Overview
The California Consumer Privacy Act (CCPA) is a state statute that enhances privacy rights and consumer protection for residents of California. It applies to businesses that collect personal information from California residents and meet certain thresholds.
Penalties
Minimum fine
$2,500
Maximum fine
$7,500
$2,500 per unintentional violation, $7,500 per intentional violation
What Complyy checks
6 automated tests — 3 passive, 3 active
Passive (instant scan)
Active (synthetic identity tests)
Learn More About California Consumer Privacy Act
Overview of the California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) was enacted to give California residents greater control over their personal information. It establishes specific rights for consumers and imposes obligations on businesses that collect and process personal data.
Who It Applies To
The CCPA applies to any for-profit business that:
Collects personal information from California residents.
Has annual gross revenues exceeding $25 million.
Buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices.
Derives 50% or more of its annual revenues from selling consumers' personal information.
Key Requirements
Under the CCPA, businesses must:
Inform consumers about the categories of personal information collected and the purposes for which it is used.
Provide consumers with the right to access their personal information and request its deletion.
Allow consumers to opt-out of the sale of their personal information.
Implement reasonable security measures to protect personal information.
Penalties
Non-compliance with the CCPA can result in:
Fines of up to $2,500 for each unintentional violation.
Fines of up to $7,500 for each intentional violation.
Consumers have the right to sue for damages in the event of a data breach.
Compliance Tips
To comply with the CCPA, businesses should:
Conduct a data inventory to understand what personal information is collected and processed.
Update privacy policies to reflect CCPA requirements.
Implement processes to handle consumer requests regarding their personal information.
Train employees on CCPA compliance and data protection best practices.
The Platform
How Complyy enforces CCPA compliance
Complyy continuously tests your site against California Consumer Privacy Act using synthetic identities that behave exactly like regulators — and your customers.
Discover
We visit your website as a real user — finding your privacy policy, cookie banner, opt-out links, and contact details.
Scan & Test
Passive checks run instantly. Active agents sign up, submit deletion requests, and wait for responses — just like regulators do.
Score & Evidence
Every finding is timestamped, SHA-256 hashed, and RFC 3161 certified. Your compliance report is audit-ready from day one.
Why Complyy
The only platform that tests compliance the way regulators do
Real synthetic identities
We register actual accounts — adult and minor — on your platform. No theoretical checks. Real interactions, real evidence.
Active + passive tests
Most tools only check your privacy policy text. Complyy also submits DSAR requests, verifies deletion, and waits for real responses.
Court-admissible artifacts
Every screenshot, response, and timestamp is cryptographically sealed. Built for regulators, DPAs, and legal teams — not just developers.
2
Regulations monitored
13
Compliance tests
∞
Agentic identities
3 min
Avg. first evidence artifact
Is your company CCPA-compliant?
Get a free compliance scan in minutes. No credit card. No setup. Complyy visits your site, runs every test, and delivers a full evidence report.