Security at Perelan

Security lives in the action path.

  • Identity and scope are checked wherever a request changes state.
  • Internal service calls are signed; MCP tokens are hashed and revocable.
  • Every result is audit-logged and redacted of secrets.

How it works

Concrete product states, permissions, and handoffs

Each demonstration uses fictional sample data and keeps the source record, actor, permission boundary, and next step visible.

Security model in one minute

Authenticate the actor, carry identity to the domain service, authorize the exact action and scope, and record the result without leaking secrets.

Identity and sessions

The gateway validates sessions, uses HttpOnly session cookies with a double-submit CSRF pattern for cookie-authenticated writes, and avoids sending browser session cookies upstream.

Role and group authorization

Owner, admin, accountant, HR, manager, employee, manager-chain scope, and group-lead capabilities determine which rows and actions are visible.

Service architecture and internal identity

The public gateway is the external entry point. Domain services reject non-health requests missing valid signed internal identity; signatures include request context and a timestamp.

AI and generated-content boundaries

Assistant tools run through product authorization. Views run in an isolated surface and sharing does not grant source-data access. Agents inherit owner access and expose tools, risk, validation, and run records.

Integration security

Slack verifies signatures and resolves linked employees; Linear, incident.io, and Telegram credentials are encrypted where implemented; MCP tokens are personal, expiring, revocable, hashed, and rate limited.

Compliance and certification status

This site does not display SOC 2, ISO 27001, GDPR, HIPAA, PCI, uptime, hosting-region, backup, or subprocessor claims without approved evidence. Contact Perelan for current documentation.

Questions

What buyers usually ask

Answers are scoped to repository-verified behavior or intentionally point to current customer documentation when policy facts are not public.

No. The marketing examples are compressed, but the product path still checks the acting user, role, group scope, and domain permission before data is shown or changed.

Next step

Build a people operation your team will actually use.

Start with the workflow you want to make calmer, then map the people, records, permissions, and handoffs that make it real.