Lyft · Lyft Privacy Policy

Data Deletion and Access Rights

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

You can ask Lyft to delete your personal data, and Lyft will generally comply and instruct its vendors to do the same — but there are exceptions that could mean some of your data is retained.

Consumer impact (what this means for users)

You have a right to request deletion of your personal data from Lyft's systems, but exceptions apply — including data needed to complete transactions, detect fraud, or comply with legal obligations — meaning your trip history and personal information may not be fully deleted upon request.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit https://privacy.lyft.com and submit a verified consumer request to delete your personal information. Lyft is required to respond within 45 days under CCPA/CPRA.

Cross-platform context

See how other platforms handle Data Deletion and Access Rights and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

While deletion rights exist, the exceptions clause means Lyft may retain certain data even after a deletion request, and users should be aware that 'directing' service providers does not guarantee third-party advertisers delete data they have already received.

View original clause language
You may request that we delete your personal information. Subject to certain exceptions, upon receiving a verifiable consumer request, we will delete your personal information from our records and direct our service providers and contractors to delete your personal information from their records.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Data deletion rights are mandated by CCPA/CPRA §1798.105 (California), GDPR Art. 17 (EU, right to erasure), and equivalent provisions in Virginia CDPA §59.1-578, Colorado CPA §6-1-1306, and other state privacy laws. The obligation to direct service providers and contractors to delete implicates CPRA's downstream deletion requirements. Enforcement authority rests with the California Privacy Protection Agency and respective state AGs.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    California's CPPA and other state Attorneys General enforce data deletion rights under CPRA and equivalent state privacy statutes.
    File a complaint →
  • FTC
    The FTC has authority to act against companies that fail to honor deletion requests or misrepresent their data deletion practices under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Lyft Privacy Policy
Entity
Lyft
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003426
Document ID
CA-D-00138
Evidence Provenance
Source URL
https://www.lyft.com/privacy
Wayback Machine
View archived versions →
SHA-256
852ea19216ccb7d7c39445e7a745b8116f6f70e8750b5249366150f660c5ea41
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Lyft | Document: Lyft Privacy Policy | Record: CA-P-003426
Captured: 2026-04-27 13:05:02 UTC | SHA-256: 852ea19216ccb7d7…
URL: https://conductatlas.com/platform/lyft/lyft-privacy-policy/data-deletion-and-access-rights/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document