About

PermitUSB is built solo under JJMK Studios for IT directors at US manufacturers and defense contractors with 50–300 employees.

Why this exists

Existing USB device control tools target enterprise budgets and assume an admin who can spend a week on policy authoring. SMB IT teams need something that ships in MSI form, sets sane defaults, and tells the truth about what it does and doesn't do.

What it is

A Windows endpoint agent paired with a cloud control plane. Block-by-default whitelisting, per-endpoint-group policies, 14-day discovery mode for risk-free rollout, MSI deployment, and a published NIST 800-171 control mapping.

What it isn't

Not a full DLP suite. Not an EDR. Not (in v1) macOS or Linux. Not (in v1) network device control or BitLocker management. Read the scope doc for the explicit list.

How it's built

.NET 10 LTS Worker Service for the agent (with a WPF tray app), Node 24 + Hono + Drizzle on the API, Next.js 15 + Tailwind on the dashboard, Supabase Postgres + Auth, Stripe for billing, Resend for transactional email. Vertical-slice development — every two to four weeks the whole product gets thicker; never spend months building horizontal layers in isolation.

Honest limits

v1 enforcement is user-mode. A determined local admin with elevated PowerShell can re-enable a blocked device — the watchdog will notice within ~30 seconds, re-disable it, and emit a tamper event. Kernel-mode enforcement and read-only mass storage are the v2 differentiators. We're upfront about that.

Get in touch

Send a message. Replies come from a real human within two business days.