Fable Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to Fable's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use the Fable Trust Center to learn about our security posture and request access to our security documentation.

Compliance

ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
SOC 2 Type 2 Logo
SOC 2 Type 2
GDPR Logo
GDPR
Standard Contractual Clause (SCC) Logo
Standard Contractual Clause (SCC)
Microsoft SSPA Logo
Microsoft SSPA
PIPEDA Logo
PIPEDA

Subprocessors

Fable is reviewed and trusted by

Aetna-company-logoAetna
Co-op-company-logoCo-op
GM Financial-company-logoGM Financial
Mozilla-company-logoMozilla
Reddit-company-logoReddit
Sky-company-logoSky
Shopify.com-company-logoShopify.com

Documents

REPORTSData Flow Diagram (DFD)
REPORTSNetwork Diagram
REPORTSPentest Report
COMPLIANCEISO/IEC 27001:2022
COMPLIANCESOC 2 Type 2

Access Control

Access Log Management
Internal Single-Sign-On (SSO)
Least Privilege
View more

AI

We are developing the appropriate controls framework to ensure compliance with Global AI Regulations such as the EU AI Act. Fable does not currently have AI Features available in its products.

App Security

Application Penetration Testing
Code Analysis
Credential Management
View more

Asset Management

Asset Classification
Asset Tracking
Automated Asset Detection
View more

BC/DR

Business Continuity Plan (BCP)
Critical Assets
Data Backup/Backup Protection
View more

Change Management

Change Management Program
Change Restrictions
Changes Notification & Verification
View more

Continuous Monitoring

Event & Audit Log Management
Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)

Data Privacy

Data Breach Notifications
Data Privacy Officer
Data Protection Impact Assessment (DPIA)
View more

Data Security

Access Monitoring
Data Asset Classification
Data Backups
View more

Incident Response

Designated Response Personnel
Incident Reporting Process
Pager Service

Infrastructure

Amazon Web Services
Anti-DDoS
BC/DR
View more

Legal

SubprocessorsAmazon Web Services (AWS)-company-logoMongoDB-company-logoauth0 by Okta-company-logoZoom-company-logoPendo.Io-company-logo
Customer Audit Rights
Cyber Insurance
View more

Policies

Acceptable Use Policy
Access Control Policy
Background Check Policy

Product Security

Audit Logging
Data Security
Multi-Factor Authentication
View more

Reports

Data Flow Diagram (DFD)
Network Diagram
Pentest Report

Risk Profile

Critical DependenceNo
HostingMajor Cloud Provider
Impact LevelModerate
View more

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Training

Employee Privacy Training
Role-Based Training
Secure Development Training
View more
Knowledge Base (FAQ)
  • How is risk assessed and tracked?
  • How is data protected in transit and at rest?
  • How is customer data separated in a multi‑tenant model?
  • How do you manage vulnerabilities and patching?
  • How do you handle data retention and deletion?
View more
Fable Trust Center Updates

Notice of new sub-processor for Managed Services customer research activities with AI enabled processing

Copy link
Subprocessors

We are adding Equafin Corp., doing business as HeyMarvin, as a new sub-processor to support the research activities performed by Fable’s Managed Services team. HeyMarvin provides a secure research platform used to handle customer and tester interviews, including time-synced note taking, tagging, qualitative coding, and the storage and review of interview materials.

As part of these capabilities, HeyMarvin applies AI enabled processing to interview recordings, transcripts, notes, and tags. This includes automated summarization, suggested tags, search across research materials, and generation of insights to support qualitative analysis. These processing activities are performed on Fable’s behalf and align with the customer consent and contractual requirements applicable to each project.

All information processed by HeyMarvin is stored in the United States. HeyMarvin’s security, privacy, and AI governance controls have been assessed by Fable’s compliance team. The vendor maintains a SOC 2 Type 2 report, ISO 27001 certification, operates an ISO 42001 certified AI Management System, and has demonstrated compliance with GDPR requirements.

No action is required on your end.

More details about HeyMarvin and our current list of sub-processors can be found in Fable’s Trust Centre at:
Fable Trust Center | Powered by SafeBase

Thank you,
Fable

SalesLoft Drift AI Compromise

Copy link
Vulnerabilities

Drift AI Compromise

22 SEPT 2025

Following recent reports of a significant breach, Fable has reviewed the reported Salesloft Drift AI compromise disclosures.

Based on our investigation, Fable is not impacted. We do not use Drift AI, and we confirmed no sensitive tokens, webhooks, or OAuth connections to Salesloft services are present in our environment. We have found no indicators of compromise in our logs.

No customer action is required.

Spencer Brawner, CISSP, CISM
Director, Security
Fable

If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo