📍 Colorado

CPA Colorado Privacy Act Compliance Checker

The Colorado Privacy Act has some of the highest penalties of any US state law — up to $20,000 per violation.

EffectiveJuly 1, 2023

EnforcementColorado Attorney General & District Attorneys

Overview

What is the Colorado Privacy Act?

The Colorado Privacy Act (CPA) is one of the strictest US state privacy laws in terms of penalty size. It covers businesses of all sizes that process data on Colorado residents, requires opt-out mechanisms for targeted advertising, and mandates data protection assessments for high-risk processing. Colorado also accepts universal opt-out signals (like GPC).

Who Must Comply

Does CPA apply to your business?

Your business must comply with CPA if it meets any one of the following criteria:

Applies if you:

Controls or processes personal data of 100,000+ Colorado residents per year
Controls or processes personal data of 25,000+ residents and derives revenue from selling personal data

Penalties

CPA fines & enforcement

Non-compliance can result in enforcement actions and civil penalties. There is no de minimis exception.

Civil penalty per violation Up to $20,000

Enforcement Colorado AG & District Attorneys

Cure period 60 days (through July 2025)

Private right of action None

Requirements

Key CPA compliance requirements

These are the core technical and operational requirements most SaaS websites need to address:

✓ Post a comprehensive privacy notice with data categories, retention, and third-party disclosure
✓ Honor consumer rights: access, correction, deletion, portability, and opt-out
✓ Accept universal opt-out signals such as Global Privacy Control (GPC)
✓ Obtain consent before processing sensitive personal data
✓ Conduct and document data protection assessments
✓ Implement a data minimization policy
✓ Provide an opt-out mechanism for targeted advertising

How Precept Helps

Automated CPA compliance scanning

Precept scans your website in seconds and identifies specific CPA compliance gaps — so you know exactly what to fix.

🔍

Privacy Policy Detection

Checks if your privacy policy exists, is reachable, and mentions CPA-required disclosures.

🍪

Cookie Consent Audit

Detects cookie banners, consent mechanisms, and opt-out flows required under CPA.

📡

Tracker Inventory

Maps third-party trackers, pixels, and analytics loading on your pages — the data you're implicitly collecting.

📋

Findings Report

Every gap comes with a severity rating, plain-English explanation, and a specific fix recommendation.

Find your CPA compliance gaps now

Free scan. No account required. Results in under 60 seconds.

Scan my website → View plans