Instacart states it sells and shares certain categories of your personal information, including to advertising partners, and provides an opt-out mechanism for California residents and others.
This analysis describes what Instacart's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy explicitly acknowledges that personal information is sold and shared within the meaning of CCPA, which means your purchase history, device identifiers, and browsing behavior may be transferred to third-party advertising and analytics companies.
The policy authorizes sale and sharing of personal information including purchase history, device identifiers, and browsing activity with advertising networks and retail brand partners; consumers, particularly California residents, can opt out of this practice at instacart.com/privacy-choices.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Instacart has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We describe choices and rights you may have with respect to our use and disclosure of your Personal Information, including with respect to how we sell or share certain categories of Personal Information, and how you may exercise these rights, including your right to opt out, under "Your Privacy Choices."— Excerpt from Instacart's Instacart Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), which impose disclosure, opt-out, and data flow obligations when a business sells or shares personal information with third parties for cross-context behavioral advertising. The California Privacy Protection Agency and California Attorney General are the primary enforcement authorities. Nevada's online privacy statute also requires businesses to provide opt-out rights for sale of covered information. GOVERNANCE EXPOSURE: High. The explicit acknowledgment of data sale and sharing under CCPA requires documented opt-out mechanisms that are technically functional across all platforms including white-label deployments. Failure to honor opt-out requests within the required timeframes creates direct regulatory exposure. JURISDICTION FLAGS: California creates the highest exposure due to CPRA private right of action for certain data breaches and CPPA enforcement authority. Nevada residents have a separate opt-out right. Users in states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Texas) may also have opt-out rights that this policy does not explicitly address, creating potential compliance gaps. CONTRACT AND VENDOR IMPLICATIONS: Data sharing agreements with advertising partners, retail brands, and analytics providers must be evaluated to determine whether recipients qualify as service providers (which would not constitute a sale) or as third parties (which would). Misclassification of data recipients is a common regulatory scrutiny area under CCPA. COMPLIANCE CONSIDERATIONS: Compliance teams should audit opt-out signal handling (including Global Privacy Control compliance as required under CPRA), document all third-party recipients of sold or shared data, verify contractual restrictions on downstream use, and confirm that opt-out requests are honored within 15 business days as required under CCPA.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy explicitly acknowledges that personal information is sold and shared within the meaning of CCPA, which means your purchase history, device identifiers, and browsing behavior may be transferred to third-party advertising and analytics companies.
The policy authorizes sale and sharing of personal information including purchase history, device identifiers, and browsing activity with advertising networks and retail brand partners; consumers, particularly California residents, can opt out of this practice at instacart.com/privacy-choices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Instacart.