Don’t Trust Us. Verify.
We could tell you we’re trustworthy. Every company says that. Instead, we built a system where you don’t have to trust us.The bottom line: Your data is protected by hardware and math, not promises. Even if RedPill is hacked, acquired, or served with a subpoena, your data remains private because we mathematically cannot access it.
What If…?
What if RedPill gets hacked?
What if RedPill gets hacked?
Your data is still safe. Attackers would gain access to servers, but all sensitive data lives inside TEE (Trusted Execution Environment) - a hardware vault that even root access can’t crack. They’d find encrypted blobs and billing metadata. Your prompts? Completely inaccessible.
What if RedPill gets acquired by a company you don't trust?
What if RedPill gets acquired by a company you don't trust?
Your data is still safe. The new owners would inherit the same limitations we have: zero access to TEE memory. The architecture doesn’t change based on who owns the company.
What if the government subpoenas RedPill?
What if the government subpoenas RedPill?
We can’t give what we don’t have. We can provide billing records (token counts, timestamps, model names). But your prompts and responses? They’re never stored, never logged, and processed only inside hardware we can’t access. There’s nothing to hand over.
What if a rogue RedPill employee tries to steal data?
What if a rogue RedPill employee tries to steal data?
They’ll fail. Even system administrators with full server access cannot peek inside TEE memory. It’s not a policy - it’s physics. The CPU itself enforces the boundary.
What if you're lying about all of this?
What if you're lying about all of this?
Don’t trust us - verify.
- Our code is open source - read every line
- Get cryptographic attestation proving TEE execution
- Verify the running code matches the published source
- Check Intel and NVIDIA’s signatures yourself
Even We Can’t
| Action | Can RedPill Do This? | Why Not |
|---|---|---|
| Read your prompts | ❌ No | Processed inside TEE hardware |
| Access your responses | ❌ No | Never leaves TEE unencrypted |
| Train models on your data | ❌ No | Data isn’t accessible to us |
| Comply with data requests | ❌ Impossible | Nothing stored to hand over |
| Log conversation content | ❌ No | Architecture prevents it |
| Sell your data | ❌ No | We don’t have it |
Data Retention
| Data Type | Retention |
|---|---|
| Your prompts | 0 days - Never stored |
| Model responses | 0 days - Never stored |
| Billing metadata | 90 days |
| Error logs (no content) | 30 days |
Trust Model
You must trust:- CPU vendor (Intel) - TEE hardware correctness
- Cryptographic algorithms - AES, RSA, ECDSA
- Open source code - Auditable on GitHub
- RedPill operators
- Cloud infrastructure provider
- Operating system
- Other applications on the server