Personal data protection
To safeguard personal data, Instacart limits how long chat messages remain accessible. Additionally, we can remove shopper personal data from API responses and callbacks.
Chat message accessibility
After an order is either delivered or cancelled, any messages exchanged between the customer and the shoppers fulfilling that order remain accessible for 24 hours. This restriction applies to both the chat feature on the Order Status Page as well as the get order chat messages API.
Shopper information removal
By default, some Connect API responses and event callbacks contain personal data about the shoppers who help fulfill orders. After order completion, Instacart requires that you delete this personal data within a contractually specified amount of time.
However, if you’re unable to implement data deletion processes, Instacart can instead remove the shopper’s personal data before responding to your requests or sending you callbacks.
For each applicable operation, the following table explains what shopper data is redacted and the reason for doing so:
| Operation | Description |
|---|---|
| Get order handling information response | The shopper object is removed because it contains the shopper’s first name and avatar. |
| Get order location response | A successful response reveals the geographical coordinates of the shopper’s location. As a result, an error is returned instead. |
| Order location callback | The callback isn’t sent because its event_metadata object reveals the geographical coordinates of the shopper’s location. |
| Get order chat messages response | A successful response potentially contains the messages exchanged between shoppers and customers, along with shopper names and avatars. As a result, an error is returned instead. |
| Customer acknowledged callback | The callback isn’t sent because its event_metadata object contains the shopper’s display name. |
| Delivered callback | The delivery_photo_url and certified_delivery_name fields are removed from the callback’s event_metadata object because both are potentially personal data. |
If you’re interested in enabling this feature, contact your Instacart representative.