McDonald's applicant privacy statement details data collected in hiring process

What McDonald’s may collect before you ever start a shift

McDonald’s applicant privacy statement makes one thing clear: the hiring process can pull in a wide slice of personal data fast. A U.S. applicant may be asked for contact information, work history, education, certifications, training, language capabilities, compensation expectations, schedule preferences, references, interview notes, and supporting materials such as letters of recommendation.

The list goes well beyond the basics most crew applicants expect. McDonald’s also says applicants may provide birthdate and age, confirmation of reliable transportation, volunteering experience, family members who work at McDonald’s, the right to work in the United States or another selected location, and any sponsorship-related work limits. The notice also covers optional demographic information, photos, and video recordings from interviews and video assessments.

For applicants, that means the hiring file can become a detailed snapshot of identity, availability, and work eligibility before a first day is ever scheduled. For managers, it is a reminder that every extra field in an application is another point where trust can be built or damaged if the purpose is not clear.

The first boundary to understand: corporate job or franchise job

The most important privacy distinction is not buried in the fine print. McDonald’s says the U.S. applicant privacy statement applies to McDonald’s Corporation, McDonald’s USA, LLC, and U.S.-based subsidiaries and affiliates, including employees of company-owned restaurants. It does not apply to McDonald’s franchisees or to applicants for franchisee jobs.

That matters because McDonald’s hiring is split across a corporate system and a franchise system, and the privacy rules follow that split. The job posting is supposed to tell applicants whether the role is being offered by McDonald’s or by a franchisee. If the opening is with a franchise owner, that employer uses applicant data under its own privacy practices, not the corporate notice.

McDonald’s also maintains separate privacy statements for franchisees and franchise applicants, which reinforces the point: there is no single universal hiring pipeline across the brand. For crew members and shift managers, that can affect who sees your application, who stores your information, and who answers privacy questions if something seems off.

Why the hiring process feels so data-heavy

A McDonald’s application is not just a form. It can include screening data, scheduling data, identity data, and in some cases video-based assessment data. That combination reflects how fast-food hiring works in practice: the company is trying to sort availability, eligibility, and basic fit quickly, often across high-volume hiring windows.

The inclusion of schedule preferences, compensation expectations, and transportation details is especially telling for restaurant work. Those fields are not abstract HR extras. They speak directly to whether a crew member can make opening shifts, late closings, or split schedules work in a labor market where turnover is high and managers need coverage fast.

There is also a practical worker angle here. McDonald’s has long sat inside the broader fight over low-wage work, from Fight for $15 campaigns to state minimum wage fights. In that environment, the hiring form becomes part of the first labor conversation: how much you expect to earn, when you can work, and whether you can get there reliably are all folded into the application before an interview is over.

Video interviews and optional demographics raise the stakes

The privacy statement explicitly includes video recordings of interviews and video assessments, along with optional demographic information such as gender identity and race and ethnicity. That does not make the process unusual in today’s hiring market, but it does raise the stakes for transparency.

Video tools can help employers move faster, especially in a system where managers are hiring for multiple stores or high turnover roles. But video also changes the privacy equation. Applicants are not just entering text into a portal, they are creating a record of how they look and speak during screening, and that record may be stored and handled alongside other personal data.

Optional demographic questions are a separate issue, but they still matter to candidates because they sit close to the rest of the application file. When a hiring process asks for this much information, clarity about what is required, what is optional, and who can access it becomes part of the trust test.

The accommodation channel matters too

McDonald’s says applicants can contact the company for assistance with accommodations at corporately owned restaurant locations. That matters because it shows the application process is not only automated or self-serve. Human HR support may still be part of the path, especially when accessibility needs affect how someone applies, interviews, or completes assessments.

For applicants, that can be the difference between being screened out and being able to complete the process. For hiring teams, it is a reminder that accessibility is not a side issue. It is part of the process design, especially at a company that hires at huge scale and relies on digital tools to move candidates through quickly.

Why the McHire episode changed the privacy conversation

The privacy statement lands differently after the 2025 McHire security reporting. Researchers Ian Carroll and Sam Curry reported that McHire, the AI hiring system used by a large share of McDonald’s franchisees, had a vulnerability tied to weak credentials and an IDOR flaw. Reports said the exposure could have affected as many as 64 million applicant records.

That matters because the notice is not describing a tiny data set. It is describing the kind of hiring information that can include contact details, resumes, chat logs, video assessments, and other application materials at enormous scale. When a hiring platform is compromised, the risk is not just a privacy complaint. It is a mass exposure of workers’ personal information before they have even been hired.

The incident also underscores the franchise split again. Much of the exposure concern centered on McHire, which is used by a large share of franchisees, not the same setup as a corporate restaurant job. For applicants, that means the technology behind the hiring screen can differ dramatically depending on which McDonald’s entity is actually hiring.

What managers and applicants should take from this

For applicants, the practical rule is simple: check who is hiring before you share anything more than you need to. If it is a corporate job, McDonald’s U.S. applicant privacy statement applies. If it is a franchise job, the privacy rules are different and the local employer’s notice should govern.

For managers and recruiters, the message is just as clear. Say who is collecting the data, why the information is needed, and where applicants should go with privacy or accommodation questions. In a company this large and decentralized, clarity is not just compliance. It is a hiring advantage.

McDonald’s has already shown, through separate privacy pages for customers, franchisees, and applicants, that it knows different groups need different notices. The next step is making sure the hiring experience matches that standard, because in a labor market shaped by automation, wage pressure, and constant churn, trust can disappear long before a new worker clocks in.