults will use software key mode

Warning

If you downgrade and lose access to your dongle, any files encrypted with dongle key material require the dongle to decrypt. Keep your dongle safe even after downgrading.

Security Model Comparison

Threat Free Tier Pro Tier
Remote attacker (no local access) ✓ Protected ✓ Protected
Local attacker with file-system access ⚠ Key file is encrypted and profile-bound ✓ Key not on disk
Attacker with active user session ⚠ Key protection can be bypassed by processes in your session ✓ Key only on dongle
Computer theft (powered off) ✓ Protected (requires user login) ✓ Key not on disk
Computer theft (logged in, dongle removed) ⚠ Key may be in memory ✓ Key on dongle, not present
Dongle theft (no computer access) N/A ✓ Attacker has no data
Both computer + dongle theft ⚠ Data at risk ⚠ Data at risk

Further Reading