The hidden value in delivery transactions: customer data
COVID-19 has changed the fabric of our preferences as consumers, and how we do business as owners. One of the most glaring changes has been how consumers prefer to receive their products and food — by delivery. Think about how many times you’ve ordered from Amazon, Instacart, UberEats or DoorDash over the past four months, for instance.
For some perspective: Last year, in May, US Foods — a foodservice supplier and distributor that’s based in Illinois, with about
$24 billion in annual revenue — estimated that the average person had two delivery apps on his or her phone and used them about three times a month. Since the pandemic began, these apps have become an essential service for many families who self-quarantine or limit their visits to grocery stores and restaurants. Instacart, for instance, has seen orders rise as much as 500 percent during the pandemic, according to a report in RetailWire.
These third-party services benefit from fees that they charge both the customer and business, of course. But they also harvest something much more valuable: customer data. Perhaps the most valuable resource that comes from a transaction is the data analytics about the customer — such as personal information (i.e. name, email, etc.) and/or customer behavior (i.e., product preferences and “basket” size).
How are these companies using the customer data?
To try to answer that, I reviewed each company’s privacy policy, which is accessible on the companies’ websites.
In the context of delivery services, a privacy policy is a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer information acquired from a transaction. Probably nearly all consumers don’t bother to read this dense legal document.
Here’s what we learned when we looked at the privacy policies of some of the better-known thirdparty delivery companies:
It’s not uncommon in certain contexts for your personal information to be shared by the party receiving that information with another third-party (such as the credit card company, or the restaurant), but DoorDash’s privacy policy indicates that the company shares your personal information with its “related entities.” These include Caviar, another third-party delivery service that DoorDash
recently purchased.
What would Caviar do with your customer data? That isn’t clear, but the privacy policy does indicate that Caviar is required to adhere to DoorDash’s privacy policy when using that information.
UberEats lets us know that it might send communications about products and services offered by “Uber partners” They list examples such as “data analytics providers, marketing partners and restaurant partners.”
Additionally, and particularly out of place, UberEats’ privacy policy notes that the company itself may use customer data to communicate with users regarding elections, ballots, referenda and other political notice processes that relate to their services, such as ballot measures or legislation relating to the availability of services in those users’ area.
In other words, if there’s legislation that impacts whether Uber can operate in your community, they want to let you know about it.
Instacart indicates on its website that sometimes, the company shares your information with parties to process information “on our behalf or to otherwise provide certain services (such as delivery services, advertising services or information to better tailor our services to you).”
Although Instacart says that the information is being shared under confidentiality provisions, the description is vague, and the ultimate takeway is that your information is being shared to some degree.
The suggestion here isn’t that these companies are doing anything improper with the customer data. At the end of the day, they are presumably adhering to law and providing the required visibility into how they use that information. Rather, the point is made, again, that there is intrinsic value in these transactions other than the fees paid by the customer and the restaurant.
If you’re a restaurant owner, does being cognizant of this intrinsic value create additional leverage when negotiating with these delivery companies? More likely than not, the answer is a resounding no.
But an awareness of how these big companies use customers’ data may also prompt restaurant owners to think about whether the reward outweighs the risk in creating their own “native delivery” experience — that is, where there are no fees, the customer experience is controlled by the restaurant, and the customer data ultimately belongs to the restaurant.
Corporate and transactional attorney Andrew Cromer is a partner with the full-service boutique law firm of AXS Law Group in Wynwood. He may be reached at andrew@axslawgroup.com.