Security model in one minute
Authenticate the actor, carry identity to the domain service, authorize the exact action and scope, and record the result without leaking secrets.
Security at Perelan
How it works
Each demonstration uses fictional sample data and keeps the source record, actor, permission boundary, and next step visible.
Authenticate the actor, carry identity to the domain service, authorize the exact action and scope, and record the result without leaking secrets.
The gateway validates sessions, uses HttpOnly session cookies with a double-submit CSRF pattern for cookie-authenticated writes, and avoids sending browser session cookies upstream.
Owner, admin, accountant, HR, manager, employee, manager-chain scope, and group-lead capabilities determine which rows and actions are visible.
The public gateway is the external entry point. Domain services reject non-health requests missing valid signed internal identity; signatures include request context and a timestamp.
Assistant tools run through product authorization. Views run in an isolated surface and sharing does not grant source-data access. Agents inherit owner access and expose tools, risk, validation, and run records.
Slack verifies signatures and resolves linked employees; Linear, incident.io, and Telegram credentials are encrypted where implemented; MCP tokens are personal, expiring, revocable, hashed, and rate limited.
This site does not display SOC 2, ISO 27001, GDPR, HIPAA, PCI, uptime, hosting-region, backup, or subprocessor claims without approved evidence. Contact Perelan for current documentation.
Product map
These links are curated for the page rather than generated at random.
Questions
Answers are scoped to repository-verified behavior or intentionally point to current customer documentation when policy facts are not public.
No. The marketing examples are compressed, but the product path still checks the acting user, role, group scope, and domain permission before data is shown or changed.
No. The backend stores a SHA-256 hash and shows plaintext once on creation.
Slack requests are signature-verified, the Slack user is resolved to a linked Perelan employee, and the target domain service rechecks permission as that employee.
No certification badge is claimed on this site without approved evidence. Contact Perelan for the applicable security-review package.
Next step
Start with the workflow you want to make calmer, then map the people, records, permissions, and handoffs that make it real.