Skip to main content

Achieve CCPA compliance and gain consumer trust

Implement all your CCPA compliance requirements under one roof. Display opt-out notice, ‘Do not sell’ link and generate privacy disclosures.

Become CCPA Compliant

14-day free trial Cancel anytime

Way better than any other cookie tool out there.

The #1 cookie consent solution, trusted by 1.4 Million+ websites

Brand logos of global companies that are CookieYes customers.

What is CCPA?

The California Consumer Privacy Act (CCPA) is data privacy legislation that applies to businesses that process the personal data of California residents. Effective January 1, 2020, CCPA provides individuals control over the personal data that businesses collect about them.

Who does CCPA
apply to?

The CCPA applies to for-profit businesses that collect, share, or sell the personal information of California residents and fit any of the criteria.


Has annual gross revenues over $25 million


Process personal information of 50,000 or more consumers, households, or devices


Earns more than 50% of annual revenue from the sale of personal information

CCPA Compliance Checklist for Websites

Display CCPA opt-out notice to respect the user’s right to opt-out

Add a clear and conspicuous “Do Not Sell My Personal Information” link

Include an up-to-date and accessible privacy policy and cookie policy

Meet CCPA Compliance Requirements with CookieYes

Implement ‘Do not sell’ opt-out notice

The CCPA requires businesses to respect the consumer’s right to opt-out of the sale of their personal information to third parties. This includes data collected through cookies. With CookieYes you can

  • Scan your website for cookies and trackers
  • Pre-select cookie categories to block cookies when the user opts out
  • Display a CCPA opt-out notice or simply add a ‘Do Not Sell My Personal Information’ link on the website footer

Comply with GDPR and CCPA regulations

If your website has visitors from both US and the EU, then it is important to comply with both laws. Businesses are required to display an opt-out notice for CCPA and a cookie consent banner for GDPR. With CookieYes, you can

  • Show CCPA and GDPR cookie notices for website visitors
  • Geotarget the CCPA opt-out notice for California/US visitors
  • Geotarget the GDPR cookie banner for visitors from the EU & UK

Add a privacy policy

Under CCPA, businesses should include an up-to-date privacy policy on their website. It should describe what personal information is collected, the data processors, the purpose of collection and description of consumer rights. With our privacy policy generator, you can

  • Answer a simple data privacy questionnaire
  • Generate your privacy policy instantly
  • Copy-paste the privacy policy to your website

Create a cookie policy

Under the CCPA, businesses must include a disclosure about their use of cookies in their policies. It can either be included within the privacy policy or added as a separate disclosure. With our cookie policy generator, you can

  • Edit or customize the preset cookie policy template
  • Generate a cookie policy with a complete cookie list
  • Auto-update your policy with each website scan

Comply with CCPA and ever-evolving privacy laws in the US

Become CCPA Compliant

14-day free trial Cancel anytime

What are consumer rights under CCPA?

Right to notice

The right to know about the personal information a business collects about them and how it is used and shared.

Right to deletion

The right to delete personal information that a business has collected from them.

Right to opt-out

The right to opt-out of the sale of their personal information by a business.

Right to non-discrimination

The right to not be discriminated against for exercising their consumer rights under CCPA.

What are the penalties for non-compliance with the CCPA?

Businesses can get civil penalties of up to $7500 for each intentional violation while each unintentional can amount to a fine of up to $2500. Businesses will have a 30-day cure period to rectify violations before the California Attorney General takes action.

CCPA provides a private right of action to consumers under limited circumstances if they suffer a data breach due to negligence from a business. Consumers can sue for the amount equal to the monetary damages they actually suffered from the breach or “statutory damages” of up to $750 per incident.

FAQ on CCPA Compliance

The California Consumer Privacy Act (CCPA) is a state-wide privacy regulation enacted in 2018. CCPA compliance applies to any for-profit entity doing business in California that collects, shares, or sells the personal information of California residents.

To be CCPA compliant, companies are required to meet certain standards for data collection and processing of any personal data that can be linked, associated, or related to Californians. 

Help guide: How to use CookieYes for CCPA Compliance

No, the California Privacy Rights Act (CPRA) does not replace the CCPA but amends it. The CPRA is an expansion of the CCPA, as it modifies existing provisions and introduces additional requirements for businesses operating in California. The CPRA came into effect on January 1, 2023.

Read more: Complete Guide to CPRA

Under CCPA, personal information is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific consumer or household. CCPA maintains a broad definition of personal information but excludes de-identified/anonymized information from it.

Personal information can be identifiers such as name, identification number, IP addresses, biometric information or characteristics such as race, ancestry, religion, age, sex, sexual orientation, gender, medical condition etc.

Cookies and similar tracking technologies are classified as unique identifiers and can be considered personal information under CCPA. A unique identifier could directly or indirectly identify an individual consumer, family, or device over time and across services.

These identifiers can include IP addresses, cookies, beacons, pixel tags, mobile ad identifiers, customer numbers, unique pseudonyms, user aliases, and telephone numbers.

CCPA requires that users be able to opt out of the sale of personal information. This means the website should give users the choice to opt out of the use of cookies that are not strictly necessary, especially third-party cookies such as tracking cookies used for advertising.

CCPA requires businesses to disclose how they collect, use and retain personal information about California residents. Businesses are therefore required to maintain a CCPA-specific privacy policy that is available to the consumers. 

A CCPA privacy policy should disclose what personal information is being collected about consumers, how it is being used, and with whom it is being shared. It should also detail the consumer’s rights as per CCPA and how they can exercise these rights.

CCPA applies to all for-profit organizations that process the information of California residents to offer goods or services. The law does not require the business to have a physical presence in California. In short, any business that deals with the personal data of California residents have to be CCPA compliant.

The CCPA law provides consumers with the right to opt out, i.e. the right to ask a business to stop selling their personal information. A CCPA-compliant opt-out mechanism should be accessible and transparent and should not require consumers to search or scroll through a privacy policy or similar document to perform an opt-out request.

Under the CCPA, the sale of personal information occurs when a business transfers the consumers’ information to another business or third party for financial gain. The definition includes any disclosure that involves the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means”.

Here are some links you can refer to for additional reading:

Fast-track your CCPA compliance with CookieYes

Set up your CCPA opt-out notice in 3 simple steps and get compliant easily.

Become CCPA Compliant

14-day free trial Cancel anytime