What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), under enforcement by the California Privacy Protection Agency and California Attorney General, including disclosure and opt-out obligations for sale and sharing of Personal Information and limits on sensitive personal information use. The policy also engages Canada's PIPEDA and applicable provincial privacy laws (including Quebec Law 25), the Nevada online privacy statute…

How does Instacart's Instacart Privacy Policy affect users?

The policy establishes that Instacart collects and retains purchase history, precise geolocation, device identifiers, and browsing activity from users. The policy authorizes the sale and sharing of this data with advertising networks, retail brand partners, and analytics providers through standard commercial channels and the dedicated Retail Data licensing program. Users in California may opt out of data sale and sharing through designated mechanisms, while users in other states may request dat…

How often is Instacart's Instacart Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Instacart updates this document?

Yes. Watcher subscribers ($9.99/month) can add Instacart to their watchlist and receive same-day email alerts whenever this document or any other Instacart document changes.

CA-D-000136

Instacart Privacy Policy

Instacart

Last change detected May 7, 2026 Privacy policy

SHA-256: fb51d26dfa84f1b520c… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Instacart ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

3 Medium severity

1 Low severity

Summary

This is Instacart's privacy policy that establishes the types of personal information collected from users, including name, address, phone number, purchase history, precise location, device identifiers, browsing behavior, and communications. The policy authorizes the sharing and sale of collected data to advertising partners, retail brands, and analytics providers, including through a Retail Data licensing program that makes aggregated purchase data available to consumer packaged goods companies. The policy establishes opt-out mechanisms for California residents at instacart.com/privacy-choices and permits all users to request data deletion through account settings or by contacting privacy@instacart.com.

Technical / Legal Breakdown

This Privacy Policy, last updated January 15, 2026, governs the collection, use, and disclosure of Personal Information by Maplebear Inc. d/b/a Instacart and Maplebear Canada Inc. across Instacart websites, mobile apps, APIs, and white-label retailer platforms where the policy is linked. The policy states that Instacart collects contact information, account credentials, purchase history, device identifiers, precise geolocation, browsing and search activity, communications content, and inferred demographic and behavioral data; the terms authorize use of this information for service delivery, personalized advertising, cross-context behavioral advertising, and sharing with retail partners, advertising networks, analytics providers, and data brokers. The policy discloses that Instacart sells and shares Personal Information as defined under the California Consumer Privacy Act, including sharing precise geolocation and purchase data with advertising partners; it separately discloses a Retail Data program under which aggregated and de-identified purchase data may be licensed to consumer packaged goods brands, a practice operationally distinct from standard consumer app data practices. The policy engages the California Consumer Privacy Act and California Privacy Rights Act, Canada's Personal Information Protection and Electronic Documents Act and provincial equivalents, Nevada's online privacy law, and U.S. Federal Trade Commission jurisdiction over unfair or deceptive data practices; California residents are granted opt-out rights regarding sale and sharing of Personal Information, the right to limit use of sensitive personal information, and the right to know and delete. The policy also contains specific provisions governing prescription delivery data and restaurant order data, each with distinct handling disclosures that may engage HIPAA-adjacent considerations and sector-specific regulatory scrutiny.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 7, 2026

low

What changed Instacart's Privacy Policy was updated on May 7, 2026 to remove a space before the final period in a sentence about contacting the company. The previous version read 'You may also contact us by writing to us at the address provided below under Contact Information .' with a space before the period. The updated version reads 'You may also contact us by writing to us at the address provided below under Contact Information.' without that space. This is a formatting correction with no operational impact on how users contact the company or what rights apply.

Why this matters This change has no operational impact on consumers. The updated terms state the same contact procedure as before; the modification corrects only formatting by removing an extra space before a punctuation mark. No rights, disclosures, obligations, or contact procedures were altered.

View full change record →

High — 4 provisions

Sale and Sharing of Personal Information

Instacart states it sells and shares certain categories of your personal information, including to advertising partners, and provides an opt-out mechanism for California residents and others.

Added April 18, 2026 Rare
Retail Data Program

Instacart operates a program through which aggregated and potentially de-identified purchase and behavioral data from its platform is licensed to consumer packaged goods brands and retail partners for advertising and market research purposes.

Added May 12, 2026 Rare
Prescription Delivery Data Handling Compare →

When you use Instacart to order prescription medications, the policy contains specific provisions governing how prescription-related personal information is collected, used, and disclosed, separate from standard order data.

Added April 18, 2026 Standard Seen across 198 platforms
California Supplemental Disclosures and CPRA Rights

California residents have specific rights under CCPA and CPRA, including the right to know what personal information is collected and how it is used, the right to delete their data, the right to opt out of sale and sharing, and the right to limit use of sensitive personal information.

Added May 12, 2026 Rare

Medium — 3 provisions

Children's Privacy Age Restriction Compare →

The policy states that Instacart's services are not directed to children under 18, and Instacart does not knowingly collect personal information from minors.

Added May 12, 2026 Standard Seen across 262 platforms
Cross-Border Data Transfers Compare →

Instacart states that personal information collected from Canadian users may be transferred to and processed in the United States, where privacy laws differ from those in Canada.

Added April 18, 2026 Common Seen across 122 platforms
Information Retention Compare →

Instacart states it retains personal information for defined periods, though the specific retention durations may vary by data type and purpose.

Added April 18, 2026 Standard Seen across 223 platforms

Low — 1 provision

Third-Party Website Disclaimer Compare →

Instacart states that its privacy policy does not apply to third-party websites linked from Instacart's platform, and users access those sites at their own discretion.

Added May 12, 2026 Standard Seen across 228 platforms

Monitoring

Instacart has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle California CCPA/CPRA Consumer Rights and similar clauses.

Compare across platforms →