Security & Compliance

Protecting data. Building trust.

Carvan is built with a security‑first mindset to protect buyers, dealers, and banking partners. This page explains privacy, document security, access control, and responsible AI pre‑qualification.

Disclaimer: Carvan is not a lender and does not make credit decisions. We facilitate structured referrals.

Data Collection

  • Minimum data: name + contact, plus fields needed for referral packaging
  • Documents: uploaded only when applying (ID, payslips, bank statements if required)
  • Purpose limitation: used for eligibility guidance and bank submissions only
Browsing is public. Accounts are required for saving data or submitting applications.

Document Security

  • Controlled access: buyers store documents in a secure vault
  • Least privilege: dealers never see sensitive financial documents
  • Secure storage: encrypted at rest with role‑based access rules
  • Auditability: status events are trackable for internal review

Access Control

  • Roles: buyer, dealer, admin (and bank partner where applicable)
  • Verification gates: dealers require approval before listings go live
  • Operational controls: suspicious activity triggers manual review
  • Account security: password resets and session protections via auth provider

AI Pre‑Qualification

  • Transparency: rule-based checks explain Eligible / Review / Not Eligible
  • Guidance only: outputs are recommendations, not approvals
  • No sensitive traits: avoid protected characteristics in decision logic
  • Continuous improvement: refine rules using outcomes (with privacy controls)
Final approvals are always made by the partner bank under their policies.

Compliance Approach

  • Non‑lender: Carvan facilitates referrals; does not issue credit or hold deposits
  • KYC readiness: support document collection and secure submissions per bank requirements
  • Fraud prevention: dealer verification, listing standards, VIN checks, escalation workflow
  • Data retention: retain only as needed for legitimate business purposes
  • Partner alignment: match bank compliance checklists and update workflows
Replace contact emails with your official inboxes (e.g., security@carvan.africa).