Serious security

When you trust us with your data, we’re committed to keeping it safe.

Security

Ibotta operates a robust security program based on established security frameworks, such as NIST 800-53 and the SSAE 18 Service and Organizational Controls Trust Criteria (SOC 2). In addition to annual security reviews by third-party assessment teams, we have a dedicated security and privacy team to continuously monitor our platform to ensure security protections are operating effectively, including access control, encryption, vulnerability testing, privacy protections and additional safeguards. We also maintain a bug-bounty program, for independent security researchers to test our platform and submit issues for review and mitigation. Rest assured, the security of your information is important to us.

Privacy

When you trust us with your data, we have a responsibility to protect it — and we do so with strict access controls, data policies, and regular audits. In addition to securely storing data we collect about you, we do not sell or share your data that identifies you personally, and we only use your personal information as outlined in our Privacy Policy. In addition, we comply with all applicable laws and regulations pertaining to data privacy and security. Review our Privacy Policy for more detailed information.

Platform & app security

We safeguard your Ibotta experience with industry-standard protections. Your data is securely encrypted at all times using both software and hardware protections. When you secure your account with a phone number and opt in to our SMS service, we’ll send you a text to verify it’s you before allowing withdrawals from your earnings or access to payment features.

Ibotta is committed to keeping your data secure and has successfully completed the SOC2 type 1 assessment.

Frequently asked questions

How is my sensitive data stored?

Your data is securely stored at all times. Data from Ibotta apps is encrypted in transit using Transport Layer Security (TLS) and is encrypted at rest using various hardware and software protections. Sensitive data is stored in continuously hardened infrastructure which is monitored for threats 24/7, and regularly reviewed and penetration tested by security professionals. In simpler terms, we take your security very seriously.

Do you share my information with third parties?

Our Privacy Policy provides a detailed overview of how we use and share your information.

What should I do if I think my Ibotta account was hacked?

If you believe your account might have been compromised, immediately contact our Ibotta Care team. We can help restore access to your account.

Is it safe to link my loyalty account?

When you link your loyalty account, your data is secured using the same protections as other parts of our app. We only receive data about the items you purchase and where you purchased them. We do not receive and cannot access any personally identifiable information associated with your loyalty account other than your loyalty account login information (which you provide to us when you link your account).

How can I protect my Ibotta account?

There are a number of ways to protect your account and stay safe online:

Keep your passwords safe — don’t share them with anyone.
Mix it up — make sure that your password includes numbers, capital letters, and special characters. Don’t use the same password for multiple services or apps.
Secure your account with a phone number — navigate to Account > Settings > Verify Device to add a phone number to your account. We’ll send you a text message to make sure it’s you if we detect suspicious activity and before you withdraw cash.
Enable extra security — in Settings, enable features like Face ID to protect certain settings and features such as Pay with Ibotta.

How can I disclose a security vulnerability to Ibotta?

We recognize the important role of security researchers in helping keep our community safe. If you believe you’ve discovered a bug in Ibotta’s security, please let us know as soon as possible via our bug bounty program — our security team will rapidly investigate and respond as quickly as possible to your report. Note that this program is for software security researchers only. If you have a question or issue with your account, please contact Ibotta Care.