Palanor: Liquidity76.6+0.54Palanor: Geopolitical Stress83.0-0.03Palanor: Risk Appetite61.5+1.34Palanor: Inflation Pulse55.8+1.22Palanor: Industrial Pulse64.20.00Palanor: Capital Tightness22.1-0.70Palanor: Consumer Confidence56.8-0.61Palanor: US Dollar Strength49.9-1.45Palanor: US Jobs Health31.7+0.05Palanor: Uncertainty Index54.7-5.53Palanor: AI Margin Compression50.5+0.55Palanor: Energy Transition34.50.00Palanor: Steward Confidence68.9+0.67Palanor: US vs China46.3+9.11Palanor: Sino Domestic Fragility67.70.00Palanor: AI Substitution32.8+0.20Palanor: Recession Vocabulary29.5+3.95Palanor: Quit Pressure37.7+17.85Palanor: Reshoring Sentiment23.8+2.43Palanor: Geopolitical Anxiety25.2+0.39The Palanor Index33.9-1.28Palanor: Labor Heat54.3+2.59
PalanorPalanor

Legal · Trust Center

Security

Last updated · 27 May 2026 · The single URL a security team can read end-to-end.

Palanor is built for institutional stewards. Security and governance are not features layered on top of the product — they are the perimeter the product runs inside. This page describes the current posture in plain language. Where we have a specific control, we name it. Where a customer would reasonably expect more than we have today, we say so.

1. Encryption

In transit: TLS 1.2 or higher on every connection. HTTP Strict Transport Security enabled on palanor.com, app.palanor.com, terminal.palanor.com, and share.palanor.com. Certificates managed by Vercel and Cloudflare; minimum 2048-bit RSA / P-256 ECDSA.

At rest: The Supabase Postgres database and Storage buckets are encrypted at rest by Supabase using AES-256 (AWS-managed keys). Vercel build artifacts and logs are encrypted at rest by Vercel.

Customer LLM keys (BYOLLM): When a customer brings their own LLM provider API key, that key is encrypted application-side with AES-256-GCM (NIST SP 800-38D) before it reaches the database. Each row carries a per-encryption 12-byte IV and 16-byte authentication tag, so any tampering with the stored ciphertext fails the decrypt with a clear error. The master encryption key lives in Vercel’s encrypted environment store and never touches the database. Implementation: src/lib/llm/byollm-crypto.ts.

2. Authentication + access control

Customer authentication: Email + password via Supabase Auth (managed by Supabase, SOC 2 Type II certified). Optional TOTP-based multi-factor authentication available at /terminal/settings/security. SMS-based MFA is deliberately not offered — it is the weakest form of MFA and we will not ship it.

Tenant isolation: Every customer table carries Row Level Security policies that enforce organization_id = current_user’s active org. Cross-org reads are physically impossible at the database layer, not just the application layer.

Palanor employee access: Production access is limited to PALANOR_INTERNAL_EMAILS (today: founder only). All employee operations against the production database route through the Supabase service-role key, which lives only in encrypted server contexts (Vercel env, the founder’s workstation). The anon key, available to browsers, cannot bypass Row Level Security.

Profanity + handle filter: Sign-up handles run through a curated banned-words filter that rejects profanity, slurs, impersonation handles (admin, root, numen, palanor, council), and reserved Council bylines. Source: src/lib/auth/username-filter.ts.

3. Data residency

The Palanor app and database are hosted in the United States (Vercel Edge + Supabase, AWS us-east region). LLM inference runs in the United States via Anthropic. Email delivery runs in the United States via Resend. EU-region hosting is available on request for contracts that require it — please contact privacy@palanor.com with the requirement.

4. AI handling

Palanor uses LLMs (Anthropic Claude is the default; customers may bring their own provider) to compose briefings, score signals, and surface scenarios. Per the Anthropic Commercial Terms in force, prompts and completions sent to the Anthropic API are not used to train Anthropic’s models. The same holds for OpenAI (used for embeddings + news-image generation) and ElevenLabs (used for the Numen voice reader) under their respective commercial terms. We do not train any model on customer data.

The full disclosure of how AI is used inside the product is at /how-we-use-ai.

5. Vendor governance

Every subprocessor Palanor uses is listed at /subprocessors with the service provided, processing location, and data category. Each is contractually bound by a Data Processing Agreement. Customers can subscribe to subprocessor change notifications at privacy@palanor.com and receive at least 30 days’ notice of any change.

6. Vulnerability management

Disclosure: Researchers can report vulnerabilities to security@palanor.com. The full disclosure policy is published in machine-readable form at /.well-known/security.txt. We commit to acknowledge within 3 business days, provide a remediation estimate within 10 business days, and credit reporters on request.

Dependencies: Automated dependency scanning runs continuously via Dependabot on the production repository. High-severity advisories trigger a remediation PR within 24 hours; medium within one week.

Annual penetration test: Will be commissioned alongside SOC 2 Type II preparation (target Q3 2026). Until then, the production stack inherits the security posture of its hosts (Vercel and Supabase, both SOC 2 Type II certified) and the application-layer controls described above.

7. Logging + observability

Server-side request logs (URL, timestamp, IP, user-agent, response status, user id where applicable) are retained for a rolling 18 months for security and reliability purposes. Audit logs of cron pipelines, agent ticks, and admin actions are retained in the council_ticks, briefing_email_sends, and related tables for the same window.

8. Incident response

The incident response posture is detect → triage → contain → eradicate → recover → post-mortem. Customer-affecting incidents are disclosed within 72 hours of confirmation, per the breach-notification timelines in the DPA (Section 9). Post-mortems for material incidents are published in the public changelog with the technical detail commensurate with the audience.

9. Backups + recovery

Supabase performs daily encrypted backups of the production database, retained for 7 days on the Pro plan. Point-in-time recovery is available within that window. Recovery Time Objective (RTO): 4 hours. Recovery Point Objective (RPO): 24 hours. Both are inherited from the Supabase Pro tier’s posture; we will tighten as the customer base grows.

10. Audit posture (today, and where we’re going)

Palanor is in the early stages of formal compliance certification. The current state and the roadmap are honest:

  • SOC 2 Type II: Engagement begins Q3 2026 via Vanta. Type I report targeted within 90 days of engagement. Type II report targeted within 9 months.
  • ISO 27001: Will be added to the Vanta program after SOC 2 Type II issuance. No fixed date yet.
  • HIPAA / BAA: Not in scope today. Will be added when a healthcare prospect requires it.
  • Sub-processor SOC 2 inheritance: Vercel, Supabase, Anthropic, Resend, ElevenLabs, OpenAI, Stripe — all SOC 2 Type II certified. Reports available from each provider directly.

11. Customer security questionnaires

We respond to CAIQ v4, SIG Lite, and custom vendor security assessments. Once the Vanta Trust Center is live (Q3 2026), the responses will be available for download under NDA from this page. Until then, please email security@palanor.com with the questionnaire and your timeline; we respond within 5 business days.

12. Contact

Acknowledgments

Researchers who have responsibly disclosed vulnerabilities to Palanor will be listed here with their permission. The list is empty today.

Cross-references: Privacy Policy · Data Processing Agreement · Subprocessors · Terms of Service · How we use AI.