45°N 69°W
02.19.2026

The 2026 CCPA Website Compliance Checklist

To avoid significant financial penalties, which increased on January 1, 2025 to up to $7,988 per intentional violation, your website must function as a compliant interface for consumer privacy rights. Use this checklist to assess your current standing.

Adapt team delivers solutions

1. Mandatory Homepage Links

  • "Do Not Sell or Share My Personal Information": A clear and conspicuous link must be in the footer or header if you sell or share data for targeted advertising. This includes:

    • Retargeting Ads: Uploading your email list to Facebook (Meta), Google, or LinkedIn to show ads to those specific users or to find "Lookalike" audiences.

    • Data Brokerage: Selling your email list to another company or "renting" it out for their own marketing.

    • Third-Party Analytics: Sharing email-linked identifiers with ad networks that track users across multiple unrelated websites.

  • "Limit the Use of My Sensitive Personal Information": Required if you collect sensitive data (e.g., precise geolocation, health info, or race) for purposes beyond providing the core service.

  • Alternative Option: You may use a single, combined link labeled "Your Privacy Choices" or "Your California Privacy Choices" that includes an icon if desired.

2. Automated Privacy Signals (Global Privacy Control)

  • GPC Detection: Your website must automatically detect and honor "Global Privacy Control" (GPC) signals from user browsers (e.g., Brave, DuckDuckGo) as a valid opt-out request.

  • Status Confirmation: As of January 1, 2026, you must display a clear confirmation to the user, such as a message stating "Opt-Out Request Honored," when a GPC signal is detected.

3. Notice at Collection

  • Timely Disclosure: You must provide a notice at or before the point of collection (e.g., on a sign-up form or via a cookie banner).

  • Content Requirements: The notice must list categories of personal and sensitive info collected, the specific purpose for each, and how long each category will be retained.

4. Consumer Rights Intake (DSARs)

  • Dual Methods: You must provide at least two designated methods for submitting requests (e.g., a web form and a toll-free number).

  • Verification: Establish a process to verify a consumer's identity without requiring them to create a new account solely for the request.

5. Technical & Policy Maintenance

  • Accessibility: All notices must follow Web Content Accessibility Guidelines (WCAG) and be available in every language in which you conduct business.

  • Annual Update: The online Privacy Policy must be reviewed and updated at least

    once every 12 months.

  • No "Dark Patterns": Ensure the user interface is symmetrical; for example, it should not be significantly harder to "Opt-Out" than it is to "Opt-In".

Explore WCAG

Avoid Financial Penalties

Click the link or use the form below to book a CCPA Audit.

Book a Compliance Call

Book a CCPA Audit

Adapt team delivers solutions

Hi, Adapt.

I'mfrom

Hi Adapt! I want to make my site compliant - can you help?

You can reach me at

Looking forward to hearing from you!