The best privacy settings for Uber and Lyft involve disabling “Always Allow” location access in favor of “While Using the App,” turning off personalized ads in your account settings, revoking unnecessary app permissions like Contacts and Motion & Fitness access, and avoiding third-party app connections that expand data access beyond the ride itself. These steps directly address how these companies collect and share your location, browsing behavior, and personal data—often continuously and in the background. If you use Lyft regularly, for example, the app collects your precise GPS coordinates, WiFi data, IP address, and even Bluetooth signals from the moment you request a ride until it ends, plus background tracking whenever the app is running. This article covers the specific privacy controls available on both platforms, how to access them, what each setting actually protects, and what limitations remain even after configuring them correctly.
Table of Contents
- Why Location Data Is the Biggest Privacy Risk on Rideshare Apps
- Uber’s Privacy Checkup Feature and Privacy Settings Dashboard
- Lyft’s Data Sharing Model and What It Means for Your Privacy
- Disabling Personalized Ads and Reducing Advertising Network Exposure
- App Permissions: Contacts, Motion & Fitness, and Background Activity
- Third-Party App Connections and Account Linking Risks
- Data Breach Risk and the Importance of Separate Passwords
- Conclusion
- Frequently Asked Questions
Why Location Data Is the Biggest Privacy Risk on Rideshare Apps
Uber and Lyft treat location data as their most valuable asset because it serves multiple purposes—matching drivers to riders, fulfilling the core service, and building profiles for personalized advertising. Lyft’s approach is particularly aggressive: the company collects precise location continuously through GPS, WiFi data, IP address, and Bluetooth signals starting from the moment you request a ride and continuing until it ends, with additional background tracking while the app runs in the foreground. Uber collects location through device model, IP address, browser type, operating system version, carrier information, device identifiers, and advertising identifiers, building a layered picture of where you are and what device you’re using.
The real-world impact of this collection is measurable. Changing your location permission from “Always Allow” to “While Using the App” reduces background GPS power draw by 29% on an iPhone 14 Pro and cuts location-related network packets by 74%—meaning the app transmits far less location data to Uber’s and Lyft’s servers when you’re not actively using it. However, even “While Using the App” still allows continuous collection during your ride, so this setting isn’t a complete privacy solution; it’s a reduction in scope rather than a complete block.

Uber’s Privacy Checkup Feature and Privacy Settings Dashboard
Uber rolled out a Privacy Checkup feature accessible through account > Privacy Checkup, designed to consolidate privacy controls in one place. This feature lets you manage live location sharing, explore what data Uber has collected about you, and review which applications and services you’ve connected to your account. Live location sharing is enabled by default but includes a built-in safeguard: it only shares your location with your driver when they’re within 3 minutes of your pickup ETA, not for the entire duration of your account’s existence.
Within the Privacy Checkup interface, you’ll also find Ad Preferences. Disabling personalized ads—which Uber uses to target you with ride promotions and advertisements—reduces third-party data transmission by 63%, a significant reduction in the amount of information flowing from Uber to external advertising networks. However, you should understand the tradeoff: while disabling personalized ads protects your privacy, Uber will still show you advertisements; they just won’t be tailored to your specific behavior and interests. Many users find this acceptable because generic ads are less intrusive than highly targeted ones.
Lyft’s Data Sharing Model and What It Means for Your Privacy
Lyft’s privacy policy, last updated February 9, 2026, explicitly states that the company does not sell personal information to third parties for money. However, this doesn’t mean your data stays private—Lyft shares personal data with third parties to deliver personalized ads, which is a distinction that matters. “Selling” data implies a financial transaction where data brokers purchase your information; “sharing” for advertising purposes means Lyft provides your data to advertising partners to serve targeted ads without a direct sale transaction. For privacy purposes, the outcome is similar: your information is still being used to profile you and target advertisements, just not through a traditional data broker model.
This distinction is important because it affects your legal protections and recourse options. If Lyft were selling data, you’d have stronger arguments under California privacy laws. Since they’re sharing it for their own advertising benefit, the privacy risk exists but the legal framework is different. Understanding this helps you make informed decisions about what privacy settings actually matter—turning off personalized ads on Lyft, if that option exists in their settings, is more valuable than checking a “don’t sell my data” box, since they don’t claim to sell it in the first place.

Disabling Personalized Ads and Reducing Advertising Network Exposure
Both Uber and Lyft use personal data—location history, ride patterns, time of day, destination categories—to create targeting profiles sold to advertisers. Uber’s personalized ads setting, found under Account → Privacy → Ad Preferences, is where you disable this targeting. The impact is concrete: disabling personalized ads reduces the amount of behavioral data transmitted to third-party advertising networks by 63%, meaning fewer companies receive a detailed picture of your movement patterns and lifestyle.
The tradeoff is straightforward but worth acknowledging: you’ll still see ads within the Uber and Lyft apps, but they’ll be generic rather than targeted to your specific travel patterns. Some users prefer generic ads because they’re less intrusive; others feel that ads are ads regardless and prefer to focus on the privacy reduction itself. If you use these apps frequently—multiple times per week—the cumulative benefit of disabling personalized ads is substantial, as you’re preventing the creation of a detailed travel and lifestyle profile across months or years of usage.
App Permissions: Contacts, Motion & Fitness, and Background Activity
Beyond location, Uber and Lyft request access to contacts and motion & fitness data. The contacts permission is requested to help you quickly add emergency contacts or find friends taking the same ride, but granting full contacts access gives the app a complete list of your personal relationships and phone numbers. This is a high-risk permission with minimal privacy benefit—the app can fulfill its function without storing a copy of your entire contacts list. Motion & Fitness access lets the app optimize ride matching based on your typical movement patterns and exercise habits, which is convenient but unnecessary and reveals information about your health and daily routines.
A best practice is to revoke both permissions after installation. On iOS, go to Settings > [App Name] > Contacts and Motion & Fitness and select “Don’t Allow.” On Android, go to Settings > Apps > [App Name] > Permissions and toggle off Contacts and Body Sensors. The rideshare functionality will continue to work without these permissions; the only impact is a slightly slower emergency contact setup process if you need it. If you previously granted these permissions, you can revoke them at any time without affecting your ability to book and complete rides.

