What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy directly engages the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), with enforcement authority vested in the California Privacy Protection Agency and the California Attorney General. The policy's acknowledgment that sharing identifiers and commercial information with ad networks for cross-context behavioral advertising may constitute a sale or share under CCPA/CPRA triggers opt-out obligations and annual data cat…

How does Grubhub's Grubhub Privacy Policy affect users?

The policy establishes that Grubhub collects personal data including order history, location, browsing behavior, and preference inferences, and shares certain data categories with advertising networks for targeted advertising placement on third-party websites and applications. Users may exercise opt-out rights through account settings or a designated opt-out link to prevent sharing of personal information for advertising purposes. California residents operate under additional procedural rights …

How often is Grubhub's Grubhub Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Grubhub updates this document?

Yes. Watcher subscribers ($9.99/month) can add Grubhub to their watchlist and receive same-day email alerts whenever this document or any other Grubhub document changes.

CA-D-000146

Grubhub Privacy Policy

Grubhub

Last change detected April 19, 2026 Privacy policy

SHA-256: 6278b17915ee5719a0b… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Grubhub ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

7 Medium severity

1 Low severity

Summary

This document establishes Grubhub's practices regarding the collection, use, and disclosure of personal data from users who create accounts, place orders, and browse the platform. The policy authorizes Grubhub to collect order history, location data, browsing behavior, and inferred preferences, and to share name, email, order history, and browsing behavior with advertising partners for targeted advertising purposes. Users may opt out of data sharing for advertising through account settings or the 'Do Not Sell or Share My Personal Information' mechanism, and California residents have additional rights to access, delete, or limit use of sensitive personal information.

Technical / Legal Breakdown

This Privacy Policy, effective January 5, 2026, governs the collection, use, disclosure, and processing of personal information by Grubhub Holdings Inc. and its subsidiaries in connection with its Platform and Services, including websites, mobile apps, APIs, and in-store kiosks. The policy states that Grubhub collects a broad range of personal information categories including identifiers, payment data, commercial/purchase history, internet usage and browsing behavior, geolocation data, inferences, audio/visual data, and sensitive personal information; the terms authorize sharing of identifiers and commercial information with ad networks and advertising partners for cross-context behavioral advertising, and with third-party trusted partners for marketing and internal business purposes. Notably, the policy asserts that sharing identifiers and commercial information with ad networks for cross-context behavioral advertising may constitute a 'sale' or 'sharing' under California law, which the policy acknowledges by providing opt-out mechanisms; the document explicitly carves out payment information and sensitive personal information from advertising-related sharing, and states that text messaging opt-in data is not shared with third parties. The policy engages CCPA/CPRA frameworks for California residents, COPPA considerations for users under 13 (who are prohibited from using the platform), and interacts with FTC Act consumer protection standards governing deceptive data practices; state-level biometric and geolocation privacy laws may also require evaluation depending on where Grubhub operates. Material compliance considerations include the accuracy and timeliness of the opt-out mechanisms for behavioral advertising, the adequacy of consent mechanisms for sensitive data categories including precise geolocation and health-related inferences, and the sufficiency of data retention disclosures relative to applicable state law requirements.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 7 provisions

Cross-Context Behavioral Advertising Data Sharing Compare →

Grubhub shares your personal identifiers and purchase history with advertising networks and partner companies so they can show you targeted ads and use your data for their own analytics. This applies to your name, email, order history, and browsing behavior on the platform.

Added May 8, 2026 Standard Seen across 246 platforms
Sensitive Personal Information Collection and Use

Grubhub may collect and use sensitive information including your precise location, health-related inferences (such as dietary restrictions or health conditions suggested by your orders), and potentially religious or other beliefs inferred from your food choices.

Added May 10, 2026 Rare
Precise Geolocation Data Collection Compare →

Grubhub collects your precise location through GPS and other device signals when you use the app, and uses it not only for delivery but also for analytics and fraud detection.

Added May 10, 2026 Standard Seen across 251 platforms
Data Retention Policy Compare →

Grubhub keeps your personal information for as long as your account is active, and potentially for an unspecified additional period afterward that Grubhub determines based on legal needs.

Added May 8, 2026 Standard Seen across 223 platforms
Campus User Data Sharing with Food Service Providers Compare →

If you use Grubhub through a university or campus program, Grubhub may share your name, email, and other identifiers directly with campus food service providers so they can market to you independently.

Added May 10, 2026 Standard Seen across 246 platforms
California Privacy Rights and Opt-Out Mechanisms Compare →

California residents have the legal right to see what personal data Grubhub has collected, ask for it to be deleted or corrected, and opt out of data sharing for advertising purposes, all by submitting a request online or by email.

Added May 10, 2026 Standard Seen across 262 platforms
Internet Usage and Behavioral Tracking Compare →

Grubhub tracks how you browse the app and website, what you search for, which ads you see and click, and works with outside analytics and advertising companies that use cookies and similar tools to track you as well.

Added May 10, 2026 Standard Seen across 251 platforms

Low — 1 provision

Children's Data and Age Restriction Compare →

Grubhub's platform is not intended for children under 13, and the company states it does not knowingly collect data from this age group; parents who believe their child's data has been collected can contact Grubhub's privacy team.

Added May 10, 2026 Standard Seen across 262 platforms

Monitoring

Grubhub has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Precise Geolocation Data Collection and Sharing and similar clauses.

Compare across platforms →