Palanor: Liquidity76.8+0.21Palanor: Geopolitical Stress83.1+0.12Palanor: Risk Appetite60.9-0.64Palanor: Inflation Pulse57.3+1.54Palanor: Industrial Pulse64.20.00Palanor: Capital Tightness21.9-0.23Palanor: Consumer Confidence55.9-0.83Palanor: US Dollar Strength49.90.00Palanor: US Jobs Health31.70.00Palanor: Uncertainty Index55.1+0.40Palanor: AI Margin Compression50.4-0.11Palanor: Energy Transition34.50.00Palanor: Steward Confidence68.7-0.14Palanor: US vs China46.30.00Palanor: Sino Domestic Fragility67.70.00Palanor: AI Substitution34.4+1.61Palanor: Recession Vocabulary30.8+1.30Palanor: Quit Pressure51.3+13.67Palanor: Reshoring Sentiment24.7+0.91Palanor: Geopolitical Anxiety25.4+0.17The Palanor Index34.1+0.26Palanor: Labor Heat53.7-0.60
PalanorPalanor

Trust · Data flow

Data flow

Every customer-data touchpoint, end to end. The same diagram Palanor will hand a Salesforce / Slack / enterprise security reviewer.

PALANOR TRUST BOUNDARYUserbrowser · TLS 1.2+Vercel Edge / Next.jsrouting · TLS termination · logs 18moSupabasePostgres · Auth · StorageAES-256 at rest · RLS perimeterus-east · EU on requestAnthropicClaude · no trainingOpenAIembeddings · gpt-image-1ElevenLabsTTS · no trainingResendtransactional emailStripepayments · tokenized PANCloudflareDNS only · no datacustomer dataLLM / TTS / imagetransactional email / paymentinfra (DNS, etc.)

What customer data crosses each boundary

  • User → Vercel Edge. Every customer interaction. TLS 1.2+. Vercel terminates TLS at the edge, routes to the Next.js application, and retains request logs (URL, IP, user-agent, response status) for 18 months.
  • Vercel → Supabase. All Customer Personal Data and Customer Data lives in Supabase Postgres (us-east; EU residency available on request). Encrypted at rest with AES-256 (AWS KMS). Tenant isolation enforced at the database layer via Row-Level Security on every customer table.
  • Vercel → Anthropic. Prompts derived from customer business profile, news, and signal context. Not retained for training under Anthropic Commercial Terms. Customer BYOLLM keys flow through the application layer encrypted with AES-256-GCM until decrypt-on-use.
  • Vercel → OpenAI. Text passed to the embeddings endpoint (for search) and to gpt-image-1 (for news-image fallback when no public-domain match exists). Not retained for training.
  • Vercel → ElevenLabs. Text passed to the synthesis endpoint to generate the Numen audio reader. Not retained for training.
  • Vercel → Resend. Outbound transactional email content + recipient address. Resend does not retain message content beyond the send window.
  • Vercel → Stripe. Billing-related identifiers and tokenized card data only. Cardholder data is never seen by Palanor; Stripe is fully out-of-scope for PCI on our side.
  • User → Cloudflare. DNS resolution only. No customer data passes through Cloudflare.

Where data does not go

Palanor runs zero third-party analytics or marketing pixels. We do not push customer data to advertising networks, social platforms, or analytics warehouses. There is no Segment, Mixpanel, GA, FB Pixel, or LinkedIn Insight Tag on any signed-in surface. We do not sell or share personal information for cross-context behavioral advertising — full stop.

Cross-references

/security · /privacy · /dpa · /subprocessors.