CCPA / CPRA guide
The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), give California residents specific rights over how businesses collect and use their personal information. This page covers what they expect from your website, and how One Privacy helps.
Who's affected
CCPA / CPRA applies if your business meets at least one of these:
Has annual gross revenue over $25 million.
Buys, sells, or shares the personal information of 100,000 or more California residents.
Earns 50 percent or more of its revenue from selling or sharing personal information.
Even if you don't meet these thresholds, many businesses choose to honor CCPA / CPRA voluntarily because California traffic is part of almost every site's audience.
Opt-in vs opt-out
The CCPA takes an opt-out approach, which is different from the GDPR's opt-in model.
You can collect and use personal information by default, as long as you give California residents a clear way to:
Stop you from selling or sharing their personal information.
Limit the use of sensitive personal information.
Access, delete, or correct the personal information you hold on them.
What this looks like on a website
A clear "Do Not Sell or Share My Personal Information" link or button.
A way to opt out of cross-context behavioral advertising (advertising that follows the visitor across websites).
A way for residents to submit requests to access, delete, or correct their data.
How One Privacy helps
Geo-aware banners. Show a CCPA-friendly banner to visitors detected in California. See Creating a geo rule.
Built-in Do Not Sell button. The banner and Cookie Settings popup both support a "Do Not Sell My Personal Information" button you can show only where it's relevant. See Visibility settings.
Persistent access. The floating button lets California visitors reopen preferences any time. See Floating cookie settings button.
Audit trail. Every opt-out is recorded in the Consent Audit, so you can show evidence on request. See Consent audit overview.
Google Consent Mode. When a California visitor opts out, One Privacy passes the right signals to Google Analytics, Ads, and other tools so they stop targeting and tracking. See Google Consent Mode.
What's still on you
One Privacy gives you the consent layer. The rest of your CCPA / CPRA compliance also includes:
A way for residents to submit access, deletion, and correction requests (often a form or email address).
Procedures for handling those requests within the legal timeframe (typically 45 days).
A financial incentive notice if you offer different prices based on personal information.