General Questions

RedPill’s entire gateway runs in TEE (Trusted Execution Environment), providing hardware-enforced privacy for ALL requests to ANY LLM provider.Key differences:
  • Privacy-first: Your prompts are hardware-encrypted in TEE
  • Multi-provider: Access 250+ models through one privacy-protected API
  • Verifiable: Cryptographic attestation proves TEE execution
  • OpenAI-compatible: Drop-in replacement for existing code
Even when routing to OpenAI or Claude, your requests flow through TEE-protected infrastructure first.
A TEE is a hardware-protected secure enclave that isolates code and data:
  • Intel SGX/TDX: CPU-level memory encryption
  • AMD SEV: Secure encrypted virtualization
  • NVIDIA H100 GPU TEE: GPU memory isolation for AI inference
What TEE protects:
  • ✅ Your API requests (prompts, messages)
  • ✅ Model responses
  • ✅ Function calling parameters
  • ✅ Embeddings and vision inputs
What operators cannot see:
  • ❌ Request contents (encrypted in hardware)
  • ❌ Model outputs (only you can decrypt)
  • ❌ API keys or credentials
No code changes required! RedPill is OpenAI SDK compatible.Just change 2 lines:
from openai import OpenAI

client = OpenAI(
    base_url="https://api.redpill.ai/v1",  # 1. Change base URL
    api_key="your-redpill-key"              # 2. Use RedPill key
)

# Everything else stays the same
response = client.chat.completions.create(
    model="openai/gpt-4o",
    messages=[{"role": "user", "content": "Hello!"}]
)
Works with all OpenAI SDKs: Python, Node.js, Go, Ruby, .NET
FeatureRedPillTinfoilOpenRouter
Gateway in TEE✅ Yes❌ No❌ No
Confidential Models✅ 6 Phala models✅ Multiple❌ None
Multi-Provider✅ 250+ models❌ Tinfoil only✅ 200+ models
Cryptographic Attestation✅ Every request✅ Yes❌ No
Privacy Protection✅ All providers✅ Tinfoil models❌ None
RedPill’s unique value: TEE-protected routing to ALL providers (OpenAI, Claude, etc.) PLUS confidential models.
No. RedPill operators cannot see:
  • ✅ Your prompts or messages
  • ✅ Model responses
  • ✅ Function calling parameters
  • ✅ Uploaded images or files
Why? The entire gateway runs in TEE with hardware memory encryption. Even with root access, data is encrypted at the CPU level.What RedPill CAN see:
  • Metadata: Timestamp, model name, token count
  • Encrypted payloads (but not the contents)
  • Request/response sizes
Learn more: Privacy Architecture

Technical Questions

RedPill provides cryptographic attestation for every request:1. Get attestation report:
curl https://api.redpill.ai/v1/attestation/report \
  -H "Authorization: Bearer YOUR_KEY"
2. Verify the signature:
import requests
import jwt

# Get attestation
response = requests.get(
    "https://api.redpill.ai/v1/attestation/report",
    headers={"Authorization": "Bearer YOUR_KEY"}
)

attestation = response.json()

# Verify against Intel/NVIDIA public keys
# Full verification guide: /confidential-ai/verification
3. Check request signature:
curl https://api.redpill.ai/v1/signature/{request_id} \
  -H "Authorization: Bearer YOUR_KEY"
Full guide: Attestation Verification
Less than 2% overhead on average:
MetricImpact
Latency+5-10ms
Throughput-2%
Memory<2% overhead
GPU TEE efficiency: 99% (Phala confidential models)See full benchmarks: Performance
RedPill supports multiple TEE implementations:For Gateway (all models):
  • Intel SGX - Software Guard Extensions
  • Intel TDX - Trust Domain Extensions
  • AMD SEV - Secure Encrypted Virtualization
For Confidential Models (Phala):
  • NVIDIA H100 GPU TEE - GPU memory isolation
  • Intel TDX - CPU-level protection
Each provides hardware-enforced memory encryption and cryptographic attestation.
Yes! Any framework that supports OpenAI-compatible APIs works with RedPill.LangChain example:
from langchain.chat_models import ChatOpenAI

llm = ChatOpenAI(
    openai_api_base="https://api.redpill.ai/v1",
    openai_api_key="your-redpill-key",
    model="openai/gpt-4o"
)
LlamaIndex example:
from llama_index.llms import OpenAI

llm = OpenAI(
    api_base="https://api.redpill.ai/v1",
    api_key="your-redpill-key",
    model="anthropic/claude-3.5-sonnet"
)
Supported frameworks:
  • ✅ LangChain
  • ✅ LlamaIndex
  • ✅ Semantic Kernel
  • ✅ Haystack
  • ✅ AutoGen
  • ✅ Any OpenAI-compatible tool
250+ models from major providers:OpenAI:
  • openai/gpt-4o, gpt-4o-mini, gpt-3.5-turbo
Anthropic:
  • anthropic/claude-sonnet-4, claude-3.5-sonnet, claude-3.5-haiku
DeepSeek:
  • deepseek/deepseek-chat, deepseek-r1
Meta:
  • meta/llama-3.2-90b, llama-3.1-405b
Phala Confidential (TEE-native):
  • phala/qwen-2.5-7b-instruct
  • phala/deepseek-chat-v3-0324
  • phala/gpt-oss-120b
  • phala/gemma-2-27b-it
  • phala/llama-3.3-70b
  • phala/qwen-qwq-32b
See all models: Supported Models
Pay-per-token pricing - same as going direct to providers, with privacy added:
  • Standard models: Provider pricing + small RedPill fee
  • Confidential models: Flat per-token rate
Example (approximate):
  • openai/gpt-4o: $2.50/1M input tokens
  • phala/qwen-2.5-7b-instruct: $0.10/1M tokens
Check real-time pricing: Pricing

