Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Instacart maintains dedicated Security, GRC, and Privacy programs to ensure the confidentiality, integrity, and availability of our customers' data and privacy. We invest significant resources to safeguard against potential threats while building scalable and robust processes.

This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company as well as specific resources for our Marketplace product offering.

Compliance

CCPA Logo
CCPA
HIPAA Logo
HIPAA
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Documents

11 Documents
HIPAA Report
Pentest Report
Security Prospectus
PCI DSS
SOC 2
CAIQ
Other Questionnaires
VSA Core
Information Security Policy

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bug Bounty
Code Analysis
Software Development Lifecycle
See more

Legal

Cyber Insurance
Privacy Policy
Terms of Service

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
Google Cloud Platform
See more

Endpoint Security

Endpoint Detection & Response
Mobile Device Management
Threat Detection

Network Security

Firewall
Spoofing Protection
Virtual Private Cloud

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Security Grades

Qualys SSL Labs
Landing Page
A+

Trust Center Updates

Update on Instacart SOC 2 Audit

Published at 07/28/2022, 8:45 PM

Instacart is undergoing our annual SOC 2 Type 2 audit for 2022. Upon completion, the report will be available on our Trust Portal. Stay tuned in the coming months!

Security Notice Regarding Ukraine Conflict

Published at 03/15/2022, 7:22 PM

The ongoing conflict in Ukraine and the resulting economic sanctions against Russia have increased concerns of retaliatory cybersecurity attacks against US entities. CISA (Cybersecurity & Infrastructure Security Agency) has recently announced a Shield Up, a general call-to-action for all US entities to increase their security posture and report any anomalous events. Instacart security team is on an elevated monitoring posture and will continue to monitor the evolving situation closely and reassess the risk and our strategy.

-Instacart Security Team

Security Notice regarding the Log4j Java library

Published at 01/04/2022, 2:49 AM

"Log4j" is a widely used software library for logging error messages in Java applications. Beginning December 10th, several major vulnerabilities were discovered in the library, which has prompted immediate responses by Instacart's Security Team.

At this time, we have no indication that these vulnerabilities have adversely impacted our platforms. We have applied mitigations and are patching any peripheral components that may depend on log4j up to the latest available version (2.17). We will continue to monitor our bug bounty program, network traffic, and technology assets for any evidence of compromise or malicious activity.

We will continue providing updates as they become available; please don't hesitate to reach out if you have any questions.

-Instacart Security Team