CCPA
Consumer Rights Disclosure
The CCPA/CPRA requires businesses meeting applicability thresholds to provide a privacy policy that is updated at least every 12 months, disclosing categories of personal information collected, purposes of collection, categories of third parties with whom data is shared, and specific consumer rights including the right to know, delete, correct, and opt-out of sale/sharing. Even basic web hosting collects IP addresses and browser metadata which may constitute personal information under CCPA. No 'Do Not Sell or Share My Personal Information' link or disclosure of consumer rights is present.
RecommendationDetermine CCPA applicability based on revenue, data volume, and California consumer reach. If applicable, create a CCPA-compliant privacy policy disclosing all required categories, add a conspicuous 'Do Not Sell or Share My Personal Information' link, implement mechanisms to honor consumer requests (know, delete, correct, opt-out), and ensure the policy is reviewed and updated annually.
CCPA
Privacy Policy
California Consumer Privacy Act / California Privacy Rights Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CPA
Privacy Policy
Colorado Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CTDPA
Privacy Policy
Connecticut Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
DPDPA
Privacy Policy
Delaware Personal Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
General Data Protection Regulation requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
The website lacks a privacy policy entirely. Under GDPR Articles 13 and 14, data controllers must provide comprehensive information to data subjects at the point of data collection, including the identity of the controller, purposes of processing, legal basis, data retention periods, and data subject rights. Even if the site claims minimal data processing, server logs and HTTP requests inherently collect IP addresses, which qualify as personal data under GDPR. The absence of any privacy notice constitutes a fundamental transparency violation.
RecommendationPublish a GDPR-compliant privacy policy that includes: controller identity and contact details, Data Protection Officer contact (if applicable), purposes and legal bases for processing, categories of personal data processed (including server logs/IP addresses), data retention periods, data subject rights (access, rectification, erasure, portability, objection), right to lodge a complaint with a supervisory authority, and any cross-border transfer mechanisms.
GDPR
Cross-Border Transfer
Without a privacy policy, there is no disclosure regarding where data is processed or stored. If the website is hosted outside the EEA (e.g., on US-based servers), any processing of EU visitor data constitutes a cross-border transfer requiring appropriate safeguards under GDPR Chapter V. Following the Schrems II decision, transfers to the US require either EU-US Data Privacy Framework certification, Standard Contractual Clauses with supplementary measures, or another valid transfer mechanism. The complete absence of transfer disclosures makes compliance verification impossible.
RecommendationIdentify all locations where data is processed and stored, including hosting providers and CDN services. Document the legal basis for any cross-border transfers (e.g., EU-US Data Privacy Framework adequacy decision, SCCs, or binding corporate rules). Disclose transfer mechanisms and destination countries in the privacy policy.
ICDPA
Privacy Policy
Iowa Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
INCDPA
Privacy Policy
Indiana Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
KCDPA
Privacy Policy
Kentucky Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MCDPA
Privacy Policy
Montana Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MNCDPA
Privacy Policy
Minnesota Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MNCDPA
Data Protection Assessment
The Minnesota Consumer Data Privacy Act (MNCDPA) requires controllers to conduct and document data protection assessments for processing activities that present a heightened risk of harm to consumers, including targeted advertising, sale of personal data, profiling, processing sensitive data, and processing children's data. MNCDPA also uniquely requires a data inventory and mandates that privacy notices include a description of how profiling is conducted. Without any documented privacy practices, there is no evidence that required assessments have been performed or that processing activities have been evaluated for risk.
RecommendationConduct a comprehensive data inventory as required by MNCDPA. Perform data protection assessments for any processing activities that present heightened risk. Document the assessments and make them available to the Attorney General upon request. Ensure the privacy policy includes MNCDPA-specific disclosures, particularly around profiling activities and the data inventory.
MODPA
Privacy Policy
Maryland Online Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MODPA
Data Minimization
The Maryland Online Data Privacy Act (MODPA) imposes stricter data minimization requirements than most other US state laws. It prohibits the collection, processing, or sharing of personal data beyond what is reasonably necessary and proportionate to provide the specific product or service requested by the consumer. Unlike other state laws, MODPA also restricts the sale of sensitive data and imposes heightened obligations around data minimization. Without any privacy disclosures, there is no evidence of compliance with these enhanced requirements.
RecommendationConduct a data inventory to map all personal data collected (including passive collection via server logs). Implement and document data minimization practices ensuring only data reasonably necessary for the service is collected. Publish disclosures specific to MODPA requirements, including purpose limitation and the prohibition on selling sensitive data.
NDPA
Privacy Policy
Nebraska Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NHPA
Privacy Policy
New Hampshire Privacy Act (SB 255) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Privacy Policy
New Jersey Data Privacy Act (SB 332) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Children's Privacy
The New Jersey Data Privacy Act (NJDPA) includes heightened protections for minors, requiring opt-in consent before processing personal data of consumers known to be between 13 and 17 years of age for purposes of targeted advertising, sale of personal data, or profiling. Additionally, COPPA applies to children under 13 across all US jurisdictions. Without any privacy policy or age-gating mechanisms, there is no evidence that the site has considered whether minors may access the site or that appropriate safeguards are in place. Multiple state laws including CTDPA, TDPSA, and NJDPA have similar youth-specific provisions.
RecommendationConduct an assessment of whether the website is likely to be accessed by minors. If so, implement age-gating mechanisms and obtain verifiable parental consent for children under 13 (COPPA). For known users aged 13-17, implement opt-in consent mechanisms before targeted advertising, data sale, or profiling as required by NJDPA, CTDPA, and other state laws with minor-specific provisions. Document these protections in the privacy policy.
OCPA
Privacy Policy
Oregon Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
OCPA
Privacy Policy
The Oregon Consumer Privacy Act (OCPA) has unique requirements not found in other state privacy laws. It requires controllers to provide a clear and accessible privacy notice that includes the categories of personal data processed, purposes of processing, how consumers can exercise their rights, categories of third parties with whom data is shared, and an active email address for contact. Notably, OCPA does not include a revenue threshold for applicability, meaning even smaller organizations processing data of Oregon residents may be subject to the law. The complete absence of a privacy notice fails all of these requirements.
RecommendationAssess OCPA applicability based on the volume of Oregon consumer data processed (100,000 consumers or 25,000 consumers if revenue derives from selling data). If applicable, publish a privacy notice meeting OCPA-specific requirements including an active contact email address, and implement mechanisms for consumers to exercise rights to know, correct, delete, obtain a copy of data, and opt out of targeted advertising, sale, and profiling.
RIDPA
Privacy Policy
Rhode Island Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TDPSA
Privacy Policy
Texas Data Privacy and Security Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TIPA
Privacy Policy
Tennessee Information Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
UCPA
Privacy Policy
Utah Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
VCDPA
Privacy Policy
Virginia Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.