CCPA· 1 brief

CCPA briefs.

California’s Consumer Privacy Act (CCPA) and its 2023 amendment (CPRA) apply to for-profit businesses meeting any one of three thresholds: annual gross revenue over $25 million, buying or selling the personal data of 100,000 or more California consumers or households, or deriving 50% or more of revenue from selling personal data. If you serve California users at scale and have web analytics, ad tracking, or a data broker relationship, you are likely in scope.

CCPA gives California consumers the right to know what data is collected, the right to delete it, the right to opt out of its “sale or sharing,” and the right to non-discrimination for exercising those rights. CPRA added sensitive personal information as a protected category, created a right to correct inaccurate data, and established the California Privacy Protection Agency (CPPA) as a dedicated enforcement body. Unlike GDPR, CCPA is opt-out by default — not opt-in.

The brief below covers the requirements and what CCPA compliance looks like in practice for SaaS. If you’re ready to assess your exposure, visit the CCPA service page.

$7,500
Max per-violation fine
45 days
Consumer request response
3
Applicability thresholds

No deck. No sales pitch. We scope the programme, give you the gap analysis, and you decide if there’s a fit.

Book a scoping call →CCPA service overview →
← All briefs
CCPA briefs1
Start here
Close-up of a dark combination padlock — representing CCPA consumer data rights.
CCPAApr 14, 202610 min read

CCPA Requirements: What California Privacy Law Means for Your SaaS

CCPA requirements explained for SaaS: thresholds, consumer rights, opt-out mechanics, CPRA updates, and enforcement reality. Schedule a scoping call.

If one of these briefs reflects where you are right now, we run scoping calls without a deck. Book a scoping call.

+1 (202) 793-7151Schedule a scoping call →