What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages CCPA and CPRA (enforced by the California Privacy Protection Agency and California AG), GDPR for EU/EEA users, Illinois BIPA for biometric data collection, and the FTC Act regarding unfair or deceptive data practices. The policy's assertion of rights to share precise location and trip data with advertising partners may require evaluation under CPRA's restrictions on sharing sensitive personal information, and biometric data collection provisions must be…

How does Lyft's Lyft Privacy Policy affect users?

The policy establishes that Lyft collects and may share location data, device identifiers, financial information, and biometric data with third parties for advertising and business purposes. Users in California and certain other jurisdictions may exercise opt-out rights through Lyft's privacy settings or privacy request portal at https://privacy.lyft.com, and may request deletion of personal data consistent with applicable law.

How often is Lyft's Lyft Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Lyft updates this document?

Yes. Watcher subscribers ($9.99/month) can add Lyft to their watchlist and receive same-day email alerts whenever this document or any other Lyft document changes.

CA-D-000138

Lyft Privacy Policy

Lyft

Last change detected April 19, 2026 Privacy policy

SHA-256: 778c16fc9e64ccc1969… 2 versions captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Lyft ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

2 High severity

5 Medium severity

1 Low severity

Summary

This document establishes Lyft's practices for collecting, using, and sharing personal data generated through use of its ride-hailing, bike, and scooter services. Lyft collects precise, real-time location data during trips and permits background location collection, and authorizes sharing of personal data including location, financial information, and biometric identifiers with advertising partners and business affiliates. California residents and residents of other jurisdictions with applicable privacy laws have the right to opt out of data sharing for advertising purposes and to request data deletion through Lyft's privacy portal.

Technical / Legal Breakdown

This document is Lyft's Privacy Policy governing the collection, use, storage, and sharing of personal data across Lyft's rideshare, bikes, scooters, and related services, with its legal basis grounded in user consent, contractual necessity, and legitimate business interests. The policy states that Lyft collects an extensive range of data including precise location (including background location), device identifiers, biometric data (in applicable jurisdictions), financial information, communications, and inferred demographic data, and the terms authorize sharing this data with third-party partners, advertisers, and government authorities under specified conditions. Notably, the policy asserts broad location data collection including when the app runs in the background, and reserves the right to use personal data for targeted advertising, product development, and to share with business partners for their own marketing purposes, which may require evaluation under CCPA, GDPR, and applicable state biometric privacy laws such as Illinois BIPA. The policy engages the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), GDPR for users in applicable jurisdictions, and Illinois BIPA for biometric data collection; enforcement authorities include the FTC, California Privacy Protection Agency, and relevant state attorneys general. Material compliance considerations include Lyft's assertion of a right to share precise location and trip data with third parties for advertising purposes, the scope of biometric data use, and the adequacy of consent mechanisms for sensitive data categories across multiple regulatory jurisdictions.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 2 provisions

Precise and Background Location Data Collection Compare →

Lyft collects your exact GPS location while you use the app, and may also track your location even when the app is running in the background if you have granted that permission.

Added May 10, 2026 Standard Seen across 251 platforms
Biometric Data Collection Compare →

In some states or regions, Lyft may collect biometric data such as facial scans, subject to what local law allows.

Added May 10, 2026 Standard Seen across 251 platforms

Medium — 5 provisions

Third-Party Advertising Data Sharing Compare →

Lyft may share your personal information with advertising companies who can use it to show you targeted ads across other websites and apps, not just within Lyft.

Added May 10, 2026 Standard Seen across 246 platforms
Government and Law Enforcement Disclosure Compare →

Lyft may share your personal data with government authorities or law enforcement if required by law or if Lyft determines it is reasonably necessary, including for national security purposes.

Added May 10, 2026 Standard Seen across 246 platforms
California Consumer Privacy Rights (CCPA/CPRA) Compare →

California residents have legally enforceable rights to access, delete, correct, and opt out of the sale or sharing of their personal data, and can limit how Lyft uses sensitive data categories like location.

Added April 3, 2026 Standard Seen across 262 platforms
Data Retention Policy Compare →

Lyft keeps your personal data for as long as it considers necessary for its stated purposes, which may vary by data type and is not specified with fixed timeframes in this provision.

Added May 10, 2026 Standard Seen across 223 platforms
Driver Information Sharing with Riders and Third Parties

Lyft shares driver names, photos, vehicle details, and location with riders, and also shares driver information with third-party service providers who support Lyft's operations.

Added May 10, 2026 Rare

Low — 1 provision

Children's Privacy Compare →

Lyft's services are not intended for children under 13, and the company states it does not knowingly collect data from children in that age group.

Added May 10, 2026 Standard Seen across 262 platforms

Monitoring

Lyft has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Biometric Data Collection and similar clauses.

Compare across platforms →