Grubhub collects your precise location through GPS and other device signals when you use the app, and uses it not only for delivery but also for analytics and fraud detection.
This analysis describes what Grubhub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Precise geolocation is classified as sensitive personal information under several state privacy laws, and its collection for purposes beyond core delivery, including analytics, may require affirmative opt-in consent or at minimum an opt-out mechanism in certain jurisdictions.
Grubhub tracks your precise location via GPS and device signals, and uses this data for purposes including analytics and service improvement beyond just completing your delivery order.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Grubhub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect geolocation information from you, such as your precise or approximate location, based on your device settings, GPS data, IP address, and other technical information. We use this information to: (i) facilitate order and delivery services; (ii) show you nearby Merchants and other relevant content; (iii) analyze use of and improve the Platform and our Services; and (iv) detect and prevent fraud.— Excerpt from Grubhub's Grubhub Privacy Policy
1) REGULATORY LANDSCAPE: Precise geolocation qualifies as sensitive personal information under CPRA, requiring a 'Limit the Use' opt-out right. Washington's My Health MY Data Act and similar state laws may impose additional consent requirements for location data. The FTC has taken enforcement actions against companies for deceptive geolocation data practices. If geolocation data is shared with advertising partners, additional restrictions apply under CPRA. 2) GOVERNANCE EXPOSURE: Medium. Collection of precise geolocation for delivery is expected and consistent with industry norms. However, use of geolocation for analytics and service improvement, and any potential sharing with partners, extends the data processing purpose beyond the immediate transactional context and requires clear opt-out mechanisms under CPRA. 3) JURISDICTION FLAGS: California CPRA creates the most immediate compliance obligation for precise geolocation as SPI. Colorado, Connecticut, and Virginia privacy laws also classify precise geolocation as sensitive data requiring opt-out rights. EU/UK users may assert GDPR rights regarding geolocation processing as potentially identifying data. Illinois and Texas may have additional location-related privacy considerations. 4) CONTRACT AND VENDOR IMPLICATIONS: Service provider contracts should specify that geolocation data is used only for disclosed purposes and not shared with ad networks. If geolocation is provided to delivery logistics partners, those contracts should include data minimization and deletion obligations. Any use of third-party SDKs that collect location data should be audited for compliance with stated data use purposes. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the platform's location permission prompts accurately describe the scope of location data use and that the 'Limit the Use of My Sensitive Personal Information' mechanism includes geolocation. Data retention schedules for precise geolocation data should be reviewed given the sensitivity of historical location records.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Precise geolocation is classified as sensitive personal information under several state privacy laws, and its collection for purposes beyond core delivery, including analytics, may require affirmative opt-in consent or at minimum an opt-out mechanism in certain jurisdictions.
Grubhub tracks your precise location via GPS and device signals, and uses this data for purposes including analytics and service improvement beyond just completing your delivery order.
ConductAtlas has identified this type of provision across 10 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Grubhub.