DoorDash may transfer your personal information to service providers located in other countries, which means your data may be processed under different privacy laws than those that apply where you live.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that personal information may be transferred and processed outside the user's home jurisdiction, including outside Australia, Canada (and Quebec specifically), New Zealand, and the United States, without specifying the legal mechanisms used to authorize those transfers.
Interpretive note: The policy does not specify which transfer mechanisms or safeguards are in place for cross-border transfers, making compliance assessment dependent on documentation outside the policy itself.
Your personal information may be stored and processed by DoorDash's service providers in countries with different privacy standards than your home country. The policy does not specify what transfer safeguard mechanisms, such as standard contractual clauses, are in place for these cross-border transfers.
How other platforms handle this
We may transfer to and process your personal information in countries outside of the jurisdiction where you are located for the various purposes described above. When required by law, we will ensure that we rely on an appropriate legal mechanism for the transfer, such as your consent, standard contr...
OpenAI is based in the United States and the information we collect is governed by U.S. law. If you are accessing our services from outside of the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities in the United States and by tho...
Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of ...
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To Service Providers: To enable us to meet our business operations needs and to perform our Services, we may provide Personal Information to our service providers and vendors, including, but not limited to, providers of identification and verification services, cloud services, payment services, gift card program services, auditing services, security services, marketing and advertising services, promotions, sweepstakes and contest services, market research services, communication services, analytics services that help us understand usage of our Services, market enrichment services, location and mapping services, and customer support functions. These service providers may access, store and process your personal information outside of the jurisdiction in which you reside, including, without limitation, outside of Australia, Canada (and if you reside in the Province of Quebec, outside of Quebec), New Zealand and the United States.— Excerpt from DoorDash's DoorDash Privacy Policy
REGULATORY LANDSCAPE: Cross-border data transfers from the EU and EEA require appropriate transfer mechanisms under GDPR Chapter V, such as standard contractual clauses or adequacy decisions. Quebec Law 25 (Bill 64) requires privacy impact assessments before transferring personal information outside Quebec. Australia's Privacy Act 1988 imposes accountability for cross-border disclosure. New Zealand's Privacy Act 2020 has analogous requirements. The policy does not specify transfer mechanisms, which may require evaluation under each applicable framework. GOVERNANCE EXPOSURE: Medium. The cross-border transfer disclosure identifies the jurisdictions affected but does not specify the legal basis or safeguard mechanisms for transfers. This gap may create compliance exposure particularly for Canadian (Quebec), Australian, and New Zealand users, and for any EU or EEA users who access DoorDash services. JURISDICTION FLAGS: Quebec Law 25 requires a privacy impact assessment and contractual protections before transfers outside Quebec. Australian Privacy Principle 8 requires reasonable steps to ensure overseas recipients handle data consistently with Australian law. New Zealand's Privacy Act imposes similar obligations. EU and EEA transfers require a legal transfer mechanism under GDPR. CONTRACT AND VENDOR IMPLICATIONS: Service provider contracts for cross-border data processing should include data processing agreements specifying applicable transfer mechanisms, security requirements, and data subject rights obligations. Vendor assessments should confirm the adequacy of data protection in the recipient jurisdiction. COMPLIANCE CONSIDERATIONS: Legal teams should document the legal basis for each cross-border transfer, including contractual safeguards with service providers in each jurisdiction. Quebec users require a privacy impact assessment to be conducted and documented. Transfer records should be maintained as required by applicable law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that personal information may be transferred and processed outside the user's home jurisdiction, including outside Australia, Canada (and Quebec specifically), New Zealand, and the United States, without specifying the legal mechanisms used to authorize those transfers.
Your personal information may be stored and processed by DoorDash's service providers in countries with different privacy standards than your home country. The policy does not specify what transfer safeguard mechanisms, such as standard contractual clauses, are in place for these cross-border transfers.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.