If you live in California, you have specific legal rights to see, delete, correct, and limit how DoorDash uses your personal data, and you can opt out of DoorDash sharing your information with advertisers.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
California residents have the strongest set of privacy rights available under U.S. state law for this context, including the ability to stop DoorDash from sharing their data with ad partners and to limit the use of sensitive data like precise location.
Interpretive note: Exact verbatim text was not recoverable from the truncated HTML source; the excerpt reflects the substantive content of DoorDash's publicly available CPRA rights disclosure.
California residents can affirmatively exercise rights to access, delete, correct, and opt out of data sale and sharing by submitting requests through DoorDash's Privacy Portal, providing meaningful control over how their personal information is used in ways not available to users in most other U.S. states.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you. You have the right to request deletion of your personal information, subject to certain exceptions. You have the right to opt out of the sale or sharing of your perso...
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell or share about you; the right to delete your personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of sensitive personal information; and the right not to be discriminated against for exercising your rights.— Excerpt from DoorDash's DoorDash Privacy Policy
1. REGULATORY LANDSCAPE: These rights derive from the California Consumer Privacy Act as amended by CPRA, enforceable by the California Privacy Protection Agency (CPPA) and California Attorney General. The policy's enumeration of rights including correction and sensitive data limitation reflects CPRA's expanded rights beyond the original CCPA. Non-discrimination provisions track CPRA requirements that consumers exercising rights may not be denied service. 2. GOVERNANCE EXPOSURE: Medium. The obligation to respond to consumer rights requests within 45 days (extendable by an additional 45 days), to verify identity appropriately, and to honor GPC signals creates ongoing operational burden. Failure to implement response processes creates enforcement exposure with the CPPA, which has issued enforcement guidance and initiated actions on request response failures. 3. JURISDICTION FLAGS: These rights apply specifically to California residents. Other states with similar frameworks (Virginia, Colorado, Connecticut, Texas, Florida, Montana, Oregon, Delaware) provide overlapping but not identical rights sets, requiring DoorDash to maintain jurisdiction-aware rights request processing. Non-US users are not covered by this provision. 4. CONTRACT AND VENDOR IMPLICATIONS: Service providers processing data on DoorDash's behalf must contractually support deletion and correction requests flowing downstream, as CPRA requires that verified consumer requests be honored across the data supply chain where technically feasible. Vendor contracts should include data subject request cooperation clauses. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the Privacy Portal's technical implementation to ensure all six enumerated rights are supported with appropriate verification, response timing, and record-keeping. GPC signal recognition should be tested across all DoorDash web and app surfaces. Annual CPRA requirements for data category disclosures and privacy policy updates should be calendared.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
California residents have the strongest set of privacy rights available under U.S. state law for this context, including the ability to stop DoorDash from sharing their data with ad partners and to limit the use of sensitive data like precise location.
California residents can affirmatively exercise rights to access, delete, correct, and opt out of data sale and sharing by submitting requests through DoorDash's Privacy Portal, providing meaningful control over how their personal information is used in ways not available to users in most other U.S. states.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.