US · CALIFORNIA · CCPA / CPRA

CCPA compliance for companies with California customers.

Consumer rights intake, opt-out workflows, consent records, and audit proof — everything needed to meet CCPA and CPRA obligations.

No credit card required. Privacy Center live in 15 minutes.

CCPA / CPRA PENALTIES

Per-consumer penalties add up fast.

Unlike GDPR's aggregate cap, CCPA fines are per consumer per incident. A breach affecting 10,000 Californians could mean $75 million in intentional-violation penalties.

Violation typePenaltyScope
Unintentional violation$2,500Per violation, per consumer
Intentional violation$7,500Per violation, per consumer
Children's data (under 16)$7,500Per intentional violation involving minors
Data breach (failure to implement security)$100–$750Per consumer per incident — or actual damages if higher

YOUR OBLIGATIONS

Eight things CCPA / CPRA requires.

Privacy notice

§ 1798.100, 1798.110

Businesses must disclose categories of personal information collected, purposes, and third parties it is shared with.

Right to know & access

§ 1798.100, 1798.110

Consumers can request the categories and specific pieces of personal information a business has collected about them.

Right to delete

§ 1798.105

Consumers can request deletion of personal information. Businesses must notify service providers to delete as well.

Right to opt out of sale/sharing

§ 1798.120 (CPRA)

Consumers can opt out of the sale or sharing of their personal information at any time.

Right to correct

§ 1798.106 (CPRA)

Consumers can request correction of inaccurate personal information. Added by CPRA in 2023.

Non-discrimination

§ 1798.125

Businesses cannot discriminate against consumers who exercise CCPA rights — no different pricing or service quality.

Data minimization (CPRA)

§ 1798.100(a)(3)

Businesses must not collect more personal information than is reasonably necessary for the disclosed purpose.

Sensitive personal information

§ 1798.121 (CPRA)

Consumers can limit the use of sensitive PI (SSN, financial, biometric, geolocation). Separate opt-out required.

HOW CONDUIT COVERS EACH OBLIGATION

One workspace. Every CCPA requirement.

CCPA ObligationHow Privacy Conduit covers it
Privacy noticePrivacy Center with CCPA-specific disclosures and right descriptions.
Right to know & accessDSR inbox with 45-day SLA clock, response templates, and case evidence trail.
Right to deleteFulfillment playbooks track deletion across systems and vendors with evidence.
Right to opt out of sale/sharingConsent records module tracks opt-out status and links to case workflow.
Right to correctCorrection request handling with playbook and 45-day response SLA.
Non-discriminationAudit trail ensures every rights request is fulfilled regardless of consumer segment.
Data minimization (CPRA)Data inventory maps collection purpose per system and vendor.
Sensitive personal informationSensitive PI flags on consent records and playbook steps for limited use.

GET STARTED

Start your CCPA workspace today.

Privacy Center live in 15 minutes. Full CCPA/CPRA compliance toolkit included.

See full product