Bank Grade Security

As described below, Qaravan manages our IT security like a bank
vault: a strong perimeter, controlled access, and limited contents.

World-Class Data Center

The Qaravan data center is in the continental US, near our offices just a few miles outside of Washington, DC.   We have roots in the world of federal government IT contracting, so we have a unique appreciation for exceptionally conservative IT security standards.

Our website, application, and data warehouse all reside within a private, firewalled environment that is exclusive to Qaravan. This infrastructure is physically located within a modern, highly secure data center that conforms to the internationally recognized ISO/IEC 27001 security protocols.

It has recently been audited by PWC and given a "clean opinion" relative to internal control standards established by the American Institute of Certified Publick Accountants (AICPA).

“Safe and Sound” Data Retention

Despite our extensive use of banking data, Qaravan stores very little in the way of sensitive information (remember, the data in most regulatory reports are public goods). The sensitive information we do retain is primarily in the form of user profiles—name, password and email. As described further in our privacy policy, we will NEVER sell, trade, or otherwise disclose customer information to any party unless legally obligated to do so. We take the protection of customer data very seriously and guard it with the same security standards we apply to our own intellectual property (privately hosted, firewalled, encrypted, limited access environment, as described above).

With regards to personal financial information, no credit card information is ever seen or stored by Qaravan. This information is managed entirely by one of the nation’s most trusted payment gateways, Stripe, which maintains strict “air gapped” encryption key pairs, strong DSS storage protocols, and a Level 1 PCI Compliance rating (the highest in the industry).

Restricted, “KYC” Access Requirements

For our web-based software, Qaravan’s first line of defense is similar to the banking industry’s “Know Your Customer” protocols—we make sure we’re serving real people who have responsible intentions. One way we screen out the bad guys is by requiring users to activate their trial through a corporate email accounts. We routinely screen for and investigate new accounts activated through free and ISP-based email providers (gmail, yahoo, verizon, etc.). Additionally, we ask that users adhere to an enhanced set of standards when creating an account password.

Finally, after a user has been cleared to establish an account, the only way to authenticate and access the Qaravan application is through our enterprise class firewall over our encrypted network. Qaravan’s Comodo SSL “Extended Validation” certificate provides a 2048-bit protocol (the highest assurance level available), 99.9% browser recognition, and a $1,750,000 relying party warranty.

For our downloadable applications, like the Qaravan Excel Add-In, we digitally stamp our code with a Comodo Code Signing Certificate to verify that it is an authenticate, unaltered product provided directly from us.

By taking rigorous steps like these, we can maintain a high level of security, without compromising your user experience.