Privacy & Security

TEE architecture provides strong privacy guarantees, but compliance depends on your use case:GDPR (EU Privacy):
  • ✅ Hardware encryption meets data protection requirements
  • ✅ No plaintext access to personal data
  • ✅ Cryptographic proof of processing
HIPAA (Healthcare):
  • ⚠️ Requires BAA (Business Associate Agreement)
  • ✅ TEE isolation meets technical safeguards
  • Contact: enterprise@redpill.ai for BAA
SOC 2:
  • ✅ Security controls via TEE
  • ✅ Attestation provides audit trail
  • 📄 SOC 2 Type II in progress
For regulated industries: Contact us for compliance documentation.
TEE protects your data even with server compromise:If attackers gain root access:
  • ❌ Cannot read request contents (hardware encrypted)
  • ❌ Cannot decrypt model responses
  • ❌ Cannot extract API keys or credentials
  • ❌ Cannot modify code without breaking attestation
What breaks:
  • ⚠️ Attestation verification fails (alert!)
  • ⚠️ Service availability affected
Defense in depth:
  1. TEE isolation - Hardware protection
  2. Attestation - Cryptographic proof
  3. Key management - Secrets sealed in TEE
  4. Monitoring - Real-time anomaly detection
No. RedPill cannot access your data due to TEE isolation.Privacy guarantees:
  • ✅ No training on user data
  • ✅ No logging of request contents
  • ✅ No selling of data
  • ✅ Hardware prevents access
What we log (metadata only):
  • Request timestamps
  • Model names
  • Token counts
  • Request IDs
See: Privacy Policy
TEE provides something stronger than E2EE:Traditional E2EE:
  • ✅ Encrypted in transit
  • ✅ Encrypted at rest
  • Decrypted during processing (server sees plaintext)
RedPill’s TEE:
  • ✅ Encrypted in transit
  • ✅ Encrypted at rest
  • Encrypted during processing (hardware isolation)
Your data is never in plaintext outside the TEE, even while being processed.

Use Cases

Use RedPill when:
  • ✅ Privacy is critical (healthcare, finance, legal)
  • ✅ You need multi-provider access with unified privacy
  • ✅ Compliance requires data isolation
  • ✅ Handling sensitive user data
  • ✅ Building privacy-first products
Use direct providers when:
  • ❌ Privacy not important (public data)
  • ❌ Need specific provider features not yet supported
  • ❌ Cost-sensitive non-critical workloads
Example use cases:
  • Medical chatbots analyzing patient data
  • Financial analysis with proprietary information
  • Legal document review
  • HR tools processing employee information
  • Privacy-focused consumer applications
Yes! RedPill is production-ready:Reliability:
  • 99.95% uptime SLA
  • Auto-scaling infrastructure
  • Global CDN distribution
Performance:
  • <2% overhead vs direct providers
  • Streaming support
  • Concurrent request handling
Enterprise features:
  • Custom rate limits
  • Dedicated instances
  • Priority support
  • BAA for HIPAA compliance
Contact: enterprise@redpill.ai
Migration is 2 lines of code:From OpenAI:
# Before
client = OpenAI(api_key="sk-...")

# After
client = OpenAI(
    base_url="https://api.redpill.ai/v1",
    api_key="sk-redpill-..."
)
From OpenRouter:
# Before
client = OpenAI(
    base_url="https://openrouter.ai/api/v1",
    api_key="sk-or-..."
)

# After
client = OpenAI(
    base_url="https://api.redpill.ai/v1",
    api_key="sk-redpill-..."
)
Full guides:

Troubleshooting

Check model name format - RedPill uses provider prefixes:Wrong:
model="gpt-4o"  # Missing provider
Correct:
model="openai/gpt-4o"  # With provider prefix
Common mistakes:
  • gpt-4oopenai/gpt-4o
  • claude-3.5-sonnetanthropic/claude-3.5-sonnet
  • llama-3.2-90bmeta/llama-3.2-90b
See all models: GET https://api.redpill.ai/v1/models
Common issues:1. Certificate chain outdated:
# Update Intel/NVIDIA root certificates
# See: /confidential-ai/verification
2. Time synchronization:
  • Attestation timestamps expire after 5 minutes
  • Check system clock accuracy
3. Network issues:
  • Verify connection to attestation endpoints
  • Check firewall rules
Debug steps:
  1. Fetch fresh attestation: GET /v1/attestation/report
  2. Verify signature: Check against public keys
  3. Validate timestamp: Must be recent (<5 min)
  4. Check certificate chain: Intel/NVIDIA roots
Full guide: Verification
Performance optimization tips:1. Use streaming:
stream = client.chat.completions.create(
    model="openai/gpt-4o",
    messages=[...],
    stream=True  # ⚡ Faster time-to-first-token
)
2. Choose confidential models for lowest latency:
  • Phala models run in same datacenter
  • No external provider roundtrip
3. Batch similar requests:
  • Amortize attestation overhead
  • Better throughput
4. Cache attestations:
  • Verify once per session
  • Reuse for subsequent requests
See: Performance Guide

Still Have Questions?

Join Discord

Chat with the community

Documentation

Full documentation

GitHub Issues

Report bugs