Bank Grade Security
As described below, Qaravan manages our IT security like a bank’s vault: a strong perimeter, controlled access, and limited contents.
World-Class Data Center
The Qaravan data center is in the continental US, near our offices just a few miles outside of Washington, DC. We have roots in the world of federal government IT contracting, so we have a unique appreciation for exceptionally conservative IT security standards.
For example, we know that keeping applications in a public cloud makes bankers and regulators nervous. That’s why we don’t do it. Instead, our website, application, and data warehouse all reside on dedicated hardware within a private, firewalled environment that is exclusive to Qaravan.
This infrastructure is physically located within a modern, highly secure data center that conforms to the internationally recognized ISO/IEC 27001 security protocols. It has recently been audited by Ernst & Young and given a “clean opinion” relative to the data center security standards established by the American Institute of Certified Public Accountants (AICPA).
Restricted, “KYC” Access Requirements
Qaravan’s first line of defense is similar to the banking industry’s “Know Your Customer” protocols—we make sure we’re serving real people who have responsible intentions. One way we screen out the bad guys is by requiring users to activate their trial through their email account. Additionally, we ask that users adhere to an enhanced set of standards when creating an account password. Finally, after a user has been cleared to establish an account, the only way to authenticate and access the Qaravan application is through our enterprise class firewall on a “Norton Secured”, Symantec SSL encrypted network.
By taking rigorous steps like these, we can maintain a high level of security, without compromising your user experience.
“Safe and Sound” Data Retention
Despite our extensive use of banking data, Qaravan stores very little in the way of sensitive information (remember, Call Report and UBPR data are public goods).
With regards to your personal financial information, no credit card information is ever seen or stored by Qaravan. This information is managed entirely by one of the nation’s most trusted payment gateways, Stripe. Stripe maintains strict “air gapped” encryption key pairs, strong DSS storage protocols, and a Level 1 PCI Compliance rating (the highest in the industry).
And finally, should you ever decide to cancel your Qaravan subscription, the information associated with your account is promptly removed from both Qaravan and Stripe servers.