Skip to content

Frequently Asked Questions

General

What is PyLocket?

PyLocket is a B2B platform that helps Python developers ship protected desktop applications with built-in licensing. It encrypts your Python bytecode at the function level, provides a native runtime for secure decryption, and includes a complete licensing infrastructure.

How is PyLocket different from PyArmor?

PyLocket provides function-level encryption (not obfuscation), a hardened native runtime with multiple anti-reverse-engineering layers, built-in licensing and delivery infrastructure, and a developer portal for managing apps and licenses. PyLocket is an all-in-one platform — you do not need to build your own licensing or distribution system.

Does PyLocket modify my source code?

No. PyLocket operates on compiled bytecode (.pyc) inside your packaged application. Your source code files are never modified. Only the function bodies in the packaged bytecode are replaced with stubs that call the native runtime.

What packaging tools are supported?

PyInstaller (onefile and onedir), cx_Freeze, BeeWare Briefcase, Python wheels, and generic ZIP/tar archives. See Supported Platforms for the full matrix.

What Python versions are supported?

Python 3.9, 3.10, 3.11, 3.12, and 3.13.

What operating systems are supported?

Windows (x64), Linux (x64, ARM64), and macOS (Intel x64, Apple Silicon ARM64).

How do I publish my app for multiple operating systems?

Build your app separately for each target OS (e.g., using PyInstaller on each platform or a CI/CD matrix build), then upload each platform's artifact as a separate build under the same app. One license key works across all platforms — each OS activation counts as a separate device toward the device limit. The delivery page automatically shows download buttons for each available platform. See the Multi-OS Publishing Tutorial for a complete walkthrough.

Protection

What exactly gets encrypted?

Every Python function body, method body, class body, and module-level code block in your application. Non-Python files (images, configs, data files, C extensions) are not encrypted by PyLocket.

Can someone still decompile my application?

A decompiler will see the stub functions (which call the native runtime), not your original code. The original bytecode is encrypted and stored in the protection manifest. Without a valid license key, the bytecode cannot be decrypted.

Is my code ever sent to PyLocket in plaintext?

Your application artifact is uploaded over TLS and stored encrypted at rest. During protection, the worker processes your code in an isolated environment. After protection, only the encrypted output is retained.

Does PyLocket protect C extensions?

No. C extensions (.pyd, .so files compiled from C/Cython) are not modified by PyLocket. Only Python bytecode is encrypted. If you need to protect C code, use a separate tool.

Can I protect a library (not an application)?

Yes. Protect a Python wheel (.whl) and distribute the protected wheel to your customers. They install it with pip and it validates the license on import.

What level of protection does PyLocket provide?

Every build receives maximum protection automatically, including military-grade encryption, anti-reverse-engineering countermeasures, memory protection, and binary hardening. No configuration is needed.

Licensing

How do license keys work?

License keys follow the format XXXX-XXXX-XXXX-XXXX (16 alphanumeric characters). Each key is globally unique and works on any platform for the same app.

How does device activation work?

When the end-user runs your app and enters their license key, the app generates a unique device identifier, and sends it (as a one-way hash) to PyLocket's API. If the license is valid and the device limit is not exceeded, PyLocket returns a signed runtime token that enables decryption.

Does the app need to be online to run?

Only for the first activation. After that, the app works offline for up to 72 hours (configurable). The runtime attempts to refresh the token in the background when online.

What happens if my customer gets a new computer?

Their new computer produces a different device identifier, consuming a new activation slot. If all slots are used, you can reset their activations via the CLI (pylocket licenses reset-devices) or the Developer Portal.

Can I set licenses to expire?

Yes. Use --expires when creating a license to set an expiration date. After that date, the license status changes to EXPIRED and activation fails.

Can I revoke a license?

Yes. Use pylocket licenses revoke --license <KEY>. The revocation takes effect immediately for new activations and within 24 hours for already-activated devices.

Does PyLocket handle end-user payments?

