Hard questions
These are the actual objections appearing in the public Envato threads — paraphrased, no usernames, answered concession-first. If your objection is missing, ask it; the honest answer gets added here.
"Will you move all my existing customers over?"
No — and any service that promises that is lying to you. Your CodeCanyon buyers are one-time lifetime purchases, and Envato never handed you their email addresses. Redemption is pull-only: the buyer has to act — fetch their Envato purchase code, paste it plus an email on your new store, activate the fresh key. That reaches only the slice whose install is still live and who take one more update carrying the notice. So "move everyone" is arithmetically impossible; the honest number is a bounded share of your active base, measured in your audit, never a promised headcount.
Here is what actually moves the money, and what you should buy this for. First, your new sales stop paying Envato's 50% cut the day you go live — that is the real, un-caveatable win, and every month you stay listed the cut keeps taking. Second, the redemption bridge plus an in-plugin campaign lets the reachable slice self-migrate, which recaptures the maximum share that was ever reachable — a real bonus, but a bonus. Third, you come out the other side owning a consented email list Envato never gave you, so you can actually reach those buyers again. Freemius ships the bridge form for free; what nobody else does is operate the campaign and stand behind it — that is the part you are paying for.
"Isn't this just Freemius's free migration tool with a markup?"
Fair question, and partly yes: Freemius imports your license data for free, their converter tool is genuinely good, and our own comparison table says exactly that. If the free tool covers your case, use it — the 27-step checklist is free too.
What the €790 actually buys is the part the free tool does not do: engineering the purchase-code redemption bridge on your new store (the piece DIYers most often underestimate), sequencing the buyer emails sent under your name, drafting the final CodeCanyon update, the support handover, and a named EU human reviewing every artifact against a 7-business-day deadline. To be clear: their free tool, not our partner — there is no partnership to disclose.
"What if Envato blocks the final update pointing to my new store?"
It could happen — the final update goes through Envato's review like any other, and that decision is not in our hands. We draft it to be policy-safe under the post-July-2026 terms, but we do not control the outcome.
So the risk is priced in as a named refund trigger, stated in the terms before you pay: if Envato blocks the migration path mid-project, your €200 deposit comes back. And the redemption bridge works independently of that update — any buyer who reaches your new store can redeem their purchase code — though honestly, reach without the in-plugin notice is lower, and we will say so in your audit rather than round it up.
"Why would I give a stranger my codebase and credentials?"
You shouldn't — not blindly, and not on the strength of a landing page. That instinct is correct.
So the access model is published before you pay, in the credential and access charter: you mint the Envato API token yourself (scoped, read-only — we never ask for your password), every credential sits in a per-client encrypted vault, client production keys exist only on one named human's machine, and everything is revoked on day 37 by a scheduled job with confirmation on your status page. A GDPR Art. 28 DPA covers your buyer data. And the operator is checkable against third-party registries on the verify page — registries, not testimonials.
"What if the AI tooling breaks my plugin?"
Automated tooling really does the heavy lifting here — that is disclosed up front, not something you have to discover. And tooling, automated or human, can produce a bad patch; anyone who claims otherwise is selling something.
The controls: nothing deploys to your production except by a named human, from his own machine — the automation structurally cannot do it, because the keys are not where it runs. Every patch runs through a PHP × WP × Woo sandbox matrix before review, every artifact carries a human sign-off event you can see on your status page, and the 30-day support window covers migration-caused defects. One more rule, in writing: "the automation did it" is banned as an excuse. One human signs everything and answers for it by name.
"What happens if you get hit by a bus mid-migration?"
A one-person operation is a fair continuity concern, and no amount of copy makes a solo operator into a team. Here is what is actually structured for that case.
The payment design means an unfinished migration cannot cost you more than the refundable deposit: €200 up front — refundable until your kickoff checklist is complete — and the €590 balance is invoiced only after your written acceptance. The terms include an announced-absence clause, and the delivery clock stops visibly on your status page rather than silently overrunning. Every credential you handed over is revocable by you, unilaterally, at any moment: your Envato token, your Freemius invite, your hosting access. You are never locked in to a person being alive and well — the worst case is your deposit back and your plugin exactly as it was.
Related: credential & access charter · verify the operator · run your own numbers