Security

Last updated: February 10, 2026

This page provides a high-level overview of how Palarian approaches security and privacy. It is not a guarantee and may change as the product evolves.

Security practices

Account and authentication

• Password requirements.
• Password recovery via email.
• Device lock: an account may be linked to an active device.
• Login may use a cryptographic challenge (challenge + signature) to reduce fraud and credential reuse.

Local protection (Windows)

• API keys may be stored encrypted using Windows (DPAPI) when available.
• Device secrets and private keys are protected locally whenever possible.

Backend and data

• Per-user data segregation (for example, by user_id).
• Database access controls (for example, RLS).
• Limits and rate limiting for sensitive flows (signup, login, password change, document upload, and document queries).

Logs

• Local logs may mask tokens and secrets when applicable.

Your responsibilities

• Do not share your OPENAI_API_KEY, admin keys (sk-admin), or other secrets.
• Keep Windows updated and protect your device with a password and device security features.
• Revoke devices you do not recognize (when available in the app).

Vulnerability reporting

Email contact@palarian.com with:

• a description of the issue and impact;
• reproduction steps;
• environment details (Windows and app versions).

Please avoid public disclosure until we have had a chance to investigate and fix.

Limitations

No system is 100% secure. Use of the Service is at your own risk, subject to our Terms of Service and Privacy Policy.