What are the institutional and regulatory implications of this document?

(1) REGULATORY EXPOSURE: This policy engages CCPA/CPRA (Cal. Civ. Code §§1798.100–1798.199), which is enforced by the California Privacy Protection Agency (CPPA) and California AG; Nevada SB 220 (NRS §603A), enforced by the Nevada AG; Canada's PIPEDA (S.C. 2000, c. 5), enforced by the Office of the Privacy Commissioner of Canada; and the FTC Act Section 5 (15 U.S.C. §45) for unfair or deceptive practices, enforced by the FTC. The prescription delivery section implicates potential proximity to H…

How does Instacart's Instacart Privacy Policy affect users?

Instacart collects a wide range of personal data including your precise location, purchase history, device identifiers, and for prescription deliveries, health-related information, and shares or sells this data with retail partners, advertising networks, and data brokers. This means your grocery shopping habits, health purchasing patterns, and location data may be used to build advertising profiles or shared with third parties beyond your reasonable expectation. You can opt out of the sale and …

How often is Instacart's Instacart Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Instacart updates this document?

Yes. Watcher subscribers ($9.99/month) can add Instacart to their watchlist and receive same-day email alerts whenever this document or any other Instacart document changes.

Instacart Privacy Policy — Instacart

8 Total

4 High severity

3 Medium severity

1 Low severity

Summary

This is Instacart's privacy policy explaining how the grocery delivery company collects and uses your personal information, including your name, address, purchase history, location data, and even prescription delivery details. The single most important thing to know is that Instacart explicitly sells and shares your personal data — including shopping habits and device identifiers — with retail partners and advertising networks, but you can opt out. California residents have the strongest rights including the ability to request deletion of their data and opt out of data sales by visiting Instacart's privacy choices page.

Technical Summary

This Privacy Policy, last updated January 15, 2026, governs Maplebear Inc. d/b/a Instacart's collection, use, and disclosure of Personal Information across its websites, mobile apps, APIs, and white-label retailer platforms, relying on consent, contractual necessity, and legitimate interest as legal bases depending on jurisdiction. The policy creates significant obligations around data sharing, including disclosure of Personal Information to retail partners, advertising networks, data brokers, and third-party service providers, while simultaneously granting users opt-out rights for data sales and targeted advertising. Notable provisions include explicit acknowledgment that Instacart 'sells' and 'shares' Personal Information under CCPA definitions, collection of sensitive health-adjacent data through prescription delivery services, and broad retention language that preserves data beyond transaction completion for unspecified 'business purposes.' The policy engages CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.), Canada's PIPEDA, Nevada SB 220, and implicitly the FTC Act Section 5; California residents have the most materially distinct rights including opt-out of sale/sharing, deletion, and correction. Compliance teams should note the prescription delivery data handling section, which implicates potential HIPAA adjacency risk, and the cross-border transfer provisions affecting Canadian users, which require PIPEDA-compliant data transfer mechanisms.

Evidence Provenance

Captured April 18, 2026 07:50 UTC

Document ID CA-D-000136

Version ID CA-V-000592

Source URL https://www.instacart.com/privacy

Wayback Machine View archived versions →

SHA-256 3a86f2d1917f8f00b774053bdaf52b78c75c2698fee3d5edd70569fa91712509

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 18, 2026 — Initial capture

Initial snapshot — monitoring begins

3a86f2d1…

View full version history (0 captures) →

High Severity — 4 provisions

Sale and Sharing of Personal Information

Instacart sells and shares your personal data — including your shopping habits and device information — with third parties including advertisers and retail partners, but you have the right to opt out.

Added April 18, 2026
Prescription Delivery Data Handling

When you use Instacart to order prescription medications, the company collects health-adjacent information related to your prescription, which is handled under a separate section of the privacy policy not available on white-label retailer sites.

Added April 18, 2026
Targeted Advertising and Cross-Context Behavioral Advertising

Instacart uses and shares your personal data with advertising partners to show you targeted ads based on your shopping behavior across different websites and apps, not just on Instacart itself.

Added April 18, 2026
California CCPA/CPRA Supplemental Disclosures

California residents have special rights under state law, including the right to know what personal data Instacart has collected, the right to delete it, the right to correct it, and the right to opt out of its sale or sharing.

Added April 18, 2026

Medium Severity — 3 provisions

Children's Privacy

Instacart's services are not intended for children, and the company has a separate section addressing how it handles the privacy of minors.

Added April 18, 2026
Cross-Border Data Transfers

Instacart may transfer your personal data to servers or partners located in countries outside your own, including from Canada to the United States, where different privacy laws apply.

Added April 18, 2026
Information Retention

Instacart keeps your personal data for as long as it needs to for business purposes, which may be longer than you would expect after you stop using the service.

Added April 18, 2026

Low Severity — 1 provision

Third-Party Websites Disclaimer

Instacart's privacy policy does not cover websites or apps that are linked from Instacart's platform — those third parties have their own separate privacy policies.

Added April 18, 2026

Cross-platform context

See how other platforms handle California CCPA/CPRA Supplemental Disclosures and similar clauses.

Compare across platforms →

Applicable Regulations

CCPA/CPRA

California, USA

CFAA

United States Federal

CAN-SPAM

United States Federal

GDPR

European Union

TCPA

United States Federal