Security at Qarar

1. Overview

Qarar handles sensitive identity, company, residency, property, financial, compliance, and family documents. Security is therefore part of the product design: one controlled client profile, one document vault, role-based access, audit history, and limited sharing with the partners and authorities needed for each workflow.

This Security Statement describes the measures Qarar uses to protect client files. No online system can be guaranteed to be completely secure, but Qarar uses practical technical and organizational controls designed to reduce risk.

2. Encryption

Qarar is designed to protect data in transit using secure network protocols such as HTTPS/TLS. Uploaded documents and platform data are stored using cloud infrastructure that supports encryption at rest. Where third-party services process data for Qarar, we expect appropriate encryption and security controls for the service they provide.

3. Access controls

Access to client information is limited based on role, service need, and operational responsibility. Qarar team members, agents, partners, and service providers should only access the information required for the workflow they are supporting. Administrative access is restricted and reviewed as part of operational security.

4. Authentication

Qarar uses account-based authentication to protect client access. You are responsible for keeping your login credentials secure, using a strong password, maintaining control of your email and device, and notifying Qarar if you suspect unauthorized access. We may add or require stronger authentication controls as the platform evolves.

5. Document vault protection

The document vault is designed to centralize sensitive documents so they can be reused responsibly instead of being repeatedly emailed or uploaded across disconnected providers. Vault records include status, expiry, reuse, review, and audit information so Qarar can track which documents are on file and what still needs attention.

Documents may be shared outside the vault only when needed for a service, partner handoff, legal obligation, compliance check, authority submission, or client instruction.

6. Monitoring and audit logs

Qarar may log account activity, document uploads, workflow status changes, partner handoffs, administrative actions, authentication events, errors, and security events. These logs help support accountability, troubleshooting, fraud prevention, compliance, and incident response.

7. Infrastructure and vendors

Qarar uses cloud, database, storage, communication, payment, analytics, compliance, and support vendors to operate the platform. We aim to select vendors with appropriate security practices for the sensitivity of the service. Vendor access is limited to the purpose for which the vendor is used.

8. Partner security

Some workflows require sharing information with external partners, authorities, banks, insurers, brokers, developers, trustees, notaries, professional advisors, or compliance providers. Qarar cannot control every external system, portal, mailbox, or partner process, but we aim to share only the relevant information needed for the workflow and to work with appropriate counterparties.

9. Data minimization

Qarar’s operating model is to keep one organized file, not to collect unnecessary data. We ask for information and documents because they are needed for a workflow, compliance check, partner review, authority submission, support request, payment, legal obligation, or platform operation.

10. Incident response

If Qarar identifies a security incident, we will assess the issue, work to contain it, investigate the cause, take appropriate remedial action, and notify affected users or authorities where required by applicable law. We may ask users to reset credentials, verify account activity, or provide additional information during an investigation.

11. Your role in security

You can help protect your Qarar account by using a strong unique password, keeping your email account secure, avoiding shared devices where possible, checking links before clicking, keeping documents accurate and current, and telling us quickly if something looks wrong. Do not upload files you are not authorized to provide or send sensitive documents over unsecured channels unless Qarar specifically instructs you to do so.

12. Reporting a security concern

If you believe your account, documents, or Qarar data may be at risk, contact us immediately at security@qarar.ae. Please include a clear description of the issue, the affected account or workflow if known, and any relevant timestamps. Do not include unnecessary sensitive documents in the first report.