Navigate California's strictest privacy law with confidence. Generate a fully compliant CCPA/CPRA privacy notice covering all 13 required disclosures, consumer rights workflows, and Do Not Sell opt-outs — in minutes, not months.
If your business meets any one of these three thresholds, CCPA applies to you — even if you are based outside California.
Annual Gross Revenue
Any for-profit business with annual gross revenue exceeding $25 million in the preceding calendar year.
California Consumers
Businesses that buy, sell, or share the personal information of 100,000 or more California residents, households, or devices annually.
Revenue From Data
Businesses that derive 50% or more of their annual revenue from selling or sharing California residents' personal information.
Not sure? Even if you are based in New York, Texas, or overseas — CCPA applies if you do business with California residents and meet any threshold above.
California law mandates that every privacy notice includes all 13 specific disclosures. Missing even one can trigger enforcement action from the California Attorney General.
Most generic privacy policy templates cover 5-7 of these at best. PolicyForge generates all 13 automatically based on your actual data practices, so nothing slips through the cracks.
The California Privacy Rights Act (CPRA) took effect January 1, 2023, significantly strengthening CCPA. Here is what businesses need to know.
| Area | CCPA (Original) | CPRA (Current) |
|---|---|---|
| Consumer Rights | Access, delete, opt-out of sale, non-discrimination | Added: right to correct, right to limit use of sensitive data |
| Sensitive Data | No special category | New "sensitive personal information" category with separate opt-out |
| Data Minimization | No explicit requirement | Must limit collection to what is reasonably necessary |
| Retention Limits | No disclosure required | Must disclose retention periods for each data category |
| Enforcement | California Attorney General only | New California Privacy Protection Agency (CPPA) + AG |
| Penalties | $2,500 unintentional / $7,500 intentional | Same base + tripled for children's data violations |
| Sharing Definition | "Selling" data only | Expanded to "sharing" for cross-context behavioral advertising |
| Contractor Rules | Basic service provider rules | New "contractor" category with stricter obligations |
PolicyForge policies cover both CCPA and CPRA requirements automatically. No manual updates needed.
All 13 disclosures. Do Not Sell links. Consumer rights workflows. One tool.
No credit card required. CCPA/CPRA compliant in days.
The California Attorney General and the new California Privacy Protection Agency actively enforce CCPA. Here is what non-compliance costs.
$2,500
Per Unintentional Violation
Even accidental non-compliance carries significant fines per affected consumer
$7,500
Per Intentional Violation
Tripled for violations involving children's data under CPRA amendments
$750
Per Consumer (Data Breaches)
Private right of action: $100-$750 per consumer per incident, or actual damages
$1.2 Million
Sephora
Failed to disclose sale of personal information and honor "Do Not Sell" requests via Global Privacy Control.
$375,000
DoorDash
Sold consumer personal information to marketing cooperative without required notice or opt-out.
$632,500
Honda
Failed to properly handle consumer access and deletion requests within required timeframes.
A single violation affecting 10,000 consumers could cost $75 million. PolicyForge starts at $15/month.
Three steps from non-compliant to California-ready.
Quick questionnaire about your California data practices: what you collect, how you use it, whether you sell or share data, and your sensitive data categories.
AI creates your comprehensive CCPA-compliant privacy notice with all 13 required disclosures, Do Not Sell links, consumer rights sections, and authorized agent procedures.
Download, embed, or host your policy. Automatic updates when CCPA/CPRA regulations change — so you never fall out of compliance.
Everything you need to know about CCPA/CPRA compliance.
Generate your complete CCPA/CPRA privacy notice today. All 13 disclosures, consumer rights workflows, and Do Not Sell opt-outs — ready in minutes.
Trusted by 10,000+ businesses • Rated 4.9/5 from 2,847 reviews