Grubhub collects your precise location through GPS and other device signals when you use the app, and uses it not only for delivery but also for analytics and fraud detection.
This analysis describes what Grubhub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Precise geolocation is classified as sensitive personal information under several state privacy laws, and its collection for purposes beyond core delivery, including analytics, may require affirmative opt-in consent or at minimum an opt-out mechanism in certain jurisdictions.
Grubhub tracks your precise location via GPS and device signals, and uses this data for purposes including analytics and service improvement beyond just completing your delivery order.
How other platforms handle this
We may collect the precise geographic location of your device when you use our services. We collect this information with your consent where required by law. You can withdraw your consent at any time by adjusting your device settings to disable location sharing.
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Geolocation Information, if you have consented by enabling location access, we may receive and store your precise location information, including when our apps are running in the foreground (our app is open and on screen) or background (our app is open, not on screen) of your device. You may use our...
Monitoring
Grubhub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect geolocation information from you, such as your precise or approximate location, based on your device settings, GPS data, IP address, and other technical information. We use this information to: (i) facilitate order and delivery services; (ii) show you nearby Merchants and other relevant content; (iii) analyze use of and improve the Platform and our Services; and (iv) detect and prevent fraud.— Excerpt from Grubhub's Grubhub Privacy Policy
1) REGULATORY LANDSCAPE: Precise geolocation qualifies as sensitive personal information under CPRA, requiring a 'Limit the Use' opt-out right. Washington's My Health MY Data Act and similar state laws may impose additional consent requirements for location data. The FTC has taken enforcement actions against companies for deceptive geolocation data practices. If geolocation data is shared with advertising partners, additional restrictions apply under CPRA. 2) GOVERNANCE EXPOSURE: Medium. Collection of precise geolocation for delivery is expected and consistent with industry norms. However, use of geolocation for analytics and service improvement, and any potential sharing with partners, extends the data processing purpose beyond the immediate transactional context and requires clear opt-out mechanisms under CPRA. 3) JURISDICTION FLAGS: California CPRA creates the most immediate compliance obligation for precise geolocation as SPI. Colorado, Connecticut, and Virginia privacy laws also classify precise geolocation as sensitive data requiring opt-out rights. EU/UK users may assert GDPR rights regarding geolocation processing as potentially identifying data. Illinois and Texas may have additional location-related privacy considerations. 4) CONTRACT AND VENDOR IMPLICATIONS: Service provider contracts should specify that geolocation data is used only for disclosed purposes and not shared with ad networks. If geolocation is provided to delivery logistics partners, those contracts should include data minimization and deletion obligations. Any use of third-party SDKs that collect location data should be audited for compliance with stated data use purposes. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the platform's location permission prompts accurately describe the scope of location data use and that the 'Limit the Use of My Sensitive Personal Information' mechanism includes geolocation. Data retention schedules for precise geolocation data should be reviewed given the sensitivity of historical location records.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Precise geolocation is classified as sensitive personal information under several state privacy laws, and its collection for purposes beyond core delivery, including analytics, may require affirmative opt-in consent or at minimum an opt-out mechanism in certain jurisdictions.
Grubhub tracks your precise location via GPS and device signals, and uses this data for purposes including analytics and service improvement beyond just completing your delivery order.
ConductAtlas has identified this type of provision across 9 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Grubhub.