Third-Party App Connections and Account Linking Risks
Both Uber and Lyft let you sign in using Facebook, Google, or your email, and they allow you to connect other services like music apps or payment methods to your account. Each connection you create expands the data access these third parties have to your account. When you connect your Facebook account to Uber, for example, Uber gains the ability to retrieve your Facebook profile data, friend list, and potentially activity information—depending on what permissions you grant during the connection process. Limiting third-party app connections is a high-impact privacy move.
Instead of using “Sign in with Facebook,” create and use a dedicated email account just for rideshare apps. If you’ve already connected third-party apps, review Account > Connected Apps or Services and disconnect any you don’t actively use. This single action reduces the number of companies that have access to your rideshare history and identity data. The inconvenience is minimal—you’ll just need to use a password manager to keep track of your dedicated rideshare email account—but the privacy benefit is substantial.
Data Breach Risk and the Importance of Separate Passwords
Rideshare apps store sensitive information: your real name, phone number, home and work addresses, payment methods, ride history, and location data. A data breach at Uber or Lyft could expose this information to criminals, who would have enough context to impersonate you or commit identity theft. This risk is elevated if you reuse the same password across multiple accounts. If your Uber password is the same as your email password, and Uber is breached, a hacker could access your email account and reset passwords to your bank and other critical services.
Using a unique, strong password for each rideshare app is essential. A 16-character password combining uppercase, lowercase, numbers, and symbols provides protection even if the company’s database is stolen and the password is hashed. Password managers like 1Password, Bitwarden, or LastPass make managing unique passwords easy—they generate and store complex passwords so you only need to remember one master password. This one step—different passwords for different apps—eliminates one of the most dangerous attack vectors and is simpler to implement than most of the other privacy settings discussed here.
Conclusion
The most effective privacy approach for Uber and Lyft involves a combination of straightforward settings changes and behavioral adjustments. Start with location: change “Always Allow” to “While Using the App” to reduce background tracking by 74%, disable personalized ads to cut data transmission to advertising networks by 63%, and revoke unnecessary permissions like Contacts and Motion & Fitness. Then address account security: use unique passwords for each app, limit third-party app connections, and avoid signing in through Facebook or other external services. These steps won’t eliminate data collection—that’s inherent to how rideshare services work—but they’ll meaningfully reduce the volume of personal information collected and shared beyond the minimum required to provide the service.
Your privacy on these platforms is a continuous process, not a one-time setting. As these companies update their privacy policies and add new features, check your settings every few months. Lyft’s policy was last updated February 9, 2026, and Uber’s driver privacy notice was updated January 20, 2026, so reviewing their official privacy pages annually ensures you’re aware of new data collection or sharing practices. The goal isn’t privacy paranoia; it’s understanding what data you’re exchanging for the convenience of a rideshare app and choosing to share only what’s necessary.
Frequently Asked Questions
If I disable location sharing, will Uber and Lyft still work?
Yes. The apps need location to match you with drivers, but they don’t need “Always Allow” permission. Setting it to “While Using the App” lets the app function normally while you’re actively booking and riding, and stops background tracking when you’re not using it.
Does disabling personalized ads mean I’ll never see ads?
Correct—you’ll still see ads within the apps, but they’ll be generic rather than based on your riding history and location patterns. You may see ads for the same restaurants or services repeatedly rather than ads specifically targeting your travel patterns.
Can Lyft sell my data to data brokers even though their policy says they don’t?
Their policy explicitly states they don’t sell personal information to third parties for money. However, they do share it with advertising partners to serve personalized ads. If you’re concerned about data sharing, disabling personalized ads is more protective than relying on the “don’t sell” policy.
What’s the difference between revoking an app permission and disconnecting a third-party app?
Revoking a permission (like Contacts) stops an app from accessing that specific data on your device. Disconnecting a third-party service (like Facebook) stops the companies from sharing data with each other. Both are important, but they protect different things.
Should I delete my Uber and Lyft accounts if I’m concerned about privacy?
If you use these services regularly, the privacy settings discussed here reduce risk substantially without requiring you to give up the service. If you use them rarely, deleting your account eliminates ongoing data collection, but you can always create a new account when needed.
How often should I review my privacy settings?
Check settings every 3-6 months, especially after app updates. These companies occasionally add new data collection features or change the location of settings. If privacy is a major concern, review whenever you hear about a new company policy or regulatory action.
