Shopper information removal
By default, some Connect API responses and event callbacks contain Personally Identifiable Information (PII) about shoppers who help fulfill orders. After order completion, Instacart requires that you delete this PII within a contractually specified amount of time.
However, if you’re unable to implement data deletion processes, Instacart can instead remove the shopper’s PII before responding to your requests or sending you callbacks.
For each applicable operation, the following table explains what shopper data is redacted and the reason for doing so:
| Operation | Description |
|---|---|
| Get order handling information response | The shopper object is removed because it contains the shopper’s first name and avatar. |
| Get order location response | A successful response reveals the geographical coordinates of the shopper’s location. As a result, an error is returned instead. |
| Order location callback | The callback isn’t sent because its event_metadata object reveals the geographical coordinates of the shopper’s location. |
| Get order chat messages response | A successful response potentially contains the messages exchanged between shoppers and customers, along with shopper names and avatars. As a result, an error is returned instead. |
| Customer acknowledged callback | The callback isn’t sent because its event_metadata object contains the shopper’s display name. |
| Delivered callback | The delivery_photo_url and certified_delivery_name fields are removed from the callback’s event_metadata object because both are potentially PII. |
If you’re interested in enabling this feature, contact your Instacart representative.