Fast.  Secure.  Free.  Forever.
California Law — Active Since 2020
California Consumer Privacy Act

CCPA.
Your data. Your rules.

The CCPA gives every California resident the right to know what data businesses collect, delete it, opt out of its sale, and correct inaccuracies — enforced with real fines and a private right of action.

$100
Per Violation Fine
$750
Consumer Lawsuit Right
45
Days to Comply
40M
Californians Protected
What is the CCPA

The first major US consumer privacy law

The California Consumer Privacy Act (CCPA) took effect January 1, 2020 — the first comprehensive consumer data privacy law in the United States. It was significantly expanded by the California Privacy Rights Act (CPRA) in 2023, which added new rights and created the California Privacy Protection Agency (CPPA) to enforce them.

The CCPA applies to any for-profit business that operates in California and meets at least one threshold: annual gross revenue over $25 million, buys or sells personal data of 100,000+ consumers annually, or earns 50%+ of revenue from selling personal data. This covers most major apps, retailers, online services, and data brokers.

Who qualifies: Any California resident — regardless of where the company is headquartered. If a business collects data from California residents, the CCPA applies to them.
Your Rights Under CCPA

Six rights that belong to you

Right to Know
Request disclosure of what personal data a business has collected, where it came from, and who it has been shared with or sold to.
Right to Delete
Request deletion of your personal data. Businesses must comply within 45 days and direct service providers to delete your data too.
Right to Opt Out of Sale
Stop businesses from selling or sharing your personal data with third parties. Must be honored immediately via a "Do Not Sell" link.
Right to Correct
Request correction of inaccurate personal data a business holds about you. Added by the CPRA in 2023.
Right to Limit Use
Limit how businesses use your sensitive personal information — including precise geolocation, race, religion, and biometrics.
Right Against Retaliation
Businesses cannot discriminate against you for exercising CCPA rights — no denying service, charging higher prices, or lower quality.
CCPA vs SB362

How CCPA and SB362 work together

CCPA and SB362 (the Delete Act) are complementary — CCPA gives you broad rights against any covered business, while SB362 specifically targets data brokers with a unified single-request deletion mechanism covering all 480+ registered California brokers.

CCPA Covers
Any business over $25M revenue
Any business selling 100K+ records
Retailers, apps, websites, services
Data brokers AND regular businesses
Right to know, delete, correct, limit
SB362 Adds
One request covers all 480+ brokers
Only registered CA data brokers
$200/day fines vs CCPA $100/violation
CPPA unified deletion portal
Authorized agent bulk submissions
How to Exercise Your Rights

Submit a CCPA request in 5 steps

1
Identify the business you want to submit a request to — any for-profit business operating in California that meets the CCPA thresholds.
2
Find their privacy request form — CCPA requires covered businesses to provide a clear method to submit data requests. Look for "Privacy" or "Do Not Sell My Personal Information" in the footer.
3
Choose your request type — Know, Delete, Opt Out of Sale, Correct, or Limit Use. You can submit multiple request types simultaneously.
4
Verify your identity — businesses may require identity verification for deletion and access requests. This is legal and protects you from fraudulent requests by others.
5
Save your confirmation — businesses must acknowledge within 10 days and fulfill within 45 days. Your confirmation receipt is your legal proof and enforcement tool.
Delete from all data brokers at once
ClickOff submits your deletion request to 480+ registered California data brokers simultaneously — as your authorized agent under CCPA and SB362. Free forever.
Submit My Deletion Request →
Enforcement

What happens when businesses don’t comply

CPPA
File a complaint with the CPPA — the California Privacy Protection Agency investigates violations and can levy fines of $100 (unintentional) to $7,500 (intentional) per violation.
$750
Private right of action — if a data breach exposes your unencrypted personal data, you can sue for $100-$750 per consumer per incident without proving actual harm.
AG
California Attorney General — the AG can investigate and pursue civil penalties against businesses that violate the CCPA, particularly for systematic violations.
Related Laws

CCPA works alongside these protections

SB362 — The Delete Act → FTC Click-to-Cancel Rule → All 15 State Privacy Laws → 200+ Data Broker Guides →
Everything you need to know
CCPA Questions? Answers.
Who does the CCPA protect?
Any California resident qualifies for CCPA protections — regardless of where the company is headquartered or where your data was collected. If you live in California and a covered business holds your data, the CCPA applies.
What businesses does the CCPA apply to?
The CCPA applies to for-profit businesses that operate in California and meet at least one threshold: annual revenue over $25 million, buy or sell data of 100,000+ consumers annually, or earn 50%+ of revenue from selling personal data. This covers most major apps, retailers, online services, and all significant data brokers.
What is the difference between CCPA and SB362?
CCPA gives you broad rights against any covered business — retailers, apps, and services included. SB362 specifically targets registered data brokers with a unified single-request deletion system covering all 480+ registered California brokers simultaneously. Both laws apply at the same time and complement each other — use both.
How long does a business have to comply with my CCPA request?
Businesses must acknowledge your request within 10 business days and fulfill it within 45 days. They may request one 45-day extension if they notify you. After 90 days, non-compliance is subject to CPPA enforcement and fines of $100-$7,500 per violation.
Can a business charge me to exercise my CCPA rights?
No — businesses cannot charge you any fee to submit or process a CCPA request. You are entitled to two free requests per 12-month period. Any business charging for CCPA request processing is in violation of the law.
Can I use an authorized agent to submit CCPA requests?
Yes — the CCPA explicitly allows you to designate an authorized agent to submit requests on your behalf. The agent acts with your full legal authority. ClickOff operates as your authorized agent, submitting deletion requests to data brokers simultaneously and generating your timestamped legal receipt — free forever.