Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Lyft's practices for collecting, using, and sharing personal data generated through use of its ride-hailing, bike, and scooter services. Lyft collects precise, real-time location data during trips and permits background location collection, and authorizes sharing of personal data including location, financial information, and biometric identifiers with advertising partners and business affiliates. California residents and residents of other jurisdictions with applicable privacy laws have the right to opt out of data sharing for advertising purposes and to request data deletion through Lyft's privacy portal.
This document is Lyft's Privacy Policy governing the collection, use, storage, and sharing of personal data across Lyft's rideshare, bikes, scooters, and related services, with its legal basis grounded in user consent, contractual necessity, and legitimate business interests. The policy states that Lyft collects an extensive range of data including precise location (including background location), device identifiers, biometric data (in applicable jurisdictions), financial information, communications, and inferred demographic data, and the terms authorize sharing this data with third-party partners, advertisers, and government authorities under specified conditions. Notably, the policy asserts broad location data collection including when the app runs in the background, and reserves the right to use personal data for targeted advertising, product development, and to share with business partners for their own marketing purposes, which may require evaluation under CCPA, GDPR, and applicable state biometric privacy laws such as Illinois BIPA. The policy engages the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), GDPR for users in applicable jurisdictions, and Illinois BIPA for biometric data collection; enforcement authorities include the FTC, California Privacy Protection Agency, and relevant state attorneys general. Material compliance considerations include Lyft's assertion of a right to share precise location and trip data with third parties for advertising purposes, the scope of biometric data use, and the adequacy of consent mechanisms for sensitive data categories across multiple regulatory jurisdictions.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial1 important change detected
3 versions captured · Last updated: July 2026
Addition of biometric data collection represents a significant expansion of personal data types Lyft collects, particularly facial geometry scans, which raises heightened privacy and security concerns.
New provision clarifies Lyft's compliance with COPPA and similar child privacy regulations, establishing explicit protections for minors under 13.
Removal of cross-border data transfer provisions eliminates transparency regarding international data flows, potentially affecting users in jurisdictions with strong data localization requirements.
Removal of explicit payment and financial data collection provision reduces transparency about how payment information and financial data are handled and retained.
Previous version had no excerpt; current version adds explicit detail about background location collection and user permission requirements.
Renamed from 'Data Sharing With Advertisers and Marketing Partners' and severity downgraded from high to medium; now includes explicit excerpt describing cross-website ad targeting.
Renamed from 'Law Enforcement and Legal Disclosure' and severity downgraded from high to medium; now includes detailed excerpt with specific language about national security requests.
Previous version had no excerpt; current version adds comprehensive excerpt detailing all California resident rights under CCPA/CPRA.
Renamed from 'Data Retention' and previous version had no excerpt; current version adds explicit excerpt describing retention standards.
Monitoring
Lyft has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Biometric Data Collection and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.