Instacart operates a program through which aggregated and potentially de-identified purchase and behavioral data from its platform is licensed to consumer packaged goods brands and retail partners for advertising and market research purposes.
This analysis describes what Instacart's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The Retail Data program means that your grocery purchase patterns and related behavioral data may be licensed to the brands whose products you buy, enabling those brands to target you with advertising based on your Instacart shopping history.
Interpretive note: The full scope and mechanics of the Retail Data program are described in sections of the policy not fully reproduced in the provided document text; the characterization above is based on partial disclosure language and may not capture all program limitations or safeguards.
The policy discloses a Retail Data program under which purchase data, including items browsed, added to cart, and purchased, may be shared with or licensed to consumer packaged goods companies; this is operationally distinct from standard service provider data sharing and represents a secondary commercial use of consumer shopping behavior.
Cross-platform context
See how other platforms handle Retail Data Program and similar clauses.
Compare across platforms →Monitoring
Instacart has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect Personal Information as described in the "Information We Collect" section below. We describe the business and commercial purposes for which we collect that information below under "Information Uses." We describe our disclosures of Personal Information, including why and to whom we make them, below under "Information Disclosures."— Excerpt from Instacart's Instacart Privacy Policy
REGULATORY LANDSCAPE: The Retail Data program engages CCPA/CPRA to the extent that data shared with CPG brands constitutes a sale or sharing of personal information. If data is provided in de-identified or aggregated form that meets the CCPA definition of de-identification, it may fall outside CCPA's sale restrictions, but this depends on whether Instacart maintains appropriate technical and organizational safeguards against re-identification. The FTC has jurisdiction over deceptive practices related to data licensing disclosures. GOVERNANCE EXPOSURE: High. The classification of Retail Data program recipients as service providers versus third parties under CCPA is material; if CPG brands receive personal information (even pseudonymized) and use it for their own purposes, this likely constitutes a sale or sharing requiring opt-out mechanisms. JURISDICTION FLAGS: California creates the highest exposure. If any data in the Retail Data program can be linked back to individual consumers, CPRA's definition of sale and sharing applies. Other states with comprehensive privacy laws (Virginia, Colorado) may impose similar obligations. Canadian user data included in the Retail Data program may require additional consent under PIPEDA and Quebec Law 25. CONTRACT AND VENDOR IMPLICATIONS: Contracts with CPG brand recipients should include contractual prohibitions on re-identification, downstream sharing, and use beyond the stated purpose. Procurement teams reviewing vendor relationships with Instacart as a data supplier should assess whether Retail Data outputs contain personal information and whether their own use would trigger independent privacy obligations. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the de-identification standards applied to Retail Data outputs meet applicable regulatory definitions; review contractual terms with CPG recipients for re-identification prohibitions; and assess whether the Retail Data program requires additional disclosure in the CCPA categories of disclosure table.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The Retail Data program means that your grocery purchase patterns and related behavioral data may be licensed to the brands whose products you buy, enabling those brands to target you with advertising based on your Instacart shopping history.
The policy discloses a Retail Data program under which purchase data, including items browsed, added to cart, and purchased, may be shared with or licensed to consumer packaged goods companies; this is operationally distinct from standard service provider data sharing and represents a secondary commercial use of consumer shopping behavior.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Instacart.