Trust Center

Start your security review
Search items

Program Overview

Trust Alliance Logo

To fulfill our mission of improving people’s lives with the world’s best transportation, we must ensure that riders and drivers trust us to use data and personal information responsibly. We work hard to earn and keep that trust by investing in cybersecurity and data privacy.

Lyft’s multifaceted cybersecurity effort is led by our Security & Information Security Teams. This team supports the assessment and mitigation of cybersecurity business risk across Lyft in partnership with cross functional company stakeholders. In the ever-changing landscape of cybersecurity threats, Lyft’s security team is responsible for building safeguards and detecting and responding to such threats while enabling the business to thrive. We continually monitor and validate critical assets to improve our protection.

We have a team of experienced analysts and software engineers dedicated full time to privacy, working to ensure that personal information is properly handled at all times. The team develops the policies, processes, and technical infrastructure to support our Privacy by Design philosophy, mitigate privacy risk, and honor our privacy commitments.

See “Compliance Programs” for a list of areas where we invest in programmatic compliance.

For additional data compliance requests, questions or concerns please reach out to customer-trust@lyft.com or your Sales/Account representative.

Compliance Programs

NIST CSF Logo
NIST CSF
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Start your security review

Lyft is reviewed and trusted by

GSA-company-logoGSA
Salesforce-company-logoSalesforce
Slack-company-logoSlack
Humana-company-logoHumana
AARP-company-logoAARP
Mercedes-Benz-company-logoMercedes-Benz
University of Southern California-company-logoUniversity of Southern California
University of Colorado Boulder-company-logoUniversity of Colorado Boulder
Auburn University-company-logoAuburn University

Compliance Artifacts

Pentest Report
PCI DSS
SOC 2
CAIQ Lite
HECVAT Lite
SIG Lite
Information Security Policy

Risk Profile

Data Access Level
Third Party Dependence
Hosting

Product Security

Integrations
Multi-Factor Authentication
Role-Based Access Control
View more

Reports

Infrastructure & Data Flow Diagrams
Pentest Report

Self-Assessments

CAIQ Lite
HECVAT Lite
SIG Lite

Data Security

Backups Enabled
Data Erasure
Encryption-at-rest
View more

App Security

Vulnerability Disclosure
API Security
Code Analysis
View more

Data Privacy

Cookie Usage
Data Collected
Employee Privacy Training
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Business Continuity
Infrastructure Security
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

DMARC
IDS
Security Groups
View more

Corporate Security

Employee Training
HR Security
Incident Response
View more

Policies

Information Security Policy

Security Grades

Qualys SSL Labs
lyft.com
A

Trust Center Updates

PCI-DSS v4.0 Attestation

ComplianceCopy link

Lyft's 2023 PCI-DSS v4.0 assessment has been completed and new Attestation of Compliance (AoC) is now available!

Published at N/A*

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo