What's New

Privacy Policy

This Eversight Privacy Policy (this “Policy”) describes how Eversight, a wholly owned subsidiary of Maplebear Inc. d/b/a Instacart and its affiliates (collectively, “Eversight”, “we”, or “us”) collect, use, share, and safeguard your personal information. This Policy also tells you about the choices you can make with respect to your personal information, and how you can reach us to get answers to your questions.“personal information” means any information related to an identified or identifiable natural person, subject to applicable data protection laws. Personal information includes the term “personal data” as used in data privacy laws.

You can jump to particular topics by going to the headings below: 

  • Scope of this Policy
  • Types of Information We Collect
  • How We Use Information
  • Information Disclosure
  • Your Privacy Rights and Choices
  • How to Submit a Privacy-Related Complaint
  • Cross-Border Transfers
  • Information Security
  • Information Retention
  • Children’s Privacy
  • Third-Party Websites
  • Changes to this Policy
  • Contact Information
  • Jurisdiction Specific Disclosures
  • Scope of this Policy

This Policy applies to the Processing of your personal information by Eversight as a Controller. In particular, this Policy applies to personal information collected through:  

  • Any Eversight website on which we post this Policy (our “Sites”);
  • Our internal and/or customer facing mobile or downloadable applications, web-based applications or SaaS platforms (our “Apps”); and
  • Any offline processing, either within or outside the use of our Sites and Apps.

Our Sites, Apps, and any offline services are collectively referred to as our “Services”.

Please note that we may process your personal information pursuant to an agreement with the retailer, consumer packaged goods (CPG) brands or another entity (individually, “Eversight Customer” and collectively, “Eversight Customers”) you work for or otherwise do business with. In those cases, the terms of that agreement may govern how we process your personal information. If you believe an Eversight Customer has asked us to process your personal information on their behalf, please consult with them in the first instance.

This Policy does not apply to any third-party websites and apps that you may use, including those to which we link in our Services. You should review the terms and policies for third-party websites and apps before clicking on any links.

Types of Information We Collect

a. Information you provide 

Depending on the nature of your interaction with us, we may collect the following types of personal information directly from you: 

  • Contact information. We collect your contact information in order to communicate with you, such as when you contact us for help. This may include your name, telephone number, email address, business mailing address, the name of the Eversight Customer you are associated with, your job title or position at such Eversight Customer.
  • Demographic information. When you choose to provide us such information we may collect age, gender, zip code, and state.
  • Commercial information. In order to conduct business with an Eversight Customer you are associated with, such as processing transactions and orders for such Eversight Customer, we collect records of products or services purchased, obtained, considered, or used.
  • Account information. When you create an account with Eversight, we collect certain personal information such as your name, telephone number, email address, the name, address and location of the Eversight Customer you are associated with. We also collect your username and password to manage your access rights to the Services.
  • Content of communications. We collect other information that you choose to provide, including emails and content of your customer service requests, website chats and survey responses.
  • Video or voice data. When you interact with our customer support or participate in user research studies, we may collect video and/or audio recordings, and transcripts of those recordings. We may also collect your photo or video footage via CCTV cameras or other technologies when you visit our office or participate in our events and conferences.

b. Information created by us. We create personal information about you, such as credentials for access to our Services.

c. Information received from third parties. We may receive personal information about you from third parties. For example: 

  • Parties acting on our behalf. We collect personal information about you from certain affiliates and service providers that provide information to help us manage and operate our business.
  • Third Party Services. If you log in to our Services through a third-party service, or if our Sites or Apps are hosted by a third party, we may receive some information about you and your use of that third party service.  
  • Other third parties: We also may collect or receive information relating to you from:
    • Partners who assist us in credit checks, sanctioned party screening required under applicable export control laws, fraud prevention or in connection with claims or disputes; 
    • Other individuals if they refer you to us; 
    • Partners with whom we work for business-to-business contact information verification or updates;
    • Partners with whom we work for advertising measurement, attribution, and analytics;
    • Law enforcement, public health, and other governmental authorities; and 
    • Publicly available sources. 

    d. Information collected by automated means.When you use and interact with our Sites, Apps and emails, we may automatically receive certain information about your device, browser, and/or activity:

    • Device information. Our servers will record information about the device you use to connect to the Sites or log in to our Apps. This information includes your device’s IP address, your device type, browser type, internet service provider, operating system, and unique device identifiers.
    • Usage information. Our servers will record information about your usage of our Sites or Apps. This information includes the frequency with which you use our Sites or Apps, the duration of such usage, the pages that you navigate to, links that you click, and other ways that you interact with our Sites or Apps. We also may use third party services that employ software code to record users’ interactions with our Sites and Apps also known as  session replay, which records users’ clicks on our Sites and Apps. The purpose of session replay is to  help us diagnose usability problems and identify areas for improvement.  
    • Cookies, Pixels, and Other Tracking Technologies. When you visit or otherwise interact with our Sites, Apps and emails, we may automatically collect information about you using cookies, pixels, and similar technologies. We use this information for various purposes, including to: make the Sites and Apps function properly; understand how you use our Sites and Apps; personalize your experience; remember your preferences and selections; and measure, manage, display, and customize the advertisements you see. 

    We may use third-party analytics providers who may deploy cookies, pixels, and similar technologies to analyze traffic to our Sites and Apps and understand the usage of our Sites and Apps as well as the performance of advertisements. For example, we may use analytics tools that help us understand how our Eversight Customers and other visitors engage with our Sites, Apps, emails or advertisements.

    The following table describes the categories of tracking technologies that are placed on the Eversight Sites and Apps, the purposes for which they are used, and whether they are placed by Eversight or third parties.

    Tracking Technology Type Purpose Placed By
    Cookie Analytics Google
    Cookie Maintain and honor consent preferences Securiti.ai
    Cookie Performance & Functionality Salesforce
    Cookie Security & Fraud Prevention Cloudflare
    Cookie Performance & Functionality Vimeo
    Cookie Firewall Incapsula
    Cookie Track user login Eversight

    3. How We Use Information
    We use the personal information we collect or otherwise obtain about you for the following purposes: 

    Purpose Description Lawful Basis for Processing under GDPR
    Conduct Business We may use your personal information to conduct business with the Eversight Customer you are associated with, such as processing transactions and orders, and to provide customer support.  Performance of contract or our legitimate interest to provide and administer our Services.
    Onboarding We may use your personal information to onboard and enroll the Eversight Customer you are associated with as a business partner or user of one of our Services. Performance of contract or our legitimate interest to provide and administer our Services.
    Provide the Services and manage the Sites We may use your personal information in connection with the provision, administration, and management of our Services and the Sites.   Performance of contract or our legitimate interest to provide and administer our Services.
    Account administration and access restriction We may use your personal information to register you as an account holder, manage your account with us,  and provide you and maintain your access to our Services. Performance of contract  and necessary for our legitimate interest in protecting the security and integrity of our systems, processes and business.
    Payments We may use your personal information to process payments for any Service orders you place.   Necessary for the performance of contractual obligations or our legitimate interest in complying with the terms of our contracts.
    Provide you with user support, respond to inquiries and complaints We may use your personal information to respond to  your inquiries and assist you in your use of our Services. We may use your personal information to respond to complaints and conduct  investigations regarding any reported or suspected wrongdoing. We may also use your personal information to communicate with you when you engage with our chat functionality. Necessary for the performance of contractual obligations or our legitimate interest in complying with the terms of our contracts, protecting our commercial interests and reputation, ensuring our Services operate as intended, and protecting the security and integrity of our systems, processes and business.cn n4rn e4rr
    Communicate with you We may use your personal information to provide you with relevant information about us or our Services or to request information or feedback. These communications include reaching out to you with new products and services, sending you updates about our Services, communications about changes to this Policy or other applicable terms and policies.  Necessary for the performance of contractual obligations or our legitimate interest in complying with the terms of our contracts and ensuring our Services operate as intended. 
    Carry out our marketing and advertising activities We (and our partners) may use your personal information to send you marketing and promotional materials and communications, and to analyze and measure their effectiveness.  Our lawful basis for processing is that you have consented to receiving marketing/personalization from us or our legitimate interest in furthering our commercial interests in our Services.
    Customize and personalize our Services We use your personal information to help us understand which parts of the Sites are of most interest to you and customize or personalize your experience. Based on how you browse, use, or otherwise interact with the Sites, we display content, advertising, recommendations and otherwise personalize the Sites to you.  Our lawful basis for processing is that you have consented to receiving marketing/personalization from us and our legitimate interest to personalize our Services.
    Identify usage trends and improve our Services We may use your personal information to help us (or our partners) conduct research and analytics about your use of the Sites and identify usage trends. We also use your personal information to identify issues, test new features or changes in our features, and improve Services.   Necessary for our legitimate interest in ensuring our Services operate as intended and protecting and furthering our commercial interests in our Services.
    Maintain security and prevent fraud We use your personal information to (a) help maintain the security and integrity of the Sites; (b) detect, prevent, investigate, and protect you, our business, our users, and others from fraud, unauthorized transactions, and other unsafe activity; and (c) protect the safety, rights, or property of any person, the public, or Eversight. Necessary for our legitimate interest in:

    • Determining the risk that would be posed to Eversight and others;
    • Protecting the security and integrity of Eversight systems, processes and business, and helping to prevent and detect criminal activity.
    Satisfy our legal obligations We use your personal information to comply with applicable laws and regulations, respond to legal process, and/or respond to requests and communications from law enforcement authorities or other government officials.  Processing is necessary for:

    • Our compliance with legal obligations to which we are subject; and
    • Our legitimate interest in ensuring that we comply with regulatory or industry requirements, guidance, or best practice recommendations which are not underpinned by law.
    Corporate Restructuring We may use your personal information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.   Necessary for our legitimate interest in ensuring our Services operate as intended and protecting and furthering our commercial interests.

    As otherwise necessary or appropriate. We will use your personal information for other purposes at your direction or with your consent. 

    4. Information Disclosure

    We may disclose your personal information to the categories of recipients listed below. 

    • Our affiliates and subsidiaries. We may disclose your personal information to our affiliates, subsidiaries, and other companies under common control and ownership for purposes consistent with this Policy and other business and operational purposes.
    • The Eversight Customer you are associated with. We may disclose your personal information to personnel of the Eversight Customer you are associated with where instructed by you or when necessary for business and operational purposes. The Eversight Customer you are associated with may use such personal information in accordance with their own privacy policies.
    • Our service providers and third-party partners. We may disclose your personal information to third parties that provide services to us, including: cloud storage services; system hosting services; research partners; data security services; fraud prevention; payment processing services; delivery services; analytics services; and legal services.
    • Our marketing and advertising partners. We may disclose your personal information to our marketing and advertising partners, including social media platforms, third-party advertising networks, and other parties to assist in serving and measuring our or their advertisements.
    • In connection with legal matters. We may share your personal information when we believe that the disclosure is reasonably necessary to comply with applicable laws, regulations, legal processes, or legal requests.
    • Professional advisers. We may disclose your personal information to manage risks, obtain professional advice, perform investigations, and exercise or defend against legal claims.
    • Third parties in connection with a sale or business transaction. We may sell or purchase assets during the normal course of business. If another entity acquires us or any of our assets, information that we have collected may be transferred to such entity and its advisors leading up to and/or following the transaction. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, information that we hold may be considered an asset of ours and may be sold or transferred to third parties.
    • Other third parties and partners. We will disclose your personal information to other parties at your direction or with your consent. We may also disclose your personal information to other parties if we believe it is necessary or appropriate either: (a) under applicable law; (b) to protect our operations and those of any of our affiliates; (c) to protect our rights, privacy, safety, or property, and/or those of others; or (d) to allow us to pursue available remedies or limit damages that we may sustain.

    We may disclose your personal information for other reasons that we will describe at the time of information collection or prior to sharing your information.

    5. Your Privacy Rights and Choices
    You, as a data subject, may have certain rights relating to your personal information, subject to local data protection laws. Depending on the applicable data protection laws these rights may include: 

    • Right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;
    • Right of rectification
    • Right of erasure/deletion (Note that following a deletion process some information may be retained in connection with our legal and record-keeping obligations, as required by applicable laws);
    • Right to restrict processing;
    • Right to object to processing:
      • at any time to your personal information being processed for direct marketing (including profiling); and
      • in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims.
    • Right to not be subject to automated decision making: you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you;
    • Right to data portability
    • Right to withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.

    Requests relating to your personal information can be made by contacting us at eversightprivacy@instacart.com. We will require you to verify your identity and to specify what information you require.

    In addition the privacy rights above, you have the following choices regarding promotional emails and online tracking specifically:

    • Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
    • Online Tracking. Because essential cookies are strictly necessary to operate the website, there is no option to opt out of these cookies. The analytics cookies can be managed in two ways: by way of prior consent or by leveraging web browsers settings that give the ability to manage non-essential cookies (i.e. accept or reject) in the device terminal.

    6. How to Submit a Privacy-Related Complaint
    If you wish to complain about a breach of your privacy or the handling of your personal information by us, please contact us at eversightprivacy@instacart.com.

    Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Eversight’s parent company, Maplebear Inc., d/b/a Instacart, has appointed a European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

    In addition, you also have the right to lodge a complaint with the relevant data protection authority for your country. The data protection authority in your relevant member state can be found here.

    7. Cross-Border Transfers

    Your personal information collected through our Services may be stored and processed in the United States, Canada or any other country in which Eversight or its affiliates, partners or service providers maintain facilities, which may result in the transfer of your personal information outside of the country or region in which you reside.

    If personal information is transferred out of the jurisdiction in which it was collected,  we will do so in accordance with applicable law, however, please note that  the privacy laws of those countries may not offer the same level of personal information protection as privacy laws from which the personal information was collected. However, this does not change our commitment to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure.

    Where information in relation to data being transferred outside the EEA, and UK, for example, a transfer may be done in one of the following ways:

    • the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for personal information;
    • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information; or
    • In other circumstances the law may permit us to otherwise transfer your personal information outside of the EEA and UK.

    8. Information Security
    We employ and maintain reasonable administrative, physical, and technical measures designed to safeguard and protect personal information under our control from unauthorized access, use, and disclosure. Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your Information, we cannot guarantee the security of your information transmitted through the Sites or over email; any transmission is at your own risk.

    9. Information Retention
    We keep personal information only for as long as necessary to fulfill the purposes for which we have collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of the personal information; the purposes for which we use the personal information; whether we can achieve those purposes through other means; and the applicable laws that require us to retain information for regulatory purposes or permit us to retain the information to preserve our legal rights.

    10. Children’s Privacy
    Our Services are not designed for or intentionally directed to children under the age of 18, and we do not knowingly collect personal information from children under the age of 18.

    11. Third-Party Websites
    We may integrate some of our Sites, Apps and Services with or include links within our Sites, Apps or Services to other applications, platforms, websites and services that we do not operate. We may also offer social sharing tools that let you share actions on our Sites, Apps or Services with other websites and vice versa. The privacy practices of these websites, platforms and services will be governed by their own privacy policies. We expressly disclaim any and all liability for the actions of third parties, including, but without limitation to, actions relating to the use and/or disclosure of personal information by third parties.

    12. Changes to this Policy
    We may occasionally update this Policy to reflect changes in our practices with respect to the collection, use, and disclosure of personal information and/or changes in applicable law. The “Last updated” date at the top of this page indicates when this Policy was last revised. If we make changes, we will revise the date at the top of this Privacy Policy and, in the case of material changes to this Policy, we may provide you with additional notice (such as a notice posted on the Services or a message delivered to the email address that we have on file for you). We encourage you to review this Policy periodically to remain informed about our information handling and privacy practices.

