Security & Trust
RedCrown proves which model config is cheapest at equal-or-better quality on your own data. This page states plainly how your data and keys are handled. We describe only what is true today. We hold no formal certification (no SOC 2, no ISO 27001) and do not claim any.
Last updated 2026-07-02
What stays on your machine
The redcrown CLI runs evals locally. Your provider keys and your raw inputs and model outputs never leave your machine during a local redcrown eval. When you choose to publish a proof, only the aggregate ranked results are uploaded.
- Per-item receipts are opt-out.
redcrown push --no-receiptsstrips the per-item inputs, outputs, and references before upload, so confidential content never leaves your machine. The proof still ranks the configs and shows the aggregate cost and quality. - Only the runs you explicitly push or mint a proof link for become shareable. Nothing is published automatically.
Keys and secrets, encrypted at rest
- Provider API keys you connect (OpenAI, Anthropic, AWS, Deepgram, and others) are encrypted at rest with authenticated symmetric encryption (Fernet / AES-128-CBC + HMAC) under a key-encryption key held only in the server environment. The write API is write-only: it returns the provider and the last four characters, never the key.
- Stored eval inputs (for the capture and replay flow) are encrypted at rest and siloed per workspace. A cross-workspace URI is rejected at the storage boundary, and the storage bucket is private.
- Card data never touches RedCrown. Billing runs through Stripe-hosted checkout; the billing webhook is the source of truth.
Proofs, retention, and revocation
- Proof links are revocable. The owner can revoke a proof link at any time; a revoked link returns a not-found response and stops rendering. Links can also be minted with an expiry.
- Signed attestations are point-in-time signed facts. They prove authenticity, integrity, and provenance (which dataset by hash, which model versions, when, under which methodology version), and they verify offline against RedCrown's published key. They are not a claim that the input data was representative.
- Reviewer portals are token-scoped and blinded: a reviewer sees option A vs option B without model identities, and a token cannot reach another workspace's data.
Tenant isolation
Every authenticated data route is workspace-scoped. Access is validated against your workspace memberships, and stored data is tagged by workspace, so one tenant's data is never returned to another. Database row-level security is deny-by-default on the sensitive tables.
Subprocessors
RedCrown uses the following platform subprocessors. The model providers you evaluate are connected with your own keys and are under your control.
| Subprocessor | Purpose |
|---|---|
| Railway | Backend application compute |
| Supabase (Postgres + object storage) | Application database and encrypted eval-input storage |
| Netlify | Static hosting for the marketing site and the app |
| Stripe | Subscription billing (card data never reaches RedCrown) |
| Model providers you connect | Run your eval calls under your own keys (e.g. OpenAI, Anthropic, AWS, Deepgram, OpenRouter) |
Enterprise
For regulated teams we discuss self-hosted / VPC deployment, private model routing, SSO, audit logging, and data residency, plus neutral attestation and a buyer-controlled holdout re-run. Talk to us.