DoorDash tracks your exact location in real time while you use the app, and may continue tracking even when the app is running in the background on your phone.
This analysis describes what DoorDash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Precise location data reveals detailed patterns about where you live, work, and travel, and this data is shared with delivery partners and potentially advertising partners, creating ongoing privacy exposure beyond the immediate delivery transaction.
Interpretive note: The exact verbatim clause text was not available in the truncated HTML source; the excerpt reflects the substance of DoorDash's publicly available privacy policy language as understood at time of analysis.
The policy authorizes collection of your precise GPS location during and potentially outside active app use, meaning DoorDash accumulates a detailed location history tied to your account that may be shared with third parties or used to infer sensitive attributes about your lifestyle.
How other platforms handle this
We may collect the precise geographic location of your device when you use our services. We collect this information with your consent where required by law. You can withdraw your consent at any time by adjusting your device settings to disable location sharing.
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...
Monitoring
DoorDash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect precise location data from your mobile device when you use our platform, including when the app is running in the foreground or background, to facilitate delivery services, improve our platform, and for other purposes described in this Privacy Policy. We treat precise geolocation as sensitive personal information under applicable law.— Excerpt from DoorDash's DoorDash Privacy Policy
1. REGULATORY LANDSCAPE: Precise geolocation is classified as sensitive personal information under CPRA, triggering the right to limit its use and disclosure beyond what is necessary for the requested service. FTC Act Section 5 applies to representations about how location data is used. State laws in Virginia, Colorado, and Connecticut similarly treat precise geolocation as a sensitive data category requiring opt-in consent for processing beyond core service delivery in some interpretations. 2. GOVERNANCE EXPOSURE: High. The collection of background location data combined with disclosure that this data may be used for platform improvement and other purposes beyond immediate delivery creates exposure under CPRA's sensitive data minimization requirements. If precise location is shared with advertising partners, that transfer likely constitutes a sale or sharing of sensitive personal information under CPRA, requiring a separate opt-out mechanism and potentially conflicting with data minimization principles. 3. JURISDICTION FLAGS: California creates the highest exposure given CPRA's explicit sensitive personal information framework and CPPA enforcement authority. Illinois does not separately regulate geolocation under BIPA, but other Illinois privacy bills and Washington My Health MY Data Act (if any health inferences are drawn from location) may engage. EU and UK operations would require lawful basis analysis under GDPR Article 6 and Article 9 if location data reveals sensitive attributes. 4. CONTRACT AND VENDOR IMPLICATIONS: Any third-party advertising or analytics vendor receiving precise geolocation data must be assessed to determine whether a valid service provider agreement is in place under CPRA or whether the transfer qualifies as a sale or sharing. Procurement teams should confirm that data processing agreements with mapping, analytics, and ad tech vendors explicitly prohibit use of location data for purposes outside the contracted service. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the technical implementation of location data collection to confirm background tracking is disclosed at onboarding and that users are provided a meaningful mechanism to limit sensitive personal information use as required by CPRA. Data flow maps should trace precise location data from collection through all downstream vendors to confirm classification as service provider transfers rather than sales.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Precise location data reveals detailed patterns about where you live, work, and travel, and this data is shared with delivery partners and potentially advertising partners, creating ongoing privacy exposure beyond the immediate delivery transaction.
The policy authorizes collection of your precise GPS location during and potentially outside active app use, meaning DoorDash accumulates a detailed location history tied to your account that may be shared with third parties or used to infer sensitive attributes about your lifestyle.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DoorDash.