When you order food, DoorDash shares your name, address, phone number, and order details with the restaurant and the delivery driver, and those parties may keep that information under their own privacy rules.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your personal contact and location information is shared with third parties (restaurants and drivers) who are not bound by DoorDash's privacy policy, meaning you have limited control over how those parties use or retain your data after a delivery.
Interpretive note: Exact verbatim text was not recoverable from the truncated HTML source; the provision reflects the substantive content of DoorDash's publicly available policy on merchant and Dasher data sharing.
Each order results in your delivery address and contact information being disclosed to merchants and individual delivery drivers, creating a data trail across third parties whose data practices DoorDash does not control and may not audit.
How other platforms handle this
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
Creators: when you subscribe to a Creator's publication, we provide them the information necessary (including your name and email address) to provide you their publication(s). Please note that Creators control their own publications; accordingly, when you interact with a Creator's publication in a w...
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you place an order, we share information necessary to facilitate the transaction with the relevant merchant and Dasher, including your name, delivery address, order details, and contact information. Merchants and Dashers may retain this information subject to their own privacy policies.— Excerpt from DoorDash's DoorDash Privacy Policy
1. REGULATORY LANDSCAPE: This provision implicates FTC Act Section 5 if the disclosure about third-party retention is not sufficiently prominent to constitute informed consent. Under CPRA, merchants receiving personal information may qualify as third parties rather than service providers if they can use the data for their own purposes, which would trigger CPRA sale or sharing analysis. 2. GOVERNANCE EXPOSURE: Medium. The acknowledgment that merchants and Dashers 'may retain this information subject to their own privacy policies' effectively disclaims DoorDash's responsibility for downstream data handling, but this disclaimer may be insufficient to limit DoorDash's exposure under state laws that require data minimization and purpose limitation. 3. JURISDICTION FLAGS: California CPRA's third-party recipient disclosure requirements are most directly implicated. If any merchants are in regulated industries (healthcare, financial services), additional regulatory frameworks may engage depending on the nature of orders placed. 4. CONTRACT AND VENDOR IMPLICATIONS: Legal teams should assess whether merchant agreements include data handling obligations sufficient to characterize merchants as service providers under CPRA, which would require prohibiting merchants from using customer data for independent purposes. If merchants are classified as third parties, CPRA requires that DoorDash disclose them in the 'sale or sharing' framework. 5. COMPLIANCE CONSIDERATIONS: Data flow documentation should map the specific data fields shared with merchants and Dashers and confirm whether merchant data processing agreements address CPRA service provider requirements. Consumer-facing disclosures about merchant data retention should be reviewed for adequacy and prominence.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your personal contact and location information is shared with third parties (restaurants and drivers) who are not bound by DoorDash's privacy policy, meaning you have limited control over how those parties use or retain your data after a delivery.
Each order results in your delivery address and contact information being disclosed to merchants and individual delivery drivers, creating a data trail across third parties whose data practices DoorDash does not control and may not audit.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.