Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This privacy policy establishes McDonald's data collection, use, and sharing practices for users of its website, mobile application, and loyalty program in the United States. The policy authorizes McDonald's to collect geolocation data, purchase history, device identifiers, and payment information, and permits sharing this data with advertising partners, franchisees, and analytics providers for targeted advertising purposes. California residents are granted rights to submit opt-out requests regarding the sale or sharing of personal information for advertising purposes through the 'Your Privacy Choices' mechanism on McDonald's website.
This document is McDonald's U.S. Privacy Policy, governing the collection, use, and sharing of personal information by McDonald's USA, LLC across its websites, mobile applications, and digital services, with a stated legal basis grounded in user consent and legitimate business interests. The policy states that McDonald's collects a broad range of personal information including name, contact details, payment card information, geolocation data, device identifiers, purchase history, and inferences drawn from usage behavior, and the terms authorize sharing this information with franchisees, service providers, advertising partners, and affiliated companies for marketing, analytics, and operational purposes. The policy discloses that McDonald's participates in interest-based advertising and may share personal information with third-party advertising and analytics partners, and while it provides opt-out mechanisms for certain uses, the breadth of data categories collected and the scope of third-party sharing are consistent with common large-scale consumer brand practices, though the combination of geolocation, purchase history, and behavioral inference data creates a meaningful profile-building capability. The policy expressly addresses California residents under the California Consumer Privacy Act and California Privacy Rights Act, providing specific rights including the right to know, delete, correct, and opt out of the sale or sharing of personal information, and acknowledges applicability of additional state privacy laws; compliance obligations under CCPA/CPRA are materially engaged given McDonald's scale and the volume of California consumers served. The policy also references children's privacy protections consistent with COPPA, stating that its online services are not directed to children under 13 and that McDonald's does not knowingly collect personal information from children under that age.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
McDonald's has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Children's Privacy and COPPA Notice and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.