Data privacy
The customer data sent to Instacart Connect is provided by the retailer. Instacart and the retailer form an agreement about how the data can be used by Instacart. For more information, contact your Instacart Connect Account Manager and their legal partner.
Data collection and storage
Instacart collects and stores the data necessary to fulfill a customer order. The data collected through Instacart Connect is logically separated from any customer data collected through Instacart Marketplace or other Instacart products. The data is stored in compliance with Instacart information security processes and procedures.
Depending on the services used by the retailer and the customer, the customer data might include the following items:
- Connect user account ID, which is defined by the retailer and accessed by Instacart for fulfillment purposes
- Customer name
- Customer delivery address
- Customer locale for language and units of measurement preferences
- Customer phone number
- Customer data of birth if alcohol was purchased by the customer
- Customer opt-in preference for transactional SMS communications
- Customer loyalty number
- Customer permission to associate a Connect user account with a customer’s Instacart user account
- Active orders, including items purchased, instructions, replacements, and messages sent between the customer and the shopper
- Order history associated with the Connect user account ID
The retailer can create a Connect user account for each order or for each customer. If the retailer chooses to create a new ID for each order, Instacart is unable to offer services (such as personalization) that rely on knowing the customer’s past orders.
Data usage
Data is used to provide and improve our services, such as time slot availability, shopper supply, and catalog inventory levels.
Request for deletion of user data
Instacart must comply with all applicable data privacy laws and regulations. This includes U.S. state privacy laws (“State Privacy Laws”) such as California’s CCPA and CPRA, Virginia’s VCDPA, Colorado’s CPA, Connecticut’s CTDPA, and Utah’s UCPA. Other states are expected to adopt similar legislation in the future.
When a customer requests that their data be deleted, a retailer must respond to the request in a manner that is compliant with applicable data privacy laws and regulations. If a retailer deletes a customer account, they must also send a deletion request to Instacart to delete the Connect user account and any related data. Instacart initiates a user privacy workflow to comply.
For details about the endpoint to use for deletion requests, see Request a user account deletion.