Palanor: Liquidity76.6+0.54Palanor: Geopolitical Stress83.0-0.03Palanor: Risk Appetite61.5+1.34Palanor: Inflation Pulse55.8+1.22Palanor: Industrial Pulse64.20.00Palanor: Capital Tightness22.1-0.70Palanor: Consumer Confidence56.8-0.61Palanor: US Dollar Strength49.9-1.45Palanor: US Jobs Health31.7+0.05Palanor: Uncertainty Index54.7-5.53Palanor: AI Margin Compression50.5+0.55Palanor: Energy Transition34.50.00Palanor: Steward Confidence68.9+0.67Palanor: US vs China46.3+9.11Palanor: Sino Domestic Fragility67.70.00Palanor: AI Substitution32.8+0.20Palanor: Recession Vocabulary29.5+3.95Palanor: Quit Pressure37.7+17.85Palanor: Reshoring Sentiment23.8+2.43Palanor: Geopolitical Anxiety25.2+0.39The Palanor Index33.9-1.28Palanor: Labor Heat54.3+2.59
PalanorPalanor

Legal

Privacy Policy

Last updated · 27 May 2026 · Version 1.1

Palanor, Inc. (“Palanor,” “we,” or “us”) operates the Palanor Enterprise Intelligence Platform — a predictive scenario-based intelligence product comprising a marketing site at palanor.com and the in-product app at palanor.com/<org>. This Privacy Policy explains what data we collect, why, how we use it, who we share it with, and your rights under applicable law. It applies to both the marketing site and the in-product app.

1. Data we collect

Account data. When a steward creates an account or is invited to one, we collect name, email, organization affiliation, role, and an avatar if provided. Authentication is handled by our identity provider (Supabase Auth).

Organization data. The business profile a customer provides during onboarding (industry, what we do, strategic priorities, risk surface) plus any data entered into the product (CRM contacts, scenarios, signals subscriptions, schemas, briefings, research-paper unlocks, deal pipeline records). Customers control this data and can export or delete it.

Usage data. Standard server-side logs (request URL, timestamp, IP, user-agent, response status) for security and reliability. We do not run third-party analytics or marketing pixels.

Cookies. Only session-authentication cookies essential to keep you signed in. No advertising cookies. See the Cookies section below.

Communications. Email you send to us, and email we send you via Resend (transactional notifications, Numen briefs, Council inquiries). We do not sell or share email addresses with third parties.

2. Why we collect it (legal bases under GDPR)

We process personal data on the following legal bases, depending on jurisdiction:

  • Contract. To provide the platform and deliver the services you have contracted for.
  • Legitimate interests. To secure the platform, prevent abuse, and improve the product. We balance these interests against your privacy rights.
  • Consent. Where required (e.g., marketing email outside a contracted relationship). You can withdraw consent at any time.
  • Legal obligation. Tax, accounting, fraud prevention, regulatory response.

3. How we use the data

To operate and improve the platform: render Numen briefings, run scenarios, score signals, generate research papers, deliver email, secure the service, and respond to support requests. We do not use customer data to train shared AI models. Per-customer LLM calls (Anthropic Claude) are stateless and do not contribute to model training under our subprocessor agreement.

4. Who we share it with — subprocessors

We rely on a small set of vetted subprocessors to operate the platform. The current list is published at palanor.com/subprocessors. Subprocessors are contractually bound to confidentiality and to processing data only as instructed by Palanor. Standard Contractual Clauses (SCCs) cover international transfers where required.

5. Where we store data

The Palanor app and database are hosted in the United States (Vercel + Supabase, AWS us-east region). Email is delivered by Resend (US). LLM inference runs on Anthropic (US). Customers in jurisdictions with data-residency requirements should review the Data Processing Agreement available at palanor.com/dpa before contracting.

6. How long we keep it

Account data is retained while the account is active. On account closure, customer data is deleted within 90 days unless retention is required by law or to resolve disputes. Audit logs are kept for a rolling 18 months. Backups are deleted on the same 90-day rolling window. Specific retention can be negotiated in the DPA.

7. Your rights

Under GDPR, UK GDPR, CCPA/CPRA, and the state privacy laws in force in Colorado, Virginia, Connecticut, Utah, Texas, Delaware, Iowa, Indiana, Maryland, Minnesota, New Hampshire, New Jersey, Tennessee, Oregon, and Montana, you have the right to access, rectify, erase, port, restrict, and object to the processing of your personal data. Under CCPA/CPRA you also have the right to know the categories of personal information collected and to opt out of any “sale” or “sharing” — Palanor does not sell or share personal information for cross-context behavioral advertising, full stop.

How to exercise these rights (DSAR): Email privacy@palanor.com with the subject line “DSAR” and the right(s) you want to exercise. We will verify your identity (typically via the email associated with your account), respond within 30 days, and provide the data in a machine-readable format. We do not discriminate against users who exercise their rights.

8. Security

Encryption at rest (Supabase + AWS-managed AES-256 for the database and Storage; application-side AES-256-GCM for BYOLLM customer API keys) and in transit (TLS 1.2+). Row-Level Security on every customer table. Multi-factor authentication available to every user via /terminal/settings/security. Service-role keys live only in trusted server contexts and never reach the browser. Vulnerability disclosure: security@palanor.com. The full security posture is published at palanor.com/security.

9. Children

Palanor is a B2B product not intended for users under 16. We do not knowingly collect data from children. If you believe we have, contact privacy@palanor.com.

10. Cookies

We use only essential cookies: a session-authentication cookie that keeps you signed in, and a small theme-preference cookie that remembers light/dark/auto. We do not use analytics or advertising cookies. Under the EU ePrivacy Directive, no banner is required for cookies strictly necessary for the service. If we ever introduce non-essential cookies, we will publish a banner with granular consent.

11. Changes to this policy

If we change this policy materially, we will notify customers via email and update the “Last updated” date at the top. Continued use of the platform after the change constitutes acceptance of the updated policy.

12. Contact

Privacy questions, data subject access requests, breach notifications:

  • Email: privacy@palanor.com
  • Mail: Palanor, Inc., 254 Chapman Rd Ste 208, Newark, DE 19702, USA
  • EU representative: available on request via privacy@palanor.com