CCPA Privacy Policy Generator

Create a privacy policy that meets California Consumer Privacy Act (CCPA/CPRA) requirements. Includes all mandatory disclosures and consumer rights.

CCPA Consumer Rights

California consumers have these rights under CCPA/CPRA. Your privacy policy must explain how to exercise them:

Right to Know

What personal info is collected and how it is used

Right to Delete

Request deletion of personal information

Right to Opt-Out

Opt out of sale/sharing of personal information

Right to Correct

Correct inaccurate personal information

Right to Limit Use

Limit use of sensitive personal information

Right to Non-Discrimination

Not be discriminated against for exercising rights

CCPA Data Categories

CCPA requires disclosure of personal information categories collected. Your policy must list which of these apply:

Identifiers (name, email, IP address)
Commercial information (purchase history)
Internet activity (browsing, search history)
Geolocation data
Professional information
Education information
Inferences drawn from other data
Sensitive personal information

Required CCPA Disclosures

Categories of personal information collected in past 12 months
Sources of personal information
Business or commercial purposes for collection
Categories of third parties with whom info is shared
Whether personal information is sold or shared
Retention periods for each category
How consumers can submit requests
Process for verifying consumer requests
Link to "Do Not Sell or Share" opt-out (if applicable)
Notice of financial incentive programs (if applicable)

CCPA Privacy Policy FAQ

Does CCPA apply to my business?

CCPA applies if you do business in California AND meet one of these: annual gross revenue over $25 million, buy/sell data of 100,000+ consumers, or derive 50%+ of revenue from selling personal information.

What is the difference between CCPA and CPRA?

CPRA (California Privacy Rights Act) expanded CCPA in 2023. It added new rights like correction and limiting use of sensitive data, created the California Privacy Protection Agency, and expanded the definition of personal information.

Do I need a "Do Not Sell My Information" link?

If you sell or share personal information (including for targeted advertising), you must provide a clear "Do Not Sell or Share My Personal Information" link on your website.

What are the penalties for CCPA violations?

The California Attorney General can impose fines of $2,500 per unintentional violation and $7,500 per intentional violation. Consumers can also sue for data breaches with statutory damages of $100-$750 per incident.

Become CCPA Compliant

Generate a California-compliant privacy policy in minutes.