Sell and license software — and any digital download — get paid in crypto straight to your own wallet, and issue verifiable license keys that your app checks offline. From a single static binary you fully own. No platform, no KYC, no custodian, no cut.
Quickstart · Features · Supported coins · Licensing · Docs · Status
neverpay is the smallest, most self-contained way to put digital goods behind a crypto paywall and license them. You run it; you own the whole thing — your files, your keys, your funds, your customers. Think a crypto-native, self-hosted Gumroad/Lemon Squeezy that also does keygen.
buyer picks a coin → unique address + live status → payment confirms
→ secure download unlocked + Ed25519 license key issued
→ funds settle directly to your wallet · webhook fires to your backend
 Storefront |
 Pick a license plan |
 Download + license key |
Default theme — buyers see your store name, logo, and accent color.
See the full guided demo → — every screen of the buyer and seller journeys.
| Hosted platforms | neverpay | |
|---|---|---|
| Fees | 5–30% | 0% — you pay only network + hosting |
| Identity | KYC to sell, account to buy | No KYC to sell, no account to buy |
| Custody | Platform holds your funds | Settles to your own wallet (watch-only xpub) |
| Control | Can deplatform / freeze you | Runs on your box |
| Licensing | A separate tool/service | Built-in, offline-verifiable keygen |
| Deploy | — | One binary, or one docker compose up |
Compared to other self-hosted processors (BTCPay, etc.): neverpay is far lighter (no per-chain full node), bundles licensing + download delivery rather than payments alone, and is built to deploy in minutes.
- First-class licensing & keygen — Ed25519 signed tokens verifiable offline (no phone-home — ideal for native/C software and game tooling), plus a hosted verify / activate / deactivate API with device-HWID binding, seat limits, and revocation.
- License plans / periods — offer multiple durations per product (e.g. 1 month / 3 months / 1 year, or perpetual), each its own price; the buyer picks at checkout and the issued key's expiry follows.
- Verification SDKs — Go, JavaScript/TypeScript, Python, and C (libsodium); drop one in and gate your app.
- 7 coins across 4 chain families — ETH, USDC (Base), BTC, LTC, USDT (Tron), XRP, XLM. Add more behind one provider interface.
- Non-custodial — you supply watch-only xpubs / receiving accounts; private keys never touch neverpay. No per-chain full node — light RPC/explorer reads.
- Secure delivery — gated downloads (local file or external URL), time-windowed, always the latest build.
- Signed webhooks — HMAC-SHA256
order.paid / fulfilled / expired / cancelledfor server-side access granting. - Embeddable checkout — one
<script>drops a buy button + modal checkout onto any existing site; fires aneverpay:successevent. - Polished checkout UX — live payment status, QR, 15-min quote lock, under/overpayment handling, optional email receipt.
- Guided setup that generates your wallet — a Charm-style TUI mints a watch-only store wallet (or takes your own xpub), writes config, and can set up systemd / a reverse proxy / a Tor
.onion. - Privacy-first — no telemetry, no third-party browser calls, minimal buyer data.
Prebuilt binary — grab the archive for your OS/arch from the latest release (linux/macOS/windows · amd64/arm64), verify it, and run:
tar xzf neverpay_*_linux_amd64.tar.gz # or unzip the windows .zip
sha256sum -c checksums.txt --ignore-missing
./neverpay setup # guided config wizard → writes ./data/neverpay.env
./neverpay # serves on http://localhost:8080Docker (multi-arch image on GHCR)
docker compose run --rm -it neverpay setup # guided config wizard
docker compose up -d
# or pull directly:
docker run -v neverpay-data:/data -p 8080:8080 ghcr.io/neverdecel/neverpay:latestFrom source (Go 1.26+)
make setup # guided config wizard → writes ./data/neverpay.env
make run # build + run on http://localhost:8080Then open /admin/login, add a product, and share /p/<slug>/checkout — or drop
the embed snippet behind a buy button on your existing site. Full walkthrough in
USAGE.md.
