Fexyn for Enterprise
Custom deployment, SSO/SCIM, dedicated account management, invoice billing, and a custom DPA — for journalists' newsrooms, expat-heavy companies, security teams, and orgs operating across censored regions.
Fexyn ships every protocol your team will actually need to stay connected — including in Russia, Iran, China, the Gulf, and during regional throttling events. No protocol lock-in, no usage logs, no DNS query logs.
Speed
Userspace boringtun + Wintun on Windows. Sub-second connect on warm path; 4 KB-line audited cipher suite (ChaCha20-Poly1305).
Censorship
TLS 1.3 handshake to a real public site, then tunnel underneath. The traffic that gets through when ordinary VPN protocols are blocked.
Compatibility
Step-CA PKI with 24-hour rotating client certs. The compatibility fallback for networks that block everything else.
A named human who owns your account — not a ticket queue. Quarterly business reviews, deployment guidance, escalation path.
Region-specific server allocation, isolated infrastructure tier, dedicated IPs, on-prem agent options for tightly-controlled networks.
SAML 2.0 / OIDC sign-in via your existing identity provider. SCIM 2.0 for automatic user provisioning and de-provisioning.
1-hour response for critical issues, 4-hour for high. Engineering escalation when needed. Documented uptime targets.
We sign your data-processing agreement, not the other way round. Standard contractual clauses, GDPR-compliant subprocessor list, audit rights.
Net-30 or net-60 invoice terms. Wire transfer, ACH, or purchase order — not just a credit card. Annual or multi-year prepay discounts.
Independent security audit reports available under NDA. SOC 2 roadmap. Help with internal compliance reviews and questionnaires.
Choose where your team's traffic exits. Server fleet currently in Frankfurt, Helsinki, Cyprus, Ashburn — additional regions provisioned on contract.
Engineering and design teams working from countries where SaaS tools, code repositories, or cloud providers are blocked or throttled. Fexyn keeps them connected without a tunnel-juggling routine.
Site-to-site protection, guest Wi-Fi isolation from corporate traffic, kill switch enforcement on every endpoint. WFP-based on Windows so a broken policy doesn't fail open.
Reporters and stringers operating across Iran, Russia, China, Gulf states, and other restrictive networks. VLESS Reality handles the cases where ordinary VPN protocols fingerprint and get blocked.
Healthcare, legal, finance teams that need a no-logs VPN with a real DPA, audit reports, and a documented incident response process. Not a 'we don't keep logs' marketing line.
Pricing
Self-serve teams pricing tops out at 100 seats. Above that, deployment requirements vary too much for a published number. Talk to sales — typical first call is 20 minutes.
Talk to salesTalk to sales
Tell us a little about your organisation and we'll respond within one business day. No sales-cadence sequences — one human reply, one focused next step.
