End-to-End Encryption
Every message in RedPill is end-to-end encrypted. This means your prompts and AI responses are encrypted on your device and only decrypted inside the secure TEE enclave - not even RedPill can read them.How It Works
1
Key Generation
When you create an account, a unique encryption key pair is generated on your device. The private key never leaves your device.
2
Message Encryption
Before sending, your message is encrypted with your key. Only the TEE enclave can decrypt it using secure key exchange.
3
TEE Processing
The encrypted message enters the TEE. Inside the secure enclave, it’s decrypted, processed by the AI, and the response is encrypted.
4
Response Delivery
The encrypted response returns to your device, where only your key can decrypt it.
What Gets Encrypted
| Data | Encrypted | Where |
|---|---|---|
| Your prompts | ✅ | Device → TEE |
| AI responses | ✅ | TEE → Device |
| Uploaded files | ✅ | Device → TEE |
| Chat history | ✅ | Local storage |
| Knowledge base | ✅ | Device → TEE |
| Metadata (timestamps) | ✅ | End-to-end |
Encryption Standards
RedPill uses industry-standard cryptographic protocols:- AES-256-GCM for symmetric encryption
- X25519 for key exchange
- Ed25519 for digital signatures
- Argon2id for key derivation
All cryptographic implementations are from audited, open-source libraries. No custom cryptography.
The Role of TEE
End-to-end encryption protects data in transit. TEE (Trusted Execution Environment) protects data during processing:| Stage | What Happens |
|---|---|
| Your Device | Encrypt message with your keys |
| Transit | Data remains encrypted (TLS + E2E) |
| TEE Enclave | Decrypt, process, re-encrypt response |
Key Management
Your Encryption Keys
- Generated locally on your device
- Never transmitted to our servers
- Stored in secure storage (browser crypto storage / device keychain)
- Can be exported for backup (encrypted)
Session Keys
- New session keys generated for each conversation
- Forward secrecy: compromising one session doesn’t affect others
- Keys are rotated regularly
Recovery
If you lose access to your keys:- Chat history becomes unreadable
- You can generate new keys to continue
- Previous conversations cannot be recovered (by design)
Verification
You can verify E2E encryption is active:- Look for the 🔒 lock icon in the chat interface
- Check the connection info shows “E2E Encrypted”
- Verify the TEE attestation for the receiving enclave
What E2E Encryption Protects Against
| Threat | Protected? |
|---|---|
| Network eavesdropping | ✅ |
| Man-in-the-middle attacks | ✅ |
| Server-side data breaches | ✅ |
| Rogue employees | ✅ |
| Government data requests | ✅* |
| Your device being compromised | ❌ |
Open Source
Our E2E encryption implementation is open source:View Source Code
Audit the encryption implementation yourself →
FAQ
Can RedPill read my messages?
Can RedPill read my messages?
No. Messages are encrypted with keys that only exist on your device and inside the TEE. We have no access to plaintext.
What if RedPill is subpoenaed?
What if RedPill is subpoenaed?
We can only provide encrypted data. Without your keys, it’s cryptographically impossible to decrypt.
Is this the same as Signal or WhatsApp encryption?
Is this the same as Signal or WhatsApp encryption?
Similar principle (E2E encryption), but we add TEE protection for the AI processing step - something unique to RedPill.
Does encryption slow things down?
Does encryption slow things down?
Minimally. Modern encryption is fast. You won’t notice any delay in normal usage.