Privacy and Security

This page outlines Fabric’s key security and privacy information. Whether you’re looking to kick off a new project with Fabric, or curious about how Fabric works with your existing project, read on to see how Fabric can help protect you and your users.

Data Protection

Fabric will be GDPR ready

On 25 May 2018, the EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. We’re committed to helping our customers succeed under the GDPR. The information in this article describes some of the important privacy and security properties available and planned for Fabric customers to be ready for GDPR.

The GDPR imposes obligations on data controllers and data processors. Fabric customers typically act as the “data controller” for any personal data they provide to Google in connection with their use of Fabric, and Google is, generally, a “data processor”.

This means that data is under the customer’s control. Controllers are responsible for obligations like fulfilling an individual’s rights with respect to their personal data. To understand your responsibilities as a data controller, you should familiarize yourself with the provisions of the GDPR, and check on your compliance plans.

Key questions to consider:

  • How does your organisation ensure user transparency and control around data use?
  • Are you sure that your organisation has the right consents in place where they are needed under the GDPR?
  • Does your organisation have the right systems to record user preferences and consents?
  • How will you show to regulators and partners that you meet the principles of the GDPR and are an accountable organisation?

Fabric offers Data Processing and Security Terms

When a customer is using Fabric, Google is generally a data processor and processes personal data on behalf of the customer. Effective March 27th, Fabric’s Terms of Service offers a standard Data Processing and Security Terms (DPST) for all Fabric customers.

Fabric’s privacy and security certifications

Fabric is certified under the following privacy and security standards:

Privacy Shield Framework certification

Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and our certifications can be viewed on the Privacy Shield list.

SOC certification

All Fabric products are certified as SOC 2 compliant. For more information, see https://fabric.io/terms/faq#certifications.

Data Collection Policies

Identifiable data collected

Fabric services process some of your end users’ personal data to provide the service to you. The chart below has examples of how various Fabric services use and handle end-user personal data.

Answers

Personal Data collected:
How data helps provide the service:
  • Provides customers with analytics information based on segmented device data. IP addresses are used to provide geolocation information to customers.
Retention:
  • Answers retains identifier data for 180 days.

Beta

Personal Data collected:
  • User information - name and email address
  • Installation IDs - iOS and Android.
How data helps provide the service:
  • Helps customers distribute app builds to testers, monitor beta tester activity, and associate Crashlytics data with specific beta testers.
Retention:
  • User information is stored until requested for deletion by the customer and then removed within 180 days.

Crashlytics

Personal Data collected:
  • Installation UUID - iOS and Android.
  • Crash traces
How data helps provide the service:
  • Helping a customer associate crash data with specific instances of their app.
Retention:
  • Crash traces and their associated identifiers are kept for 90 days.

Development Guides

The services listed above need some amount of end-user personal data to function. As a result, it’s not possible to entirely disable data collection while using those services.

If you’re a customer who would like to offer users a chance to opt-in to a service, and the data collection that comes with it, in most cases that just requires adding a dialog or settings toggle before using the service.

Fabric starts up automatically when included in an app. To give users a chance to opt-in before using those services, you can choose to gain user consent before initializing Fabric. Here are guides for iOS and Android that show ways you may accomplish this.

Exporting data

Depending on your needs, you may want to export your app’s data or customers of your app. Here’s how to do for the following products:

Exporting Data
Answers Export to Big Query via Fabric and Firebase linking.
Beta From your Beta dashboard, click on Export Testers.
Crashlytics In the future, Crashlytics will support an export. In the meantime, please contact support if you need assistance.

Security information

Security practices

To keep personal data safe, Fabric employs extensive security measures to minimize access:

  • Fabric encrypts user data in transit and at-rest.
  • Fabric restricts access to a select group of employees who have a business purpose to access personal data.
  • Fabric logs employee access to systems that contain personal data.
  • Fabric conducts background checks on all employees.
  • Fabric only permits access to personal data by employees who sign in with 2-factor authentication.

More Help?

If you need more help or have any other questions, please contact support(at)fabric(dot)io.