Skip to main content

Open Source

RedPill is fully open source. We believe privacy claims should be verifiable, not just promises. Inspect our code, audit our implementations, and verify our security yourself.
Don’t trust, verify. Every component of RedPill is available for public inspection.

Our Repositories

redpill-gateway

TypeScript | MIT LicenseThe TEE-protected API gateway. See exactly how your requests are routed and protected.

redpill-chat

JavaScript | MIT LicenseThe RedPill application. Web and mobile clients with E2E encryption.

redpill-verifier

Python | MIT LicenseCryptographic verification tools. Verify TEE attestation independently.

.github

Organization profile and community guidelines.

What You Can Verify

1. End-to-End Encryption

Inspect the encryption implementation in redpill-chat:
  • Key generation and storage
  • Message encryption/decryption
  • Key exchange protocols
  • No backdoors or key escrow

2. TEE Integration

Review how we integrate with TEE in redpill-gateway:
  • Attestation verification
  • Secure enclave communication
  • Key management inside TEE
  • Data handling within enclave

3. Data Handling

Confirm our zero-retention claims:
  • No plaintext storage
  • Encryption at every layer
  • Secure deletion procedures
  • Audit logging (encrypted)

4. API Security

Verify our API protects your data:
  • Authentication flow
  • Request encryption
  • Response handling
  • Error handling (no data leaks)

How to Audit

Quick Review

# Clone the repos
git clone https://github.com/redpill-ai/redpill-gateway
git clone https://github.com/redpill-ai/redpill-chat
git clone https://github.com/redpill-ai/redpill-verifier

# Search for encryption
grep -r "encrypt" redpill-chat/src

# Check attestation logic
cat redpill-verifier/src/attestation.py

Deep Audit

For thorough security review:
  1. Review cryptography - Check all crypto implementations use standard libraries (no custom crypto)
  2. Trace data flow - Follow user data from input to TEE and back
  3. Check for leaks - Ensure no plaintext data in logs, errors, or responses
  4. Verify attestation - Confirm TEE attestation is properly validated

Security Audits

In addition to community review, we commission professional security audits:
AuditScopeStatus
Cryptographic reviewE2E encryption implementationCompleted
TEE integrationAttestation and enclave securityCompleted
Penetration testFull application securityAnnual
Audit reports available upon request for enterprise customers.

Contributing

We welcome security contributions:

Report Vulnerabilities

Found a security issue? Please report responsibly:
  1. Do not open a public issue
  2. Email [email protected]
  3. Include detailed reproduction steps
  4. We’ll respond within 24 hours

Responsible Disclosure

We have a responsible disclosure program:
  • No legal action against good-faith researchers
  • Credit in security advisories (if desired)
  • Bounties for critical vulnerabilities

Code Contributions

Help improve security:
  1. Fork the repository
  2. Make your changes
  3. Submit a pull request
  4. Our team will review

Why Open Source?

Claims of privacy mean nothing without proof. Open source lets anyone verify our claims are true.
More eyes find more bugs. Open source invites the security community to help keep users safe.
You can verify there are no backdoors, hidden data collection, or secret key escrow.
Verify that the code running in production matches the public source code.

Verify Our Production Code

Want to confirm production matches source?
  1. Check the commit hash in our deployment manifest
  2. Build from source using our Dockerfile
  3. Compare with production attestation
# Example verification
git checkout <production-commit>
docker build -t redpill-verify .
# Compare image hash with production attestation

View All Repositories

github.com/redpill-ai →