If you search for or review health-related businesses, or if you share details about your religion, sexual orientation, politics, or finances in reviews or profile information, Yelp may collect and use that sensitive information.
This analysis describes what Yelp's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sensitive personal data categories such as health information, sexual orientation, and religious affiliation receive heightened legal protections under GDPR, CCPA/CPRA, and several US state privacy laws; their collection through incidental platform activity (such as searching for a medical clinic) may not be obvious to users.
Interpretive note: The scope of what constitutes 'choosing to share' sensitive information through incidental activity like search queries is ambiguous and may be interpreted differently by regulators.
Simply searching for health-related businesses or writing a review of a religious institution on Yelp may result in Yelp collecting data that falls into sensitive personal information categories, which can affect how your data is used and what rights apply to it under applicable law.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Yelp has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect certain information about your health or medical history, if you choose to share such information with us (for example, if you search for or review health-related businesses). We may also collect information about your sexual orientation or gender identity, religion or other beliefs, political affiliations or activities, financial information (beyond what is needed to process a payment), or other sensitive characteristics, if you choose to share such information with us.— Excerpt from Yelp's Yelp Privacy Policy
REGULATORY LANDSCAPE: Under CCPA/CPRA, sensitive personal information includes precise geolocation, racial or ethnic origin, religious beliefs, union membership, personal communications, genetic data, biometric data, health data, and sexual orientation; California residents have the right to limit use of this data. GDPR Article 9 prohibits processing special category data (health, sexual orientation, religious beliefs, political opinions) without explicit consent or another specific legal basis. Washington's My Health MY Data Act may apply if health-inferred data from location or search behavior is processed. The FTC has taken enforcement action regarding health data practices under its deception and unfairness authority. GOVERNANCE EXPOSURE: High. The provision acknowledges collection of multiple sensitive data categories, including health, sexual orientation, religion, and financial information beyond payment processing. The incidental nature of this collection (through search queries and review content) means users may not realize they are sharing sensitive data, which raises questions about the adequacy of informed consent. JURISDICTION FLAGS: California residents have explicit CPRA rights to limit use of sensitive personal information. EU/EEA and UK users are protected by GDPR Article 9, which requires explicit consent or another specific legal basis for special category data. Illinois users should note potential BIPA implications if health-related AI features process biometric data. Washington state users should evaluate My Health MY Data Act applicability. CONTRACT AND VENDOR IMPLICATIONS: Third parties receiving data from Yelp should be assessed to determine whether sensitive data flows to them and whether appropriate data processing agreements and use restrictions are in place. Advertising partners receiving behavioral data derived from health-related searches may be subject to additional restrictions under applicable health data laws. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the policy's disclosure of sensitive data collection is sufficient under CCPA's requirement for a separate notice at collection for sensitive personal information. An assessment of whether the 'chosen to share' framing adequately captures incidental sensitive data revealed through search and review behavior is warranted. Data minimization practices for sensitive categories should be reviewed to ensure only necessary data is retained.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sensitive personal data categories such as health information, sexual orientation, and religious affiliation receive heightened legal protections under GDPR, CCPA/CPRA, and several US state privacy laws; their collection through incidental platform activity (such as searching for a medical clinic) may not be obvious to users.
Simply searching for health-related businesses or writing a review of a religious institution on Yelp may result in Yelp collecting data that falls into sensitive personal information categories, which can affect how your data is used and what rights apply to it under applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Yelp.