    13. Contact Information
    If you have questions or comments about this Policy or our information handling practices, please contact our team at:

    Instacart

    50 Beale Street, Suite 600

    San Francisco, California 94105

    eversightprivacy@instacart.com 

    1-888-246-7822

    If you have a disability and would like to access this Policy in an alternative format, please contact us at (888) 317-8968. Eversight is committed to making its electronic and information technologies accessible to individuals with disabilities.

    If you have comments concerning our Sites’ accessibility, please contact us at the email address accessibility-feedback@instacart.com

    14. Jurisdiction Specific Disclosures

    • a. Disclosures for Residents of Nevada.  We do not sell your personal information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
    • b. Disclosures for Residents of California.
    • Registered Agent. You may designate an authorized agent to exercise Your Privacy Rights and Choices on your behalf. To designate an authorized agent to exercise choices on your behalf, please provide evidence that you have given such agent power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. We will respond to your request consistent with applicable law and subject to proper verification. We will verify your request by asking you to send it from the email address associated with your account or to provide information necessary to verify your account.
    • Do Not Track. “Do Not Track” (“DNT”) is a developing standard for web browsers that aims to inform the websites you visit that you do not want information about your online activity collected over time and across third-party websites or online services. Although we do our best to honor the privacy preferences of our users, we do not interpret or respond to DNT or other similar signals from your browser at this time. For more information, visit http://www.allaboutdnt.com.
    • Consumer Affairs. Under California Civil Code Section 1789.3, California residents are entitled to the following specific consumer rights notice: If you have a question or complaint regarding our website, please send an email toeversightprivacy@instacart.com.You may also contact us by writing to us at the address provided below under Contact Information. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.
    • Categories of Personal Information Collected.  As already described above, the following chart details the categories of Personal Information we have collected about California residents in the past twelve (12) months, the sources from which we’ve collected the information, the categories of recipients to whom we have disclosed the information, and the categories of recipients to whom we have sold or with whom we have “shared” the information for cross-context behavioral advertising (“Behavioral Advertising”). For clarity, we do not and have not in the last twelve (12) months sold or shared personal information about you as defined by the California Consumer Privacy Act (“CCPA”).

      • Category of Personal Information  Source(s)  Categories of parties to whom we have disclosed Personal Information for a business purpose Categories of parties with whom we have shared or to whom we have sold Personal Information for Behavioral Advertising
      Identifiers, including names, email addresses, IP addresses, postal address, social media account handles and other similar identifiers.
      • Directly from you 
      • Through automated means 
      • Third-party sources 
      • Our service providers
      • Our affiliates
      • Our business partners
         
      		 Our third-party partners, including marketing and advertising partners
      Commercial Information, including products purchased, obtained, or considered and other purchasing or consuming histories or tendencies. 
      • Directly from you 
      • Through automated means 
      • Third-party sources 
      • Our service providers
      • Our affiliates
      		 NA
      Internet or other electronic network activity information, including browsing history, search history, and information regarding individuals’ interactions with the Sites, emails, chatbots and/or advertisements. 
      • Through automated means 
      • Third-party sources 
      • Our service providers
      • Our affiliates

       

      		 Our third-party partners, including marketing and advertising partners
      Audio, electronic, visual, or similar information, such as telephone call recordings (where permitted by law). 
      • Directly from you 
      • Through automated means 
      • Our service providers
      • Our affiliates

       

      		 NA
      Inferences, meaning inferences drawn from any of the information in the categories listed above to create a profile about individuals reflecting their preferences and/or behavior.  
      • Through automated means 
      • Third-party sources 
      • Our service providers
      • Our affiliates
      • Our business partners
      		 NA
      Sensitive Personal Information, including driver’s license or state identification card numbers, log-in information for accounts in combination with passwords allowing access to the accounts.   NA

       

      		 NA
             		 NA

       

      Use and disclosure of sensitive personal information.  We only use or disclose sensitive personal information as necessary to provide the Services; resist malicious, deceptive, fraudulent, or illegal actions directed at our business; ensure the physical safety of natural persons; and verify, maintain, and improve the quality of our Services.