Iubenda logo
Start generating

CCPA compliance for your site, app and business

California's Consumer Privacy Act (CCPA) places new requirements on businesses, and, as a result, new legal and technical burdens as well. Compliance in general can be complicated – figuring out the right way to apply the law and to make the technical specifications work for your site and your business can be incredibly challenging. Our solutions take the guesswork out of compliance by doing the heavy technical and legal lifting so that you can focus on growing your business.

Read all about the CCPA in our detailed guide

Generate CCPA notice

CCPA target shield icon

Does the CCPA apply to you?

The CCPA applies to for-profit businesses that target or could potentially have Californian customers, and that meet any one of the following conditions:

  • it processes (buy, sell, receive, share) personally identifiable information of at least 50k Californians per year.– Since IP addresses are considered personal information, this likely applies to any website with at least 50k unique visits per year from California; or
  • it makes at least half of its yearly revenue from sharing consumers' personal information (IP addresses are considered personal information) with third parties. This can include things like using Analytics or retargeting for ads; or
  • the business has gross annual revenues exceeding twenty-five million dollars ($25,000,000).

See it in action

What's required for CCPA compliance

CCPA world

Detailed disclosures via Privacy Policy


Under the CCPA, businesses must include specific disclosures in their privacy policies. These disclosures include descriptions of consumer rights, processing partners, purposes, sources and more. This information must be complete, up-to-date and easily accessible throughout your website/app.

Invalid document icon

Policies are invalid if they're missing the right information

In order to be compliant, your policy must at the very least contain:

  • the categories of personal information that you've collected, sold or shared in the past 12 months;
  • the categories of third parties that you have and/or may share the information with;
  • the categories of sources from which you collect this information;
  • the business/commercial purpose for processing the information;
  • the applicable consumers' rights and how they can be exercised.

Read more about Consumer's right to be informed under the CCPA

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 1700+ clauses, available in 9 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.
Desktop cookie banner icon

Display notice and allow Opt-out


The CCPA requires you to display a notice at or before the point of collection which informs consumers of which categories of personal information will be collected and the purposes for the collection. Consumers must also be allowed to opt-out of this processing. As a business you are therefore also responsible for informing consumers of this option and providing the actual means for opt-out.

In particular, you must:

  • Detect whether or not a consumer is California-based and whether or not they’ve visited your website before
  • Facilitate opt-out requests via a DNSMPI link
  • Instruct relevant third-parties to cease processing the consumer's information when an opt-out request is received.
  • Serve them a notice at first site visit containing the necessary disclosures
Cookie solution icon

Cookie Solution for CCPA

Notify consumers and manage opt-out. IAB CCPA Compliance Framework integrated.

Our solution lets you:

Display banner icon

Display a CCPA notice of collection

Profiling cookie icon

Display a "Do Not Sell My Personal Information" (DNSMPI) link in the notice and elsewhere on your site/app thereby supporting opt-out from sale

Detect location icon

Automatically detect and apply the correct standards (including multiple standards) based on location. Our solution allows you to apply both CCPA and GDPR standards to the same users when legally required

Opt out icon

Easily register and automatically pass user preferences (like opt-out) to ad vendors who support the IAB CCPA Compliance Framework (like Google and AdRoll)

Pointed world icon

Keep up-to-date records for manual opt-out


As mentioned above, the CCPA grants consumers the right to opt-out. In cases where the processing is somewhat manual (i.e not related to onsite scripts such as in the case of Direct email marketing) businesses may need to manually implement the opt-out request.

Furthermore, the CCPA mandates that opted-out users may not be contacted for a minimum of 12 months after the request. For this reason it's prudent to keep records of opt-out details such as the particular user, the date, and sub-contractors to be notified in the case of requests.

Consent Solution icon

Consent solution

Our Consent Solution hooks onto your web-forms to let you automatically pass consumer preference details like opt-out via API to a centrally managed visual dashboard. You can record all relevant details including date and time of opt-out, privacy policy version available to the user at the time of opt-out, User-Id, email and even IP address to aid in request verification.
Internal Privacy Management icon

Internal Privacy Management

Our Internal Privacy Management Solution lets you accurately record relevant details necessary for fulfilling Consumer requests with precision.

The Solution records:

  • security details such as which members of your organization has access to user data;
  • any registered sub-contractors processing on your behalf;
  • manually added purposes for the processing;
  • data collection methods and more.
Fine risk icon

Penalties and fines for CCPA non-compliance

Consumers are given the right to sue businesses that violate the law. The associated fines will be between $100 and $750, or any higher amount related to actual damages (where larger damages can be proven). The state can bring charges of up to $2,500 per violation for businesses that unintentionally violate the CCPA, and fines of up to $7,500 per violation, for businesses that commit intentional violations.

While these fines might not seem like a lot when compared to other privacy laws, do consider that these fines apply per individual violation and per consumer. For a business with even just a few customers, these fines can add up to a hefty sum.

Trusted by over 90,000 clients in 100+ countries

Snopes logo
Le Monde logo
MaxMara logo
Huffpost logo
Arduino logo
Opengov logo
Martini logo
Mit logo
Goethe logo
Jobtome logo
Newyorkcode logo
Honda logo
The Spectator logo
Ustwo logo
Siemens logo

Best reviewed GDPR Compliance Solution on Capterra and Trustpilot with 5 stars

Capterra rating

“If you, like me, are part of a smart team and hate updating your privacy policy every time you add some code to your site, then iubenda is for you. It's ridiculously affordable, and super easy to use.”

Trustpilot rating

I can't recommend iubenda enough. It's saved me so much time and headaches trying to sort it all out with other, sub-par solutions. Thank you!

Generate CCPA notice


2224807 self-updating documents already generated


What's considered personal information?

Under the CCPA, personal information is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

More on personal data under the CCPA

How does CCPA differ from GDPR?

Despite having some similarities (like many of the user rights), the CCPA and the GDPR also differ significantly on quite a few issues, one of those being consent. For a quick visual comparison of the two, check out our infographic at the link below.

More about CCPA vs GDPR

A 360° solution to make your sites and apps compliant with the law

Compliance for websites and apps

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 1700+ clauses, available in 9 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.

Cookie Solution icon

Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and CCPA Compliance Framework.

Our solution allows you to display a fully customizable cookie banner, collect cookie consent, implement prior blocking, set advertising preferences, collect explicit consent to Google personalized ads and more.


Compliance for your organization

Consent Solution icon

Consent Solution

Collect GDPR & LGPD consent, document opt-ins and CCPA opt-outs via your web forms.

Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Internal Privacy Management icon

Internal Privacy Management

Document all the data processing activity within your organization.

To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.