Escrow for software suppliers
Turn continuity into a selling point and offer your customers assurance
Business customers increasingly ask for an escrow arrangement before they sign; those who have it in order strengthen trust and close the deal faster. This applies to software developers, but also to resellers and distributors. Softcrow takes care of the agreement and the technical infrastructure, you deliver periodically and we arrange the rest.
What do you gain?
- Strengthens your customers’ trust and lowers the threshold to sign
- You show your customers that you take their continuity seriously
- A demonstrable part of IT risk management for your customers: DORA, NIS2, ISO 22301 and more
- Delivery costs you hardly any time: fully automatable in your pipeline
- The cost allocation can become part of your service package
Key features of our escrow schemes
- Sovereign, free from the CLOUD and USA PATRIOT Act: 100% EU-hosted in EU data centres
- Zero-knowledge storage: Softcrow has no access to the contents (E2EE)
- Legally watertight: the deposit does not form part of the bankruptcy estate
- On bankruptcy a deposit is directly available to the rightful party
- No vendor lock-in on release: unpack with standard software, no dependence on Softcrow
- Part of IT risk management: relevant for compliance frameworks such as DORA, NIS2 and ISO 22301
- Softcrow’s own continuity is safeguarded, even if Softcrow itself falls away
Which service fits your situation?
| Software Escrow | SaaS Escrow | CloudSecure | |
|---|---|---|---|
| What is safeguarded? | Source code | Source code + SaaS infrastructure description + customer data | Full cloud service |
| Continuity on release | Access to source code for maintenance and development | Access to source code, SaaS infrastructure description and customer data | Service keeps running |
How does it work in practice?
For you as a supplier, in practice it looks like this:
- Agreement: Softcrow draws up the escrow agreement between you, your customer and Softcrow
- Setup: you use the web uploader (no installation needed) or you install our CLI
- Key generation: you generate a quantum-safe encryption key
- Key sharing: you share the encryption key with the beneficiary outside Softcrow
- Delivery: at every relevant release you deliver a deposit, manually or automated, append-only
- Storage: Softcrow stores the deposit zero-knowledge in multiple EU data centres
- Dashboard: based on metadata, everyone involved gets insight through the Softcrow Dashboard
- Release: if the release conditions are met, Softcrow makes the deposit available to the beneficiary
- Continuity promise: with the key in their possession, the beneficiary can open the deposit and carry on
Zero-knowledge: what does that mean for you?
You encrypt your back-ups end-to-end before they go to an external location. So why would you place your source code in readable form with an escrow agent? What is inside that deposit is of the utmost importance to your company. No one should be able to access it independently, not even your escrow agent. You do not rule out such a risk with a promise, but by anchoring it in the storage architecture.
Softcrow is a zero-knowledge escrow agent, a Trusted Third Party. Your source code is your IP, crucial to your company. Softcrow has nothing to do with it and cannot access it either. We never receive the encryption key and have no access to the contents of the deposit. We store only encrypted deposits. You manage the encryption key yourself and share it solely with your customer, outside Softcrow. This creates a watertight triangle: only on release does the beneficiary gain access to the deposit and the promised continuity is met.
That is why we deliberately do not synchronise directly with git repositories: a direct link would bring the source code in readable form to Softcrow, and that is exactly what we want to prevent. At Softcrow you are free to link up yourself, because you keep that in your own hands. You gather your code, encrypt it locally and deliver the encrypted deposit. This can be done manually via the web uploader or fully automated via our command line interface (CLI). For common situations we have ready-made scripts available that you can take as a basis and then tailor to your situation. Pipelines are supported too.
More about zero-knowledge storage → View the deposit options →
Transparent cost structure
Softcrow uses clear, fixed rates: a one-off start-up cost and an annual fee per rightful party in the agreement. A verification audit is an option that brings additional costs. By default, in most cases there is more than enough storage space and data traffic included. Need more? No problem: we then charge the extra usage afterwards. All rates are fully transparent.
How the costs are divided across the parties involved in the agreement is something you determine in consultation with Softcrow. Much is possible there, as long as it is agreed in advance. Many suppliers build escrow into their own offering. That way continuity becomes a part of your service that can also bring in something financially.
Ready to start?
An escrow is usually operational within a few days, and we guide you from the agreement to the first delivery.