Compliance & Certifications
RedPill maintains industry-standard compliance certifications to demonstrate our commitment to security and privacy.For compliance reports, security documentation, or to schedule a security review, contact [email protected].
Compliance Reports
SOC 2 Type I
SOC 2 Type I Report
Service Organization Control 2 Type I report validating our security, availability, and confidentiality controls.
- Security - Protection against unauthorized access
- Availability - System uptime and reliability
- Confidentiality - Protection of confidential information
HIPAA Compliance
HIPAA Compliance
Health Insurance Portability and Accountability Act compliance for healthcare customers.Status: Coming Soon
- TEE-based data isolation
- End-to-end encryption
- Access controls
- Audit logging
- Zero data retention option
- Business Associate Agreement (BAA)
- Security documentation
- Compliance roadmap
GDPR
RedPill complies with the General Data Protection Regulation (GDPR) for EU users:| Requirement | How We Comply |
|---|---|
| Data minimization | Zero data retention by default |
| Right to access | Export your data anytime |
| Right to deletion | Delete account and all data |
| Data portability | Export in standard formats |
| Privacy by design | TEE + E2E encryption architecture |
Data Processing Agreement
Request our DPA for enterprise customers →
Security Controls
RedPill implements comprehensive security controls across multiple domains:Data Protection
Data Protection
- End-to-end encryption for all user data
- TEE-based processing (data never exposed in plaintext)
- Encryption at rest using AES-256
- Encryption in transit using TLS 1.3
- Zero data retention by default
Access Control
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication required for all employees
- Periodic access reviews
- Least-privilege access principles
- SSO integration (Enterprise)
Network Security
Network Security
- Web Application Firewall (WAF)
- DDoS protection
- Network segmentation
- Encrypted connections only
- Regular security scanning
Incident Response
Incident Response
- Documented incident response plan
- Security event monitoring
- Breach notification procedures
- Post-mortem reviews
- Regular incident response drills
Vulnerability Management
Vulnerability Management
- Regular vulnerability scans
- Responsible disclosure program
- Dependency monitoring
- Patch management procedures
Logging & Monitoring
Logging & Monitoring
- Centralized logging
- Real-time alerting
- Audit trails (encrypted)
- Anomaly detection
Regulatory Compliance
RedPill helps customers meet various regulatory requirements:| Regulation | How RedPill Helps |
|---|---|
| HIPAA | TEE isolation, E2E encryption, audit logging, BAA available |
| GDPR | Data minimization, encryption, deletion rights, DPA available |
| SOC 2 | Certified Type I, comprehensive security controls |
| CCPA | Data access, deletion, opt-out capabilities |
Attorney-Client Privilege
For legal professionals, RedPill’s architecture protects privileged communications:- No third-party access - Data processed only in TEE, never exposed
- No data retention - Conversations not stored on our servers
- Verifiable security - Cryptographic attestation proves secure processing
- Audit trails - Encrypted logs for compliance (Enterprise)
Legal Use Case
Learn how law firms use RedPill →
Subprocessors
RedPill uses a minimal set of trusted subprocessors:| Subprocessor | Purpose | Data Access |
|---|---|---|
| Cloud Provider | Infrastructure | Encrypted data only |
| Stripe | Payment processing | Billing info only |
| Analytics | Usage metrics | Anonymized only |
Requesting Compliance Documents
For enterprise customers and prospects, we provide:- SOC 2 Type I Report
- Security questionnaire responses
- Penetration test summaries
- Data Processing Agreement (DPA)
- Business Associate Agreement (BAA)
Request Documents
Contact [email protected] →
Trust Center
Visit our Trust Center for:- Real-time system status
- Security advisories
- Compliance updates
- Incident history
Trust Center
View Trust Center →