About

Who runs Provable.io

A free, open-source random number API built and operated by RedPkt. Cryptography in the open, infrastructure paid for by the parent company, no ads and no upsell.

What Provable.io is

Provable.io is a public HTTP API for cryptographically verifiable random numbers. Every outcome ships with a serverHash you can independently verify, every endpoint is documented at /api-docs, and every nightly Merkle root is published at /transparency. The cryptographic primitives are explained in plain language on the /security page.

Anonymous calls are free and unmetered. Signing up unlocks an API key, per-account usage stats, webhooks, exports, idempotency keys, and the commit-reveal flow — also free, subject to a generous daily quota.

Who builds it

Provable.io is built and operated by RedPkt, a small software studio that ships infrastructure tooling and pays the hosting bill for this service out of pocket. The cryptographic core lives in the open at github.com/provableio/provable-core so that anyone — including a regulator or an auditor — can read the exact code that signs every outcome.

For commercial inquiries, partnerships, or coverage requests, reach the team at hello@provable.io. For support, use support@provable.io. For security disclosures, see the contact in the security page — short answer: security@provable.io.

Why it's free

Cryptographically verifiable randomness is plumbing. Charging per-call would force users into clever workarounds (caching, batching, reusing outcomes) that undermine the very property that makes the service worth using — that every outcome is fresh, witnessed, and auditable. So we don't charge.

Costs are kept low because the service is computationally cheap: HMAC-SHA512, SHA-256, and a Postgres write. If usage grows past what RedPkt can comfortably sponsor we may introduce a high-volume paid tier; the anonymous and small-account free tiers will stay free, and any change will be announced in advance, per our Terms of Service.

What we don't do

  • No selling user data. The Privacy Policy spells out the short list of things we store (email, hashed password, API keys, usage counters, outcomes).
  • No ads. There is no analytics SDK, no third-party tracker, and no advertising network embedded anywhere on this site.
  • No closed-source primitives. If you cannot read the source for the way an outcome is produced, neither can your auditor.
  • No silent changes to past outcomes. Daily Merkle roots make that impossible after the root is published; commit-reveal makes it impossible during a single outcome's lifetime.

Find us