If you search for or review health-related businesses, or if you share details about your religion, sexual orientation, politics, or finances in reviews or profile information, Yelp may collect and use that sensitive information.
This analysis describes what Yelp's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sensitive personal data categories such as health information, sexual orientation, and religious affiliation receive heightened legal protections under GDPR, CCPA/CPRA, and several US state privacy laws; their collection through incidental platform activity (such as searching for a medical clinic) may not be obvious to users.
Interpretive note: The scope of what constitutes 'choosing to share' sensitive information through incidental activity like search queries is ambiguous and may be interpreted differently by regulators.
Simply searching for health-related businesses or writing a review of a religious institution on Yelp may result in Yelp collecting data that falls into sensitive personal information categories, which can affect how your data is used and what rights apply to it under applicable law.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Yelp has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect certain information about your health or medical history, if you choose to share such information with us (for example, if you search for or review health-related businesses). We may also collect information about your sexual orientation or gender identity, religion or other beliefs, political affiliations or activities, financial information (beyond what is needed to process a payment), or other sensitive characteristics, if you choose to share such information with us.— Excerpt from Yelp's Yelp Privacy Policy
REGULATORY LANDSCAPE: Under CCPA/CPRA, sensitive personal information includes precise geolocation, racial or ethnic origin, religious beliefs, union membership, personal communications, genetic data, biometric data, health data, and sexual orientation; California residents have the right to limit use of this data. GDPR Article 9 prohibits processing special category data (health, sexual orientation, religious beliefs, political opinions) without explicit consent or another specific legal basis. Washington's My Health MY Data Act may apply if health-inferred data from location or search behavior is processed. The FTC has taken enforcement action regarding health data practices under its deception and unfairness authority. GOVERNANCE EXPOSURE: High. The provision acknowledges collection of multiple sensitive data categories, including health, sexual orientation, religion, and financial information beyond payment processing. The incidental nature of this collection (through search queries and review content) means users may not realize they are sharing sensitive data, which raises questions about the adequacy of informed consent. JURISDICTION FLAGS: California residents have explicit CPRA rights to limit use of sensitive personal information. EU/EEA and UK users are protected by GDPR Article 9, which requires explicit consent or another specific legal basis for special category data. Illinois users should note potential BIPA implications if health-related AI features process biometric data. Washington state users should evaluate My Health MY Data Act applicability. CONTRACT AND VENDOR IMPLICATIONS: Third parties receiving data from Yelp should be assessed to determine whether sensitive data flows to them and whether appropriate data processing agreements and use restrictions are in place. Advertising partners receiving behavioral data derived from health-related searches may be subject to additional restrictions under applicable health data laws. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the policy's disclosure of sensitive data collection is sufficient under CCPA's requirement for a separate notice at collection for sensitive personal information. An assessment of whether the 'chosen to share' framing adequately captures incidental sensitive data revealed through search and review behavior is warranted. Data minimization practices for sensitive categories should be reviewed to ensure only necessary data is retained.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sensitive personal data categories such as health information, sexual orientation, and religious affiliation receive heightened legal protections under GDPR, CCPA/CPRA, and several US state privacy laws; their collection through incidental platform activity (such as searching for a medical clinic) may not be obvious to users.
Simply searching for health-related businesses or writing a review of a religious institution on Yelp may result in Yelp collecting data that falls into sensitive personal information categories, which can affect how your data is used and what rights apply to it under applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Yelp.