Quarare

Security

Enterprise security, courtroom discipline.

Forensic engagements carry an unusual security profile: privileged communications, evidence in flight, and a downstream audience that will scrutinize every step. Quarare is built for that reality.

The Posture

Defense in depth, evidence-aware.

Standard SaaS security is necessary but not sufficient. Forensic accounting platforms also need provenance preservation, tamper-evident audit trails, and tenant boundaries that match the engagement model. Below are the controls Quarare implements, organized by layer.

Encryption at rest

AES-256 for all stored data. Customer-managed encryption keys available on request.

Encryption in transit

TLS 1.3 for all in-transit communications. HSTS enforced. Certificate transparency monitored.

Tenant isolation

Logical separation per engagement. No cross-engagement data inference. Customer-managed retention policies.

Identity and access

SSO via SAML 2.0 and OIDC. SCIM provisioning. Role-based access with engagement-scoped permissions.

Audit trail

Every score override, every Insight promotion, every Finding edit, every export. Tamper-evident, exportable to SIEM.

Data residency

US and EU data-residency options. Subprocessors disclosed. Cross-border transfer controls aligned with SCCs and Data Privacy Framework.

Compliance Roadmap

Built toward SOC 2, GDPR, and the evidentiary chain.

Quarare is pre-audit. The compliance roadmap targets SOC 2 Type II within the first year of general availability, with GDPR processor commitments available to enterprise customers from day one. CCPA, HIPAA-readiness (for engagements crossing into healthcare fraud), and ISO 27001 follow.

Methodology controls extend beyond conventional infosec. The audit trail is engineered so that an opposing expert reviewing the export can reconstruct the analyst's reasoning from raw evidence to final Finding. The chain is the product.

Detailed control matrix and current attestations available under NDA. Contact security@quarare.com for the security questionnaire response.

AES-256
At rest encryption
TLS 1.3
In transit
SAML/OIDC
Identity
SOC 2
Roadmap target Y1

Request the security overview.

Full controls matrix, subprocessor list, and pre-audit status available under NDA.

Request Access →Contact Security