Last modified: December 12, 2016
Fabric uses a variety of methods to secure our network, software, and applications. Our employees maintain organizational security measures designed to keep your data safe, and our data retention and business continuity plans are comprehensive.
Network infrastructure is segregated into levels of information classification with strict routing, firewalling, and access control links that separate each privilege level.
Network infrastructure undergoes regular penetration third-party vulnerability audits.
Our information security team members perform regular software updates throughout the Fabric infrastructure to remain up-to-date on software security patches.
Web APIs and web pages are secured with High Assurance SSL certificates that support encryption algorithms with key lengths up to 256 bits and prohibit any key lengths shorter than 128 bits.
Fabric’s cloud infrastructure employs Multi-Factor Authentication for management operations.
Industry-standard (symmetric and asymmetric) encryption algorithms with appropriately sized keys are used to protect sensitive customer information.
Fabric applications undergo regular internal source code audits. Internal audits are augmented by regular third-party audits.
Standards and leading practices identified by independent security organizations (e.g., OWASP) are integrated in to all Fabric code creation processes.
Data is aggressively archived and Fabric performs regular offsite backups to ensure redundancy.
Fabric services are designed to tolerate failures in supporting infrastructure while maintaining continuity of operations; we place a high priority on redundancy and ensuring maximum availability of our services.
Fabric follows industry standard incident response procedures with a dedicated incident response team.
Prospective employees undergo security screenings during the hiring process.
Fabric employees undergo security operations training.
Fabric employees use encrypted storage, encrypted chat (and voice), and encrypted tunnels (SSH) for sensitive internal communications and operations.
Fabric maintains detailed application-level and system-level logs.
Fabric understands the devotion and effort that security work requires. As such, we encourage (and reward) the responsible disclosure of any vulnerabilities to us. Responsible disclosure means:
Openly share the full details of any vulnerabilities with us.
Do not announce or share the details of any vulnerabilities in any way with the public or other parties.
Do not exploit the vulnerability except for purposes of demonstrating it to Fabric personnel. Please contact email@example.com if you are unsure of exploitability and we will work with you to verify it safely.
Do not use the vulnerability to access, modify, harm, or otherwise alter any Fabric (or its customers’) data.
Vulnerabilities that are “responsibly disclosed” according to the above process are welcomed. Fabric will not seek to bring legal action against any person who adheres to this process of responsible disclosure.
Notwithstanding Fabric’s security precautions, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we are unable to guarantee the absolute security of our site and your use of the Service.
You may contact us with any security questions, concerns, or suggestions at firstname.lastname@example.org.