Welcome to Instacart's Trust Center portal. The commitment to data privacy and security is paramount to our business. Use this portal to learn about our security posture as well as request access to documentation.
Trust Portal Updates
As we continue to build and improve our platform, Storefront Pro will be leveraging GiveX as a Loyalty Program Provider to process data in service of the application. This serves as notification that GiveX will be added as a new Strorefront Pro subprocessor.
The 2024 Instacart annual penetration test executive summary is available for download.
The Instacart Information Security Program Charter has replaced the Instacart Information Security Meta Policy. Additionally a table of contents has been added for validation of the security policy set.
Instacart's Third Party Data Terms have been updated to remove an outdated term for "Exhibit A" and replaced with reference to "Addendum."
Instacart's SOC 2 Type 2 report for the 12 month monitoring period ending in August 2022 is now available to request and download from our Trust Center.
The ongoing conflict in Ukraine and the resulting economic sanctions against Russia have increased concerns of retaliatory cybersecurity attacks against US entities. CISA (Cybersecurity & Infrastructure Security Agency) has recently announced a Shield Up, a general call-to-action for all US entities to increase their security posture and report any anomalous events. Instacart security team is on an elevated monitoring posture and will continue to monitor the evolving situation closely and reassess the risk and our strategy.
-Instacart Security Team
"Log4j" is a widely used software library for logging error messages in Java applications. Beginning December 10th, several major vulnerabilities were discovered in the library, which has prompted immediate responses by Instacart's Security Team.
At this time, we have no indication that these vulnerabilities have adversely impacted our platforms. We have applied mitigations and are patching any peripheral components that may depend on log4j up to the latest available version (2.17). We will continue to monitor our bug bounty program, network traffic, and technology assets for any evidence of compromise or malicious activity.
We will continue providing updates as they become available; please don't hesitate to reach out if you have any questions.
-Instacart Security Team