What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages the California Consumer Privacy Act and California Privacy Rights Act (enforced by the California Privacy Protection Agency and California Attorney General), the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and analogous state frameworks. It also engages Canadian federal and provincial privacy law including Quebec Law 25 (Bill 64), the Australian Privacy Act 1988, and the New Zealand Privacy Act 2020. The po…

How does DoorDash's DoorDash Privacy Policy affect users?

The policy establishes that DoorDash collects and may disclose precise geolocation data, government-issued identification documents, device identifiers, message content, and session replay data to third-party partners including advertisers and analytics providers. Users in California and certain other jurisdictions may submit opt-out requests through the DoorDash Privacy Portal to decline sale or sharing of personal data for advertising, and the policy permits location sharing opt-out through t…

How often is DoorDash's DoorDash Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when DoorDash updates this document?

Yes. Watcher subscribers ($9.99/month) can add DoorDash to their watchlist and receive same-day email alerts whenever this document or any other DoorDash document changes.

CA-D-000134

DoorDash Privacy Policy

DoorDash

Last change detected May 11, 2026 Privacy policy

SHA-256: 56cc950d376e6aa69f0… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at DoorDash ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

9 Medium severity

1 Low severity

Summary

This document establishes DoorDash's data collection, use, and disclosure practices for users of its food delivery platform. The policy authorizes collection of precise GPS location, government-issued identification, payment card information, order history, device identifiers, and in-app message content, with provisions permitting disclosure to advertising partners, analytics providers, merchants, delivery partners, and law enforcement. The policy establishes opt-out mechanisms for California and certain other state residents to decline sale or sharing of personal data for advertising purposes.

Technical / Legal Breakdown

This document is DoorDash's Consumer Privacy Policy, last updated July 1, 2025, governing the collection, processing, retention, and disclosure of personal information in connection with DoorDash's consumer-facing platforms, websites, mobile applications, and communication channels. The policy states that DoorDash collects contact information, account and profile data, government-issued identification, payment information, geolocation data, device identifiers, transaction and activity history, and communications content; the terms authorize disclosure of this information to service providers, Dashers, merchants, business partners, advertising networks, and government or law enforcement authorities. The policy asserts the authority to share personal information with advertising, analytics, and marketing partners for ad personalization on third-party platforms, and discloses use of session replay technology to capture user interactions; the policy also states that personal information may be processed outside the user's jurisdiction, including outside Australia, Canada, New Zealand, and the United States, without specifying transfer safeguard mechanisms in detail. The policy engages the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (CDPA), Colorado Privacy Act, Connecticut Data Privacy Act, and analogous state privacy frameworks, as well as Canadian privacy law (including Quebec Law 25), Australian Privacy Act, and New Zealand Privacy Act; where applicability depends on jurisdiction, specific consumer rights such as opt-out of data sale or sharing, deletion, and correction are conditioned on residency and the operative state or national law.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 11, 2026

low

What changed DoorDash's privacy policy was reformatted on May 11, 2026, with changes to the document's structural organization. Section headings were moved from standalone numbers (III, IV, V, VI) to inline positions with their corresponding titles. The Device Information disclosure remained substantively the same but was repositioned in the document. These are primarily formatting and organizational changes with no material alteration to what data DoorDash collects, uses, or discloses.

Why this matters The updated policy retains all substantive privacy disclosures. The reformatting of section headings from standalone numbers to inline titles does not alter what personal information DoorDash collects, how it uses that information, or what choices remain available to users. Your ability to turn off precise location sharing, for example, continues to be available under the revised structure.

View full change record →

Medium — 9 provisions

Precise Geolocation Collection Including Background Tracking Compare →

DoorDash can collect your exact GPS location even when the app is running in the background on your phone, meaning it can track your position even when you are not actively using the app. You can use the service without enabling this, but some features may not work as well.

Added May 12, 2026 Standard Seen across 251 platforms
Government-Issued ID Processing for Age Verification Compare →

When you order age-restricted products like alcohol, DoorDash may collect and process your government-issued ID and signature. The policy acknowledges this information is treated as sensitive personal data in some states and countries.

Added May 12, 2026 Standard Seen across 262 platforms
Session Replay Technology Disclosure

DoorDash discloses that it uses session replay technology to record your searches, clicks, taps, and other interactions on its platform, capturing what you do on the app or website in a visual playback format.

Added May 12, 2026 Rare
Opt-Out of Sale or Sharing of Personal Data for Advertising Compare →

DoorDash uses your personal data to show you targeted ads on its own platform and on third-party websites. The policy states you can opt out of this use of your data, with details provided in the privacy rights section.

Added May 12, 2026 Standard Seen across 262 platforms
Disclosure of Personal Information to Merchants

When you place an order, DoorDash shares your personal information including contact details, order information, and potentially location data with the merchant. The merchant can use your contact information to call, email, or text you directly about your order.

Added May 12, 2026 Rare
Cross-Border Transfer of Personal Information Compare →

DoorDash may transfer your personal information to service providers located in other countries, which means your data may be processed under different privacy laws than those that apply where you live.

Added May 12, 2026 Standard Seen across 246 platforms
Consumer Privacy Rights by Jurisdiction Compare →

DoorDash states that it provides privacy rights including access, deletion, correction, and opt-out rights, with the specific rights available depending on your state or country of residence. The policy includes jurisdiction-specific disclosures for California, Virginia, Colorado, Connecticut, and international users.

Added May 12, 2026 Standard Seen across 262 platforms
Cookies, Pixels, and SDK Data Collection Compare →

DoorDash uses cookies, pixels, and software development kits (SDKs) to collect information about your device and browsing behavior on its platform and potentially on third-party sites. Your ability to control this depends on your browser and device settings.

Added May 12, 2026 Standard Seen across 251 platforms
Children's Personal Information Compare →

The policy includes a section specifically addressing personal information from children, which indicates DoorDash has specific practices or restrictions governing the collection of data from minors.

Added May 12, 2026 Standard Seen across 262 platforms

Low — 1 provision

Disclosure to Law Enforcement and Government Agencies Compare →

DoorDash may share your personal information with law enforcement, courts, government regulators, and other agencies in response to legal requests, investigations, or court orders. It may also receive information about you from these same parties.

Added May 12, 2026 Standard Seen across 246 platforms

Monitoring

DoorDash has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Behavioral Inferences and Targeted Advertising and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 11, 2026 17:43 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000134

Version ID CA-V-002434

Source URL https://www.doordash.com/privacy/

Wayback Machine View external archival references →

SHA-256 56cc950d376e6aa69f04ab3ae12930a6b0c0562552551b9d85820ed9d11db664

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

DoorDash Privacy Policy

May 11, 2026

Monitor governance changes across the platforms you rely on.