Food delivery driver app privacy risk begins before the first delivery. Driver onboarding can ask for legal name, address, phone, email, Social Security number fragments, driver's license, vehicle registration, insurance, background-check consent, bank payout details, tax forms, selfie or liveness checks, device permissions, precise location, notification access, and referral codes. After activation, the same app can observe routes, wait time, acceptance rates, cancellation patterns, ratings, tips, earnings volatility, support tickets, customer complaints, and when the worker appears willing to chase incentives. That is a worker profile, not just a map.

The FTC's gig-work policy statement is relevant because it explicitly treats gig workers as consumers who can face unfair, deceptive, or anticompetitive practices. Earnings claims, algorithmic control, opaque penalties, and confusing fees are not separate from privacy. A driver who cannot see why orders slowed down, why an incentive changed, or why a background check created friction also cannot evaluate how their data is being used. Location, ratings, acceptance behavior, and payout timing can become leverage if the app uses them to shape work without plain explanations.

Location is the core sensitivity. A delivery app may need real-time location while a worker is on an active order, but privacy risk rises when collection is broader than the work requires or when historical movement becomes a behavioral asset. Routes can reveal home base, second jobs, childcare routines, preferred neighborhoods, religious attendance, medical visits, vehicle reliability, and financial stress. If the worker keeps the app open while waiting, commuting, or multi-apping, the boundary between job data and life data can blur quickly.

Payout and cash-flow features add another layer. The CFPB's work on employer-driven debt and worker financial products matters because workers may encounter instant payout, debit-card, cash-advance, or fee-based financial products through the same app that controls access to income. Those offers can be useful, but they can also turn earnings volatility into a financial profile. A worker who accepts instant payout after slow weeks, disputes a missing tip, or changes bank accounts should not have that stress folded into unrelated scoring, advertising, or product targeting.

Background checks and identity proofing are also high-risk. A driver may submit government ID, insurance, vehicle documents, and consent to checks by third-party vendors. Rejected or delayed onboarding can leave sensitive documents in queues even if the worker never earns. The FTC's personal-information guidance applies: companies should collect only what they need, protect it, limit access, and dispose of it responsibly. Support screenshots about license renewal, insurance, or pay problems should not become permanent general-purpose files.

NIST's Privacy Framework gives platforms a better operating model. Identify the data, govern uses, communicate purposes, and protect it according to risk. For driver apps, that means explaining when location is collected, when it stops, which vendors handle identity and background checks, what data customers can see, how ratings and fraud flags affect work, and whether optional financial products are separate from the core delivery account. A privacy notice that hides these distinctions is not enough for a worker whose income depends on the app.

The practical defense is imperfect but real. Use strong authentication, keep app permissions as narrow as the platform allows, review location settings after shifts, and avoid uploading more documents than requested. Keep copies of onboarding, payout, and tax records outside the app. Read instant-payout terms before linking a debit card. If you contact support, crop screenshots to remove unrelated messages, bank details, or family information. Treat referral links, texts, and unofficial onboarding pages cautiously, because driver accounts are attractive targets for phishing and identity theft.

A better delivery-driver app would separate active-trip location from off-shift tracking, label every financial product, explain adverse account actions, minimize retention of rejected documents, and provide worker-readable access to key profile signals. cloak's active-defense frame matters because economic exploitation is not limited to shopping checkout. A normal person trying to earn money should not have to trade invisible movement, wage, and stress signals for access to work.