Instacart Information Security Program Charter

Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items


Welcome to Instacart's Trust Center portal. The commitment to data privacy and security is paramount to our business. Use this portal to learn about our security posture as well as request access to documentation.

Frameworks and Certifications

SOC 2 Logo
Start your security review
View & download sensitive information
Ask for information
Pentest Report
SOC 2 Report
OpenSSL Vulnerabilities
HIPAA Report
Security Notifications
Other Self-Assessments
SIG Lite
VSA Core
Cyber Insurance
Data Processing Agreement
Vendor Third Party Terms
Information Security Program Charter

Product Security

Audit Logging
Data Security
Role-Based Access Control
View more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Bot Detection
Code Analysis
View more

Data Privacy

Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Password Security


Amazon Web Services
Google Cloud Platform
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Spoofing Protection
Virtual Private Cloud

Corporate Security

Email Protection
Employee Training
Incident Response
View more

Security Grades

Qualys SSL Labs
Landing Page

Trust Center Updates

Instacart Information Security Program Charter

ComplianceCopy link

The Instacart Information Security Program Charter has replaced the Instacart Information Security Meta Policy. Additionally a table of contents has been added for validation of the security policy set.

Published at N/A

Vendor Third Party Terms

ComplianceCopy link

Instacart's Third Party Data Terms have been updated to remove an outdated term for "Exhibit A" and replaced with reference to "Addendum."

Published at N/A

Instacart's Response to the 2022 OpenSSL 3 Vulnerabilities

IncidentsCopy link

Instacart's response to OpenSSL can be viewed here by our Retailer Partners.

Published at N/A*

Instacart SOC 2 Type 2 Report Available for Download

ComplianceCopy link

Instacart's SOC 2 Type 2 report for the 12 month monitoring period ending in August 2022 is now available to request and download from our Trust Center.

Published at N/A

Security Notice Regarding Ukraine Conflict

GeneralCopy link

The ongoing conflict in Ukraine and the resulting economic sanctions against Russia have increased concerns of retaliatory cybersecurity attacks against US entities. CISA (Cybersecurity & Infrastructure Security Agency) has recently announced a Shield Up, a general call-to-action for all US entities to increase their security posture and report any anomalous events. Instacart security team is on an elevated monitoring posture and will continue to monitor the evolving situation closely and reassess the risk and our strategy.

-Instacart Security Team

Published at N/A

Security Notice regarding the Log4j Java library

IncidentsCopy link

"Log4j" is a widely used software library for logging error messages in Java applications. Beginning December 10th, several major vulnerabilities were discovered in the library, which has prompted immediate responses by Instacart's Security Team.

At this time, we have no indication that these vulnerabilities have adversely impacted our platforms. We have applied mitigations and are patching any peripheral components that may depend on log4j up to the latest available version (2.17). We will continue to monitor our bug bounty program, network traffic, and technology assets for any evidence of compromise or malicious activity.

We will continue providing updates as they become available; please don't hesitate to reach out if you have any questions.

-Instacart Security Team

Published at N/A

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

Powered bySafeBase Logo