Security & Privacy
How Chelar protects your data, encryption, isolation, and what we can and cannot access.
Your Data is Encrypted
All your data, chat history, configuration, credentials, and workspace files, is encrypted at rest. Your AI provider API keys are encrypted separately and are only decrypted when your assistant needs them.
Your Assistant is Isolated
Every Chelar user gets a dedicated, isolated assistant. Your assistant cannot access any other user's data, and no other user can access yours. Network traffic between assistants is blocked at the infrastructure level.
What Chelar Can and Cannot Access
| Data | Can Chelar Access It? |
|---|---|
| Assistant status (running, suspended) | Yes (to show you the dashboard) |
| Channel connection status | Yes (to show connection health) |
| Feature configuration (model, plan) | Yes (managed by the platform) |
| Your chat messages and history | No |
| Your AI provider API keys | No (stored encrypted) |
| Your assistant's memory and sessions | No |
| Your workspace files | No |
Chelar only accesses the minimum information needed to keep your assistant running and show you operational status in the dashboard. We cannot read your conversations, your AI responses, or your personal data.
Authentication
- Dashboard, sign in with GitHub or Google (OAuth). Your session is secured and encrypted.
- Assistant dashboard, your assistant's built-in dashboard is protected by the same login session, so you don't need to sign in separately.
- API keys, your AI provider keys (OpenAI, Anthropic, Google) are stored encrypted and never displayed in the dashboard after you save them.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly by emailing security@chelar.ai.