CCPA
Privacy Policy
California Consumer Privacy Act / California Privacy Rights Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CCPA
Right to Know
The CCPA/CPRA (Cal. Civ. Code §1798.100) requires businesses to provide a 'notice at collection' informing California consumers of the categories of personal information collected, the purposes for collection, whether information is sold or shared, and retention periods. Even passive collection of IP addresses, browser identifiers, or server-side analytics data qualifies as collecting personal information. No such notice exists on this site.
RecommendationCreate and publish a CCPA/CPRA-compliant privacy notice that includes: categories of personal information collected (including identifiers and internet activity), purposes for each category, retention periods per category, whether personal information is sold or shared for cross-context behavioral advertising, and instructions for exercising rights including the right to opt-out, delete, and know. Include a conspicuous 'Do Not Sell or Share My Personal Information' link if applicable.
CPA
Privacy Policy
Colorado Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CTDPA
Privacy Policy
Connecticut Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
DPDPA
Privacy Policy
Delaware Personal Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
General Data Protection Regulation requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
The website lacks any discernible privacy policy. Under GDPR Articles 13 and 14, data controllers must provide comprehensive information about data processing activities at the time of data collection, including the identity of the controller, purposes of processing, legal basis, retention periods, and data subject rights. Even if the site currently collects minimal data, server logs and IP addresses constitute personal data under GDPR, triggering this obligation.
RecommendationPublish a GDPR-compliant privacy policy that includes: identity and contact details of the data controller, Data Protection Officer contact (if applicable), purposes and legal basis for processing, categories of personal data processed (including server logs/IP addresses), data retention periods, data subject rights (access, rectification, erasure, portability, objection), and information about cross-border transfers. Make it accessible from every page via a persistent footer link.
GDPR
Cross-Border Transfer
If the website is hosted outside the EEA or uses any third-party services (CDNs, DNS providers, hosting infrastructure) that process data in jurisdictions without an EU adequacy decision, GDPR Articles 44-49 require disclosure of the transfer mechanism (e.g., Standard Contractual Clauses, adequacy decisions). The absence of a privacy policy means no transfer safeguards are documented. Even the domain's hosting infrastructure may involve cross-border data flows that must be disclosed.
RecommendationConduct a data mapping exercise to identify all locations where personal data (including IP addresses from server logs) is processed or stored. Document the legal transfer mechanism for each cross-border flow (SCCs, adequacy decisions, or Article 49 derogations). Disclose these mechanisms in the privacy policy and ensure appropriate safeguards are contractually in place with all processors.
ICDPA
Privacy Policy
Iowa Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
INCDPA
Privacy Policy
Indiana Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
KCDPA
Privacy Policy
Kentucky Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MCDPA
Privacy Policy
Montana Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MNCDPA
Privacy Policy
Minnesota Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MNCDPA
Data Protection Assessment
The Minnesota Consumer Data Privacy Act (MNCDPA) requires controllers to conduct and document Data Protection Assessments for processing activities that present a heightened risk of harm to consumers, including processing for targeted advertising, sale of personal data, profiling, and processing of sensitive data. While the site appears to have minimal data processing, the absence of any documented assessment framework means there is no verifiable compliance posture should processing activities expand.
RecommendationEstablish a Data Protection Assessment framework and conduct an initial assessment covering all current processing activities, even if minimal. Document the assessment to demonstrate compliance readiness. Reassess whenever new data collection features, forms, trackers, or third-party integrations are added to the site. Retain assessments for the period required by the MNCDPA (at least three years after processing ends).
MODPA
Privacy Policy
Maryland Online Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MODPA
Children's Privacy
The Maryland Online Data Privacy Act (MODPA) includes some of the strictest children's privacy provisions among US state laws, requiring data minimization for minors and prohibiting the sale of data of consumers under 18 without consent. Additionally, it mandates Data Protection Assessments for processing that presents heightened risks to minors. Without a privacy policy or age-gating mechanism, there is no evidence of compliance with these enhanced protections for minors.
RecommendationImplement a privacy policy section specifically addressing minors' data. If the site could reasonably be accessed by users under 18, establish age-appropriate protections, refrain from selling or targeting advertising to minors' data, and conduct a Data Protection Assessment evaluating risks to younger users. Consider implementing age-gating if the site collects any personal data.
NDPA
Privacy Policy
Nebraska Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NHPA
Privacy Policy
New Hampshire Privacy Act (SB 255) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Privacy Policy
New Jersey Data Privacy Act (SB 332) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Consent Mechanism
The New Jersey Data Privacy Act (NJDPA) requires controllers to recognize universal opt-out mechanisms (such as Global Privacy Control signals) for opting out of the sale of personal data, targeted advertising, and profiling. There is no indication on this website that such signals are recognized or honored, nor is there a mechanism for consumers to exercise opt-out rights, which is required even if the site claims not to engage in these activities.
RecommendationImplement technical recognition of Global Privacy Control (GPC) and similar universal opt-out signals in compliance with NJDPA. Document in the privacy policy whether the site honors GPC signals and how consumers can exercise their opt-out rights. Even if the site does not currently sell data or engage in targeted advertising, disclose this fact and confirm that universal opt-out signals are respected as a forward-looking compliance measure.
OCPA
Privacy Policy
Oregon Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
OCPA
Data Retention
The Oregon Consumer Privacy Act (OCPA) requires controllers to limit personal data collection to what is adequate, relevant, and reasonably necessary for disclosed purposes (data minimization), and to not retain personal data longer than necessary. With no privacy policy or documented retention schedule, there is no evidence that data minimization principles are being followed for any server-collected data such as access logs, IP addresses, or any cached user information.
RecommendationEstablish and document a data retention schedule covering all categories of personal data, including server logs, IP addresses, and any analytics data. Define specific retention periods tied to legitimate processing purposes. Implement automated deletion or anonymization processes when retention periods expire. Publish retention periods in the privacy policy as required by OCPA and other state regulations.
RIDPA
Privacy Policy
Rhode Island Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TDPSA
Privacy Policy
Texas Data Privacy and Security Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TIPA
Privacy Policy
Tennessee Information Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
UCPA
Privacy Policy
Utah Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
VCDPA
Privacy Policy
Virginia Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.