What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This policy directly implicates CCPA/CPRA (California Civil Code §§1798.100–1798.199), requiring opt-out rights for sale/sharing of personal information and sensitive data use restrictions; GDPR Arts. 5, 6, 13, and 17 for any EU-resident users accessing the service; COPPA (16 CFR Part 312) given the platform's prohibition on users under 13; FTC Act Section 5 for unfair or deceptive data practices; and the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14) to the…

How does Lyft's Lyft Privacy Policy affect users?

Lyft collects extensive personal data including real-time precise GPS location, trip history, payment information, device identifiers, and communications, and shares this data with a broad ecosystem of third-party advertisers, analytics providers, insurance partners, and law enforcement agencies. This means your daily movement patterns, home and work addresses, and personal identity can be inferred and monetized without your active knowledge each time you use the app. You can request access to,…

How often is Lyft's Lyft Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Lyft updates this document?

Yes. Watcher subscribers ($9.99/month) can add Lyft to their watchlist and receive same-day email alerts whenever this document or any other Lyft document changes.

Lyft Privacy Policy — Lyft

10 Total

3 High severity

6 Medium severity

1 Low severity

Summary

This is Lyft's Privacy Policy, which explains what personal information Lyft collects when you use its rideshare, bike, and scooter services — including your precise GPS location at all times, payment details, phone contacts if you grant access, and records of every trip you take. The most important thing to know is that Lyft shares your precise location data and personal information with third-party advertisers, analytics companies, and potentially government agencies without always requiring a warrant. You can request deletion of your personal data or opt out of the sale of your information by contacting Lyft through their privacy request form at https://privacy.lyft.com.

Technical Summary

This document is Lyft's Privacy Policy, governing the collection, use, storage, and sharing of personal data from riders, drivers, and other users of Lyft's ridesharing, bikeshare, and scooter platforms, with legal basis rooted in consent, contractual necessity, and legitimate interests under applicable law. The policy creates obligations for Lyft to provide data access, correction, deletion, and portability rights to users, while obligating users to consent to broad data collection including precise geolocation, device identifiers, trip history, biometric-adjacent data, and communications. Notably, Lyft discloses sharing personal data — including precise location and ride data — with a wide range of third parties including advertisers, analytics providers, and government authorities, which represents a broader-than-typical data sharing scope for a transportation platform. The policy engages CCPA/CPRA (California Civil Code §1798.100 et seq.), GDPR principles for any EU-resident users, COPPA for users under 13, and FTC Act Section 5 unfair and deceptive practices standards; material compliance considerations include the adequacy of consent mechanisms for sensitive location data, the scope of law enforcement disclosures, and the cross-context behavioral advertising opt-out obligations under CPRA. Compliance teams should note the policy's explicit reference to sharing data with the Independent Drivers Guild and the use of oneTrust for consent management, both of which trigger third-party vendor risk assessment obligations.

Evidence Provenance

Captured April 19, 2026 06:09 UTC

Document ID CA-D-000138

Version ID CA-V-000699

Source URL https://www.lyft.com/privacy

Wayback Machine View archived versions →

SHA-256 778c16fc9e64ccc1969a9695aa4b87a360fa3c6458098d30ce931ca3e54a941c

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

March 19, 2026 — Initial capture

Initial snapshot — monitoring begins

4e2322b0…

View full version history (0 captures) →

High Severity — 3 provisions

Precise Geolocation Data Collection

Lyft tracks your exact GPS location continuously while the app is open — and even when it's running in the background — if you've granted location permissions.

Added April 27, 2026
Third-Party Advertising and Analytics Data Sharing

Lyft shares your personal data with outside advertising companies so they can show you targeted ads, and uses analytics companies that track how you use the app.

Added April 27, 2026
Law Enforcement Disclosure

Lyft can hand your personal data — including your trip history and location — to police or government agencies if Lyft decides it's legally necessary, even without specifying that a court order or warrant is required.

Added April 27, 2026

Medium Severity — 6 provisions

Data Deletion and Access Rights

You can ask Lyft to delete your personal data, and Lyft will generally comply and instruct its vendors to do the same — but there are exceptions that could mean some of your data is retained.

Added April 27, 2026
Data Sharing with Independent Drivers Guild (IDG)

Lyft shares specific personal information about drivers — including their date of birth, driver's license number, and contact details — with the Independent Drivers Guild to activate insurance and benefits programs.

Added April 27, 2026
Children and Minors Restriction

Lyft's services are not intended for anyone under 13, and Lyft says it doesn't intentionally collect data from children under that age.

Added April 27, 2026
Data Retention

Lyft keeps your personal data for as long as it needs to — which could be indefinitely — for purposes ranging from running its service to fraud detection, legal compliance, and resolving disputes.

Added April 27, 2026
California Resident Privacy Rights (CCPA/CPRA)

If you live in California, you have specific legal rights to see, delete, correct, and opt out of the sale of your personal information, and Lyft is legally prohibited from treating you differently for exercising these rights.

Added April 27, 2026
Data Security

Lyft says it takes 'reasonable' steps to protect your personal data from unauthorized access or misuse, but this is a general commitment without specifying what security measures are actually in place.

Added April 27, 2026

Low Severity — 1 provision

Communications and Marketing Opt-Out

Lyft may send you marketing emails and promotional messages, but you can unsubscribe at any time using the link in those emails.

Added April 27, 2026

Cross-platform context

See how other platforms handle Data Sharing With Advertisers and Marketing Partners and similar clauses.

Compare across platforms →