Uber Technologies

Uber knows a lot about you, so what can it do with that information?

By Laura Lorenzetti
Barcelona Cabs Strike Against Uber Taxi App
BARCELONA, SPAIN - JULY 01: In this photo illustration the new smart phone taxi app 'Uber' shows how to select a pick up location in Las Ramblas street on July 1, 2014 in Barcelona, Spain. Taxi drivers in various cities have been on strike over unlicensed car-hailing services. Drivers say that there is a lack of regulation behind the new app. (Photo by David Ramos/Getty Images)
Photograph by David Ramos—Getty Images

When you signed up for Uber, just like for most mobile apps, you clicked “yes” to its Terms of Service. Among the long paragraphs of legalese you probably read was the company’s privacy policy.

As a maelstrom rages over an Uber executive’s statements regarding recent media coverage, many may be wondering how far the company can go with all the information at its digital fingertips.

The quick answer: it’s complicated.

Essentially, Uber collects basic user data (your name, e-mail and credit card information) as well geo-location data. The company uses that for a range of “internal business purposes,” which could be interpreted broadly.

Now for the long answer.

Privacy policies are not legally required on a federal level unless you’re in a regulated industry such as healthcare, or financial services, although some states — California, for example — have laws on the books that demand them.

Apps like Uber fall under the jurisdiction of the Federal Trade Commission, which can sue companies over deceptive policies if they feel an organization lacks a needed, or sufficient, privacy policy, said Lisa Sotto, a privacy and cybersecurity lawyer at Hunton & Williams.

Uber’s nearly 6,000-word privacy policy is as long as most go, and not the easiest to understand, said Sotto. “They’ve done significant due diligence to put this together,” she said.

For comparison, Lyft’s privacy policy is about 2,000 words, Facebook’s (FB) policy is about 5,300 words and Apple’s (AAPL) is just over 3,000 words.

A typical privacy policy provides information on the data that’s collected, to whom it’s disclosed and the security in place to protect that information. Uber’s policy touches on each of those topics in depth, although the language leaves room for interpretation.


“The policy statement has been carefully crafted,” said Sotto. “So if it’s vague, it’s vague for a reason.”

So, what information does Uber collect, and what does the company say it can do with that information?

  • Uber collects a user’s name, email, password, mobile phone number, zip code and billing information at sign-up. In addition, it tracks where you are via geo-location and keeps a log of all your trips.
  • It uses that information “to determine the charge for the transportation you requested via our services, to provide you with support, to send you promotions and offers, to enhance our services and for our internal business purposes.”
  • Uber may also “from time to time” supplement user information with outside records from third parties.
  • The company says it may share anonymized data with third parties for industry analysis, and it may provide its vendors with personal information to carry out services, such as using an independent payment processor. Uber doesn’t take responsibility for the privacy practices of those third-party vendors.
  • Uber will store your personal information and usage data, including geo-location, for as long as an account is active as well as after it’s terminated for as long “as needed to comply with our legal and regulatory obligations … and for other business reason[s].”

    • This is a top-line summary of Uber’s policy. The full 6,000-plus word rundown is available on the company’s website.