DoorDash uses your personal data to show you targeted ads on its own platform and on third-party websites. The policy states you can opt out of this use of your data, with details provided in the privacy rights section.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes use of personal data for ad targeting on third-party platforms, which under CCPA and CPRA constitutes a sale or sharing of personal information requiring an opt-out right for California residents and analogous rights for residents of other covered states.
DoorDash's policy authorizes use of your personal data to display personalized ads for DoorDash and merchant partners on third-party websites and platforms. California residents and residents of certain other states have the right to opt out of this sharing of data for advertising purposes.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"To Advertise and Promote DoorDash and our Services, including displaying advertising related to our Services or Merchants on our Services and on third-party websites and platforms, improving, developing and implementing marketing campaigns, analyzing whether our advertising is effective, and showing you ads that are most relevant to you about DoorDash and our Merchants. To opt-out of ad personalization on third-party platforms, please see information on the right to opt-out of the sale or sharing below.— Excerpt from DoorDash's DoorDash Privacy Policy
REGULATORY LANDSCAPE: The sharing of personal information with advertising partners for cross-context behavioral advertising constitutes a sale or sharing of personal information under the CCPA and CPRA, enforced by the California Privacy Protection Agency. Analogous opt-out rights exist under the Colorado Privacy Act, Connecticut Data Privacy Act, Virginia CDPA, and other state frameworks. The FTC's enforcement of Section 5 of the FTC Act also reaches deceptive or unfair advertising data practices. GOVERNANCE EXPOSURE: Medium. The opt-out right for advertising data sharing is disclosed and required to be operationally functional under CCPA and CPRA. Compliance teams should verify that the opt-out mechanism is accessible, properly implemented, and that downstream advertising partners honor opt-out signals, including Global Privacy Control (GPC) signals where required. JURISDICTION FLAGS: California residents have the strongest protections under CPRA, including the right to opt out of sharing for cross-context behavioral advertising. Colorado and Connecticut require recognition of universal opt-out signals such as GPC. EU and EEA users would require explicit consent for behavioral advertising under GDPR. CONTRACT AND VENDOR IMPLICATIONS: Agreements with advertising networks, analytics platforms, and demand-side platforms should be reviewed to confirm they are structured as service provider or contractor agreements under CCPA to the extent applicable, or that opt-out signals are transmitted and honored. Data processing addenda with advertising partners should specify permissible use limitations. COMPLIANCE CONSIDERATIONS: Legal teams should audit the opt-out mechanism for advertising data sharing, confirm GPC signal recognition is implemented where required, and assess whether the list of advertising partners receiving personal information is fully disclosed. Cookie consent mechanisms on the website should be evaluated against state and international requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes use of personal data for ad targeting on third-party platforms, which under CCPA and CPRA constitutes a sale or sharing of personal information requiring an opt-out right for California residents and analogous rights for residents of other covered states.
DoorDash's policy authorizes use of your personal data to display personalized ads for DoorDash and merchant partners on third-party websites and platforms. California residents and residents of certain other states have the right to opt out of this sharing of data for advertising purposes.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.