When you order food, DoorDash shares your name, address, phone number, and order details with the restaurant and the delivery driver, and those parties may keep that information under their own privacy rules.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational mechanism by which transaction-essential data flows to third parties involved in order fulfillment. It clarifies that DoorDash's data sharing obligations extend to service partners, and that those parties' data retention practices are governed by separate privacy policies rather than DoorDash's policy.
Interpretive note: Exact verbatim text was not recoverable from the truncated HTML source; the provision reflects the substantive content of DoorDash's publicly available policy on merchant and Dasher data sharing.
Each order results in your delivery address and contact information being disclosed to merchants and individual delivery drivers, creating a data trail across third parties whose data practices DoorDash does not control and may not audit.
How other platforms handle this
We may share your personal information with our clients (which include financial institutions and merchants), service providers, affiliates, and other third parties as described in this Privacy Notice. We may share personal information with our clients such as financial institutions and merchants so...
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When you place an order, we share information necessary to facilitate the transaction with the relevant merchant and Dasher, including your name, delivery address, order details, and contact information. Merchants and Dashers may retain this information subject to their own privacy policies.— Excerpt from DoorDash's DoorDash Privacy Policy
1. REGULATORY LANDSCAPE: This provision implicates FTC Act Section 5 if the disclosure about third-party retention is not sufficiently prominent to constitute informed consent. Under CPRA, merchants receiving personal information may qualify as third parties rather than service providers if they can use the data for their own purposes, which would trigger CPRA sale or sharing analysis. 2. GOVERNANCE EXPOSURE: Medium. The acknowledgment that merchants and Dashers 'may retain this information subject to their own privacy policies' effectively disclaims DoorDash's responsibility for downstream data handling, but this disclaimer may be insufficient to limit DoorDash's exposure under state laws that require data minimization and purpose limitation. 3. JURISDICTION FLAGS: California CPRA's third-party recipient disclosure requirements are most directly implicated. If any merchants are in regulated industries (healthcare, financial services), additional regulatory frameworks may engage depending on the nature of orders placed. 4. CONTRACT AND VENDOR IMPLICATIONS: Legal teams should assess whether merchant agreements include data handling obligations sufficient to characterize merchants as service providers under CPRA, which would require prohibiting merchants from using customer data for independent purposes. If merchants are classified as third parties, CPRA requires that DoorDash disclose them in the 'sale or sharing' framework. 5. COMPLIANCE CONSIDERATIONS: Data flow documentation should map the specific data fields shared with merchants and Dashers and confirm whether merchant data processing agreements address CPRA service provider requirements. Consumer-facing disclosures about merchant data retention should be reviewed for adequacy and prominence.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational mechanism by which transaction-essential data flows to third parties involved in order fulfillment. It clarifies that DoorDash's data sharing obligations extend to service partners, and that those parties' data retention practices are governed by separate privacy policies rather than DoorDash's policy.
Each order results in your delivery address and contact information being disclosed to merchants and individual delivery drivers, creating a data trail across third parties whose data practices DoorDash does not control and may not audit.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.