Security Policy

Last modified: August 2, 2018

Security is primary

Fabric uses a variety of methods to secure our network, software, and applications. Our employees maintain organizational security measures designed to keep your data safe, and our data retention and business continuity plans are comprehensive.

Network and server security

  • Network infrastructure is segregated into levels of information classification with strict routing, firewalling, and access control links that separate each privilege level.

  • Network infrastructure undergoes regular penetration third-party vulnerability audits.

  • Our information security team members perform regular software updates throughout the Fabric infrastructure to remain up-to-date on software security patches.

Our information security

  • Web APIs and web pages are secured with High Assurance SSL certificates that support encryption algorithms with key lengths up to 256 bits and prohibit any key lengths shorter than 128 bits.

  • Fabric’s cloud infrastructure employs Multi-Factor Authentication for management operations.

  • Industry-standard (symmetric and asymmetric) encryption algorithms with appropriately sized keys are used to protect sensitive customer information.

  • Fabric applications undergo regular internal source code audits. Internal audits are augmented by regular third-party audits.

  • Standards and leading practices identified by independent security organizations (e.g., OWASP) are integrated in to all Fabric code creation processes.

Data retention & Disaster recovery

  • Data is aggressively archived and Fabric performs regular offsite backups to ensure redundancy.

  • Fabric services are designed to tolerate failures in supporting infrastructure while maintaining continuity of operations; we place a high priority on redundancy and ensuring maximum availability of our services.

  • Fabric follows industry standard incident response procedures with a dedicated incident response team.

Organizational security

  • Prospective employees undergo security screenings during the hiring process.

  • Fabric employees undergo security operations training.

  • Fabric employees use encrypted storage, encrypted chat (and voice), and encrypted tunnels (SSH) for sensitive internal communications and operations.

  • Fabric maintains detailed application-level and system-level logs.

Security research and disclosure process

Fabric understands the devotion and effort that security work requires. As such, we encourage the responsible disclosure of any vulnerabilities to us. Responsible disclosure means:

  • Openly share the full details of any vulnerabilities with us.

  • Do not announce or share the details of any vulnerabilities in any way with the public or other parties.

  • Do not exploit the vulnerability except for purposes of demonstrating it to Fabric personnel. Please contact security@meetfabric.com if you are unsure of exploitability and we will work with you to verify it safely.

  • Do not use the vulnerability to access, modify, harm, or otherwise alter any Fabric (or its customers’) data.

Vulnerabilities that are “responsibly disclosed” according to the above process are welcomed. Fabric will not seek to bring legal action against any person who adheres to this process of responsible disclosure.

Target Domains

  • meetfabric.com
  • www.meetfabric.com
  • api.meetfabric.com

Hall of Fame

  • Ali Razzaq
  • Sumit Jain

Contact

Notwithstanding Fabric’s security precautions, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we are unable to guarantee the absolute security of our site and your use of the Service.

You may contact us with any security questions, concerns, or suggestions at security@meetfabric.com.

About
What's Covered?
Pricing
Blog
Press
Careers
Sign In

© 2018 Fabric Insurance Agency, LLC

Fabric Instant is an Accidental Death Insurance Policy (Form VL-ADH1 with state variations where applicable) and Fabric Premium is a Term Life Insurance Policy (Form ICC16-VLT and CMP 0501 with state variations where applicable). Policies are issued by Vantis Life Insurance Company. (Vantis Life), Windsor, CT (all states except NY), and by Vantis Life Insurance Company of New York, Brewster, NY (NY only). Coverage may not be available in all states. Issuance of coverage for Fabric Premium is subject to underwriting review and approval. Please see a copy of the policy for the full terms, conditions and exclusions. Policy obligations are the sole responsibility of Vantis Life.

Fabric Insurance Agency, LLC (FIA) is an insurance agency licensed to sell life, accident, and health insurance products. FIA will receive compensation from Vantis Life for such sales. The NAIC Company Code for Vantis Life is 68632. See the Terms of Use for additional information regarding FIA.‬‬