DoorDash tracks your exact location in real time while you use the app, and may continue tracking even when the app is running in the background on your phone.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the operational scope and classification of location data collection activities. By designating geolocation as sensitive personal information, DoorDash acknowledges heightened regulatory treatment under applicable privacy frameworks, which typically requires specific consent mechanisms and data handling protocols for such categories.
Interpretive note: The exact verbatim clause text was not available in the truncated HTML source; the excerpt reflects the substance of DoorDash's publicly available privacy policy language as understood at time of analysis.
The policy authorizes collection of your precise GPS location during and potentially outside active app use, meaning DoorDash accumulates a detailed location history tied to your account that may be shared with third parties or used to infer sensitive attributes about your lifestyle.
How other platforms handle this
We collect information about your approximate and precise location. If you permit us to do so, we can collect your precise location from your device. We also use your IP address to determine your general location. You can use Snap Map to share your location with your friends and to see the locations...
"By clicking 'Next', you are indicating that you have read and agree to the TERMS OF USE AND PRIVACY POLICY"
We automatically collect certain information from your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Service, we collect information about the individual web pages or products th...
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect precise location data from your mobile device when you use our platform, including when the app is running in the foreground or background, to facilitate delivery services, improve our platform, and for other purposes described in this Privacy Policy. We treat precise geolocation as sensitive personal information under applicable law.— Excerpt from DoorDash's DoorDash Privacy Policy
1. REGULATORY LANDSCAPE: Precise geolocation is classified as sensitive personal information under CPRA, triggering the right to limit its use and disclosure beyond what is necessary for the requested service. FTC Act Section 5 applies to representations about how location data is used. State laws in Virginia, Colorado, and Connecticut similarly treat precise geolocation as a sensitive data category requiring opt-in consent for processing beyond core service delivery in some interpretations. 2. GOVERNANCE EXPOSURE: High. The collection of background location data combined with disclosure that this data may be used for platform improvement and other purposes beyond immediate delivery creates exposure under CPRA's sensitive data minimization requirements. If precise location is shared with advertising partners, that transfer likely constitutes a sale or sharing of sensitive personal information under CPRA, requiring a separate opt-out mechanism and potentially conflicting with data minimization principles. 3. JURISDICTION FLAGS: California creates the highest exposure given CPRA's explicit sensitive personal information framework and CPPA enforcement authority. Illinois does not separately regulate geolocation under BIPA, but other Illinois privacy bills and Washington My Health MY Data Act (if any health inferences are drawn from location) may engage. EU and UK operations would require lawful basis analysis under GDPR Article 6 and Article 9 if location data reveals sensitive attributes. 4. CONTRACT AND VENDOR IMPLICATIONS: Any third-party advertising or analytics vendor receiving precise geolocation data must be assessed to determine whether a valid service provider agreement is in place under CPRA or whether the transfer qualifies as a sale or sharing. Procurement teams should confirm that data processing agreements with mapping, analytics, and ad tech vendors explicitly prohibit use of location data for purposes outside the contracted service. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the technical implementation of location data collection to confirm background tracking is disclosed at onboarding and that users are provided a meaningful mechanism to limit sensitive personal information use as required by CPRA. Data flow maps should trace precise location data from collection through all downstream vendors to confirm classification as service provider transfers rather than sales.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the operational scope and classification of location data collection activities. By designating geolocation as sensitive personal information, DoorDash acknowledges heightened regulatory treatment under applicable privacy frameworks, which typically requires specific consent mechanisms and data handling protocols for such categories.
The policy authorizes collection of your precise GPS location during and potentially outside active app use, meaning DoorDash accumulates a detailed location history tied to your account that may be shared with third parties or used to infer sensitive attributes about your lifestyle.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.