CCPA Ready · Compliance guide
CCPA/CPRA (California) plus 10+ newer state laws require a privacy notice, a "Do Not Sell or Share" link, honoring opt-out signals, and consumer data rights. Check yours.
This rule applies if you sell to or collect data from consumers in California or other US states. Sell to US consumers? California + new state laws require a privacy notice, opt-out, and a 'Do Not Sell' link. Not sure? The free checker tells you in about a minute — no signup.
In practice, CCPA Ready's checker looks at whether you can answer "yes" to each of these. Each one is a place sellers commonly get caught:
⚠️ Exposure: $2,500/violation — $7,500 if intentional or a minor. Status: In force.
Statutory maximums are worst-case ceilings, not a prediction — but they're why this is worth ten minutes now.
California's CCPA/CPRA applies above certain thresholds (revenue, data volume, or selling data), and 10+ other states have similar laws. If you sell to US consumers and collect personal data or use targeted ads, you likely need a notice and opt-out.
A clear, account-free link (often "Your Privacy Choices") letting consumers opt out of the sale or sharing of their personal information — including cross-context behavioural advertising cookies.
Global Privacy Control is a browser opt-out signal. Under CPRA and several state laws you must treat it as a valid opt-out of sale/sharing.
RuleGoose checks this against the California CCPA/CPRA + US state privacy laws. Read it yourself: California AG — CCPA →
or get one RuleGoose Score across every rule that applies to you.
Informational only, not legal advice, and not affiliated with California or the FTC. Last reviewed 2026-06-28.