Every order gets a unique pay-to address — no destination tags or memos for the buyer to forget.
| Asset | Chain | Unique address per order |
|---|---|---|
| ETH | Ethereum | HD-derived address (from your xpub) |
| USDC | Base | HD-derived address (ERC-20) |
| BTC | Bitcoin | HD-derived address (legacy/segwit auto-detected) |
| LTC | Litecoin | HD-derived address |
| USDT | Tron | HD-derived address (TRC-20) |
| XRP | XRP Ledger | unique X-address (tag embedded in one address) |
| XLM | Stellar | unique muxed M-address (id embedded in one address) |
ETH/USDC/BTC/LTC/USDT derive a genuinely distinct on-chain address each time. XRP/XLM charge a locked reserve per real account, so each order instead gets a unique address string (X-address / muxed account) that routes to your one account — the canonical equivalent, with no separate tag/memo. All seven are verified end-to-end against live testnets — see TESTING.md.
Each sale can mint a compact signed token:
NVPAY1.<base64url payload>.<base64url ed25519 signature>
Embed the store's public key (GET /api/v1/pubkey) inside your software and
verify offline — a patched-out network check is trivial to bypass, but an
embedded signature check is not. For seats/revocation, call the hosted API:
GET /api/v1/verify?key=…
POST /api/v1/activate {key, hwid}
POST /api/v1/deactivate {key, hwid}
GET /api/v1/pubkey
Drop-in SDKs for Go, JS/TS, Python, and C live in sdk/.
New to this? The 5-minute tutorial walks the whole path — checkout → payment → key → offline verify → webhook grant — with runnable examples/ (a Go CLI + a webhook receiver).
We use the word honestly. The launch coins are transparent, pseudonymous chains — payments are publicly visible and can be chain-analyzed. neverpay's privacy guarantee is operational: no KYC, no buyer accounts, no data collection, non-custodial settlement, and optional Tor hosting. True on-chain payment privacy (Monero) is a planned option, not a current claim.
neverpay is deliberately narrow. It does not host your store, take a cut, or sit between you and your customers — there is no hosted/cloud version, you run the binary. It is not a merchant of record and does not handle tax, card payments, refund/chargeback automation, buyer accounts, KYC/AML, or content moderation. You remain responsible for law, tax, and what you sell.
See NON-GOALS.md for the full list and the reasoning, and docs/comparisons.md for how this compares to Gumroad, Lemon Squeezy, BTCPay Server, and Keygen.
Beta — pre-1.0. neverpay is feature-complete for its v1 scope and has a full offline test suite plus end-to-end validation of all seven chains against public testnets. It has not yet been battle-tested on mainnet with real funds at scale, and has not had an independent third-party audit.
If you deploy it: serve it behind HTTPS or a .onion, read
SECURITY.md, start with small amounts, and review the code
for your own threat model. It is provided as-is under the MIT license, with no
warranty. Issues and contributions welcome.
| Doc | What's in it |
|---|---|
| demo/ | Guided screenshot walkthrough of the buyer and seller journeys; reproduce it locally with go run ./cmd/seeddemo |
| USAGE.md | Zero-to-selling walkthrough: setup wizard, wallets per coin, products, embed, webhooks |
| DEPLOY.md | Deployment, full env reference, Tor/.onion hosting, backups |
| sdk/ | License-verification SDKs + NVPAY1 token / /api/v1 reference |
| examples/ · tutorial | Runnable "sell a licensed Go CLI" demo: offline key verification + webhook receiver |
| SECURITY.md | Threat model, controls, operator responsibilities |
| TESTING.md | Unit/e2e suite + live testnet validation |
| NON-GOALS.md · comparisons | What neverpay deliberately doesn't do, and how it compares to Gumroad / Lemon Squeezy / BTCPay / Keygen |
| CONTRIBUTING.md | Dev setup, project layout, guidelines |
| VISION · MISSION · PROJECT · JOURNEY | The why, scope, architecture, and end-to-end UX |
MIT © Neverdecel