US privacy compliance for every state
From California to New Jersey, each state adds its own spin on privacy law. We’ve built one setup that adapts as the laws evolve, so you can protect revenue and keep moving forward, no matter what changes.
US privacy compliance is a moving target
California demands disclosures on data sales, Virginia requires strict opt-outs, and Texas sets the clock ticking on user requests. Manual compliance doesn’t scale, but our tools do, keeping policies current and opt-outs consistent across every jurisdiction.
You’re in good company
Over 150,000 businesses use iubenda to manage privacy, consent, and user rights across multiple jurisdictions.
Which US privacy laws apply to you?
The short answer: probably more than one. State lawmakers keep stacking new requirements, each with its own scope, rights, and penalties. iubenda keeps pace with them all, automatically.
In force since Oct 1, 2019
Nevada Privacy Law
In force since Jan 1, 2023
CPRA (California)
VCDPA (Virginia)
In force since Jun 1, 2023
CPA (Colorado)
CTDPA (Connecticut)
In force since Dec 31, 2023
UCPA (Utah)
In force since Jun 1, 2024
TDPSA (Texas)
OCPA (Oregon)
In force since Oct 1, 2024
MTCDPA (Montana)
In force since Jan 1, 2025
DPDPA (Delaware)
NHDPA (New Hampshire)
In force since Jan 15, 2025
NJDPA (New Jersey)
In force since Jul 1, 2025
TIPA (Tennessee)
In force since Oct 1, 2025
MCDPA (Massachusetts)
In force since Aug 1, 2026
NDPA (North Dakota)
Must-haves across US privacy laws
Most state laws share the same core building blocks: policies, disclosures, opt-outs, and records. Miss one, and you’re exposed to fines, disputes, or platform penalties.
Privacy Policies & Disclosures
Explain what you collect, why, who you share it with, and whether you sell or share data. Some states even require a 12-month disclosure history.
Opt-Out & Profiling Rights
A “Do Not Sell or Share” link is no longer optional. You’ll also need to honor Global Privacy Control (GPC) signals automatically.
Sensitive Data Rules
Some states demand explicit consent for biometrics, children’s data, or health data. Skip this, and penalties can add up fast.
Consumer Rights Management
Users can request access, correction, deletion, and even appeal a denial. You’ll need a reliable way to receive, track, and respond within deadlines.
Data Processing Records
Most laws require proof of your practices: what you collect, where it goes, how it’s secured, and who else handles it.
Cross-border compliance
If you operate in both the US and EU, expect CPRA and GDPR to overlap, and regulators in both regions to pay attention.
US privacy law toolkit
No single tool can promise “forever compliance”, but the right setup makes proving compliance possible, and that’s where iubenda comes in.
Privacy and Cookie Policy
Consent Banner
Marketing Consent
Data Processing Activities
Privacy and Cookie Policy Generator
Generate US state–ready policies with required disclosures, updated automatically as new laws roll out.
Privacy Controls & Cookie Solution
Add a “Do Not Sell or Share” link, respect GPC/GPP signals, and tailor notices by user location.
Consent Database
Track and prove opt-outs across states. Every detail logged: who, when, and how.
Register of Data Processing Activities
Keep centralized proof of how you collect, use, and share data. Critical for audits and user rights requests.
Why businesses prefer iubenda
Automatic updates, lawyer-drafted clauses, and one dashboard that scales with every new state law.
Automatic updates
We track state laws for you, keeping your policies and consent flows up to date.
Centralized control
Oversee privacy across all sites, apps, and regions from a single, connected dashboard.
Lawyer-backed, business-ready
Every clause is created by our international legal team and designed for seamless integration into your docs.
Future-proof setup
As new state laws roll out, your iubenda tools adapt automatically. No rebuilds, no extra work.
The word on iubenda
Antonella F.
Alligator.it
“As a web communications agency and Google partner, we needed a fast, easy-to-implement, and Google-certified solution for our sites not only to keep them always compliant with privacy regulations but also to make our marketing actions perform well. We found all of this in iubenda’s Google-certified CMP.”
Mirko C.
UpGrade!
“For developers and site owners, iubenda is indispensable. It’s a must for every website or app that respects its users’ data. We’ve been using iubenda since its early days: we’ve watched it grow and we’ve grown with them.”
Nicola Z.
DevClimb
“Our experience with iubenda has been positive across the board; iubenda is excellent for managing our online compliance needs.”
Gianluca B.
milklab.it
“iubenda is a simple way to align with privacy and cookie laws. It provides all the necessary tools to make the path to compliance less difficult.”
Marika P.
E-leva
“As a web agency, we often find ourselves interfacing with European and international markets that have different regulatory obligations. On this point, we must say that iubenda helps us a lot.”
Ignazio M.
power2Cloud
“iubenda helps every business to overcome online legal compliance challenges successfully, in the simplest and fastest possible way. Even compliant server-side tracking that supports Google Consent Mode v2 in just a few clicks!”
Denis A.
dhenx.com
“I’ve been using iubenda for some time to manage the legal compliance of my website and those of my clients and I’ve been really satisfied. The platform offers complete solutions for creating privacy and cookie policies and terms of service. It’s simple to use. Furthermore, customer support is always available and ready to answer any questions. I recommend iubenda to anyone who manages an online business and wants to sleep peacefully regarding legal compliance.”
Your questions, answered
Which US privacy laws apply to me?
It depends on where you operate, your revenue, and how much personal data you process. Many laws apply if you process 100k+ users’ data or generate revenue from data sales/sharing.
Do I need separate privacy policies for each state?
Not if your policy covers all required disclosures. iubenda builds one policy that adapts to multiple jurisdictions.
What happens if I don’t comply?
Fines range from $2,500–$7,500 per violation. That can mean per user, per incident. Costs add up fast, plus the reputational hit.
How does this overlap with GDPR?
If you serve both EU and US users, you’ll need to meet both. GDPR leans on opt-in consent, while US laws lean on opt-out. iubenda covers both in one setup.
Stay ahead of US privacy laws
Turn compliance into momentum. Protect revenue, keep regulators off your back, and scale with the same confidence as 150,000 other businesses.
