What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR for European and UK data subjects, including obligations around lawful basis for processing, data subject rights, and cross-border transfer mechanisms under GDPR Chapter V. The CCPA and CPRA apply to California residents, triggering opt-out rights for sale and sharing of personal information and requiring specific disclosures about data categories and purposes. In the United States, the FTC Act's prohibition on unfair or deceptive pr…

How does Uber's Uber Privacy Notice affect users?

The agreement establishes that Uber collects precise GPS location, device identifiers, transaction records, in-app communications, and usage data across all rider and order-recipient interactions, with this data shared with a broad set of third parties including advertising and analytics partners. Under these terms, Uber also receives data about users from third-party sources and combines it with platform-collected data to serve targeted advertising. You can opt out of certain data sharing for …

How often is Uber's Uber Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Uber updates this document?

Yes. Monitor subscribers ($19/month) can add Uber to their watchlist and receive same-day email alerts whenever this document or any other Uber document changes.

CA-D-000419

Uber Privacy Notice

Uber

Last change detected June 5, 2026 Privacy policy

SHA-256: 27ed38389d92af012b7… 22 versions captured 6 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Uber ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

5 Medium severity

2 Low severity

Summary

This is Uber's privacy notice for people who use Uber to request rides or receive food and package deliveries, covering what personal data Uber collects and how it is used and shared. The policy discloses that Uber collects precise real-time GPS location during trips, device identifiers, payment information, trip history, communications between riders and drivers, and in some jurisdictions biometric and health data, and authorizes sharing this data with drivers, merchants, advertising and analytics partners, and law enforcement. The policy also states that Uber receives data about users from third-party marketing and advertising partners and combines it with Uber-collected data for targeted advertising purposes.

Technical / Legal Breakdown

This document is Uber's Privacy Notice for Riders and Order Recipients, governing the collection, use, and sharing of personal data by Uber Technologies, Inc. and its subsidiaries in connection with ride-hailing and food/package delivery services. The policy states that Uber collects location data, device identifiers, transaction data, communications content, biometric data (in applicable jurisdictions), and usage data, and the terms authorize sharing this data with drivers, delivery persons, restaurants, third-party advertising partners, analytics providers, and government authorities upon request. The policy asserts broad data retention discretion, authorizes cross-context behavioral advertising using data from third-party sources combined with Uber-collected data, and discloses collection of precise real-time location during trips even when the app is in background mode. The document engages GDPR and UK GDPR for EU and UK users, CCPA and CPRA for California residents, and various local data protection frameworks across Uber's global operating jurisdictions; enforcement authority and applicable rights depend on the user's jurisdiction, and applicable law may limit how certain broadly stated data-use permissions operate in practice. Material compliance considerations include the adequacy of consent mechanisms for biometric data collection, cross-border data transfer mechanisms under GDPR Chapter V, and CCPA opt-out rights for sharing of personal information with advertising partners.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

6 important changes detected

22 versions captured · Last updated: May 2026

May 9, 2026

low

What changed Uber's Privacy Notice underwent navigation and footer restructuring on May 9, 2026. The header menu and footer links were reorganized, removing some navigation options and consolidating others. These changes appear to be editorial and formatting updates to the policy's web presentation rather than modifications to the substantive privacy terms themselves.

Why this matters This change involves reorganization of the Privacy Notice website navigation and footer structure rather than modifications to the substantive privacy practices or data collection terms. The underlying privacy commitments, data practices, and user rights described in the policy remain unchanged. No action is required by users in response to this navigation restructuring.

View full change record →

May 5, 2026

low

What changed Uber updated the navigation and footer structure of its Privacy Notice on May 5, 2026, expanding the menu options from 2 to 9 in the header and adding new footer links. The header now includes links to 'Business', 'About us', 'Our offerings', 'How Uber works', and 'Sustainability' in addition to existing options. The footer now displays additional product links including 'Uber One', 'Uber for Business', 'Gift cards', and expanded company information links. These changes are organizational and structural; the substantive privacy terms and disclosures stated in the notice itself remain unchanged.

Why this matters This change does not materially alter the substantive privacy terms, data disclosures, or consumer protections stated in Uber's Privacy Notice. The modification reorganizes the website's navigation structure and footer links to provide access to additional company pages and product information. The core privacy policy language, data collection disclosures, and user rights remain as previously stated.

View full change record →

May 5, 2026 low

Uber updated a footer reference in its Privacy Notice on May 5, 2026, changing the location identifier from 'Wichita' to 'San Francisco Bay Area'. This is a formatting or localization …

View change record →

May 5, 2026 low

Uber modified the navigation and footer structure of their Privacy Notice published on May 5, 2026. The updated document removed several menu links from the header (including 'Business', 'Sustainability', 'Newsroom', …

View change record →

May 2, 2026 low

The Uber Privacy Notice was updated on May 2, 2026 to change a location reference in the document footer from 'Chicago' to 'San Francisco Bay Area'. This is a minor …

View change record →

May 1, 2026 low

The footer of Uber's Privacy Notice was updated on May 1, 2026 to change the city reference from Wichita to Chicago. This is a formatting change to the document footer …

View change record →

High — 1 provision

Biometric Data Collection Compare →

The policy states that Uber collects facial verification and biometric data from users in jurisdictions where applicable law permits or requires it, using facial recognition technology for identity verification purposes including its Real-Time ID Check feature.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Precise Real-Time Location Data Collection Compare →

The policy states that Uber collects precise or approximate GPS location from users' devices both when the app is open on-screen and when it is running in the background, and uses this data to provide ride and delivery services as well as location-based platform features.

Added May 20, 2026 Standard Seen across 284 platforms
Third-Party Advertising Data Sharing and Combination Compare →

The policy states that Uber shares user data with third-party advertising platforms for targeted advertising, receives data about users from third-party marketing partners, and combines externally sourced data with Uber-collected data to personalize marketing and advertising across platforms including social media.

Added May 20, 2026 Standard Seen across 284 platforms
Government and Law Enforcement Data Disclosure Compare →

The policy states that Uber will disclose user personal data to government authorities, law enforcement, and regulatory bodies when required or permitted by applicable law, legal process, operating agreements, licenses, or governmental requests, and to protect safety or property rights.

Added May 11, 2026 Standard Seen across 284 platforms
Data Retention Discretion Compare →

The policy states that Uber retains personal data as long as necessary for stated service purposes and legal obligations, and will delete data upon request unless retention is required for legal, regulatory, safety, or fraud prevention purposes, with Uber determining the applicability of those exceptions.

Added May 20, 2026 Standard Seen across 284 platforms
Communications Data Collection and In-App Messaging Compare →

The policy states that Uber collects metadata and content from communications between riders and drivers conducted through the Uber app, including message content, call dates and times, and call duration.

Added May 20, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Trip and Order Data Sharing with Drivers and Merchants Compare →

The policy states that Uber shares rider and order recipient personal data including name, pickup location, delivery address, and order details with drivers, delivery personnel, restaurants, and merchants as operationally necessary to fulfill requested services.

Added May 20, 2026 Standard Seen across 284 platforms
User Data Access, Portability, and Correction Rights Compare →

The policy states that users can submit requests to access, correct, delete, or receive a portable copy of their personal data through the Uber app or privacy.uber.com, with Uber committing to respond consistent with applicable law in the user's jurisdiction.

Added May 20, 2026 Standard Seen across 284 platforms