No. PyLocket never processes end-user payments. You handle payments through your own storefront (Stripe, Gumroad, Paddle, etc.) and redirect buyers to PyLocket's delivery page for license key and download.

Billing

How much does PyLocket cost?

  • Free tier: 10 build downloads per app (no credit card required)
  • Base fee: $9/year per app (after free tier)
  • License fee: $4 per end-user license created
  • Storage fee: Proportional to artifact size (~$0.02/year for a 50 MB app)

See Billing & Pricing for details.

Is there a free tier?

Yes. Every app gets 10 free build downloads with no credit card required. You can create up to 10 licenses per app on the free tier. Free-tier licenses expire after 60 days. This is enough to test the full protection and distribution workflow before upgrading to a paid plan.

When do charges start?

After the 10th build download for an app. Until then, everything is free.

How is the license fee charged?

Via Stripe metered billing. Each license creation records a usage event. At the end of the billing cycle, you are invoiced for all license events.

What if I cancel my subscription?

When you cancel your yearly subscription, it remains active until the end of the current billing period. After that, a 60-day grace period begins during which your customers' existing licenses continue to work normally. After the grace period expires, all end-user licenses become invalid and activation will fail. You cannot create new protected builds or issue new licenses after cancellation. If you resubscribe before the grace period ends, all licenses are restored automatically.

Can I get a refund?

Contact support@pylocket.com within 30 days of a charge for refund eligibility.

Technical

What happens if PyLocket's servers go down?

  • Already-activated applications continue to work offline for the configured grace period (default: 72 hours)
  • New activations will fail until the servers are back
  • Build downloads use a CDN with independent availability

What if PyLocket goes out of business?

Already-distributed, activated applications continue to function until their tokens expire. We recommend maintaining your own backup distribution channel. Contact support for business continuity options.

Can I self-host PyLocket?

The infrastructure is built on AWS CDK and can be deployed to your own AWS account. Contact sales@pylocket.com for self-hosted licensing.

Does PyLocket work in Docker containers?

Yes. Device fingerprinting works in containers, though the fingerprint may change if the container is recreated with different hardware characteristics. For containerized deployments, consider using longer offline grace periods.

Does protection work with virtual environments?

Yes. Virtual environments are a Python-level concept and do not affect PyLocket's runtime protection, which operates at the bytecode level.

Is there a size limit for artifacts?

The default upload limit is 500 MB. For larger artifacts, contact support.

How long does protection take?

Typical protection times:

Artifact Size Approximate Time
< 10 MB 30-60 seconds
10-50 MB 1-3 minutes
50-200 MB 3-10 minutes
> 200 MB 10+ minutes

Times depend on the number of Python functions and the current queue load.

What is the performance impact?

PyLocket adds minimal runtime overhead. I/O-bound applications see negligible impact. CPU-bound applications see a small, single-digit percentage overhead. See Performance for details and optimization tips.

Troubleshooting

My protected app won't start

  1. Verify all three files are present: executable, _pylocket_rt, .pylocket_manifest
  2. Check that --python matches the build environment
  3. See Error Messages for specific errors

Build failed with INVALID_BYTECODE

The --python version does not match the Python used to build the artifact. Rebuild the artifact with the correct Python version or adjust the --python flag.

HTTP 402 Payment Required

You have exceeded the free tier (10 downloads per app). Add a payment method in the Developer Portal → Billing.

Activation fails for my customer

  1. Verify the license key is correct (copy-paste to avoid typos)
  2. Check the license status in the Developer Portal (should be ACTIVE)
  3. Check the device limit — the customer may have used all slots
  4. Ensure the customer has an internet connection

Build is stuck in QUEUED

Wait 5-10 minutes — the queue may be under load. If stuck for more than 15 minutes, check the PyLocket status page or contact support.

Still Have Questions?

  • Check the Error Messages reference
  • Email support@pylocket.com with your App ID and a description of the issue
  • For sales inquiries, contact sales@pylocket.com