CCPA / CPRA Basics
The California Consumer Privacy Act (CCPA), as amended by CPRA, applies to many businesses that collect personal information from California residents — including mobile apps, SaaS products, and lead-gen sites with California traffic.
Regulators and partners expect a conspicuous privacy policy describing categories collected, purposes, retention, and consumer rights.
What product teams should prioritize
- Publish a privacy policy URL accessible from your app, site footer, and lead forms.
- Honor opt-out of sale/share — including Global Privacy Control signals where required.
- Document subprocessors (analytics, ads, crash reporting) in your policy.
- Provide a contact method for access and deletion requests.
Keep the policy URL stable
App stores and ad platforms cache your privacy policy link. Use a hosted URL you can update when CPRA disclosures change without resubmitting store listings.