CCPA
Consumer Rights Disclosure
The CCPA/CPRA requires businesses meeting applicable thresholds to provide a 'notice at collection' informing consumers about the categories of personal information collected, the purposes of collection, whether information is sold or shared, and retention periods. The website provides none of these disclosures. Even passive collection of IP addresses, browser identifiers, and device information through standard HTTP requests may constitute collection of personal information under CCPA. Additionally, there is no 'Do Not Sell or Share My Personal Information' link, which is required if any third-party sharing occurs.
RecommendationDetermine whether the business meets CCPA applicability thresholds. If so, implement a notice at collection, publish a CCPA-compliant privacy policy with all required disclosures including consumer rights (right to know, delete, correct, opt-out of sale/sharing), and provide a conspicuous 'Do Not Sell or Share My Personal Information' link. Include the required 12-month lookback disclosure of categories of personal information collected, sold, or shared.
CCPA
Privacy Policy
California Consumer Privacy Act / California Privacy Rights Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CPA
Privacy Policy
Colorado Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CTDPA
Privacy Policy
Connecticut Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
DPDPA
Privacy Policy
Delaware Personal Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
General Data Protection Regulation requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
The website lacks a privacy policy entirely. Under GDPR Articles 13 and 14, data controllers must provide comprehensive information to data subjects at the point of data collection, including the identity of the controller, purposes of processing, legal basis, data retention periods, and data subject rights. Even if the site currently collects minimal data, server logs and IP addresses constitute personal data under GDPR, triggering this obligation.
RecommendationPublish a GDPR-compliant privacy policy that includes: controller identity and contact details, DPO contact information (if applicable), purposes and legal bases for processing, categories of personal data processed (including server logs/IP addresses), data retention periods, data subject rights (access, rectification, erasure, portability, objection), right to lodge a complaint with a supervisory authority, and any cross-border transfer mechanisms.
GDPR
Cross-Border Transfer
Without a privacy policy, there is no disclosure about whether personal data (including IP addresses captured in server logs) is transferred outside the EEA. GDPR Articles 44-49 require that any transfer of personal data to third countries be covered by appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or binding corporate rules, and that data subjects be informed about these transfers and safeguards.
RecommendationAudit all data flows to determine if any personal data is transferred outside the EEA (including hosting infrastructure, CDN providers, analytics services, and backup storage). Document the legal basis for each transfer (e.g., EU adequacy decision, SCCs, Article 49 derogations) and disclose all cross-border transfers, recipient countries, and applicable safeguards in the privacy policy.
GDPR
Data Retention
GDPR Article 5(1)(e) requires that personal data be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the data is processed (storage limitation principle). The absence of any privacy policy means no retention periods are communicated to data subjects, and there is no evidence of a defined retention schedule for server logs, IP addresses, or any other personal data that may be collected through normal website operation.
RecommendationDefine and document specific retention periods for all categories of personal data collected, including server access logs, error logs, and any cached IP addresses. Implement automated deletion or anonymization processes once retention periods expire. Communicate all retention periods clearly in the privacy policy and ensure they are justified by the processing purpose.
ICDPA
Privacy Policy
Iowa Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
INCDPA
Privacy Policy
Indiana Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
KCDPA
Privacy Policy
Kentucky Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MCDPA
Privacy Policy
Montana Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MNCDPA
Privacy Policy
Minnesota Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MODPA
Privacy Policy
Maryland Online Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MODPA
Data Minimization
The Maryland Online Data Privacy Act (MODPA) imposes stricter data minimization requirements than most state laws, prohibiting controllers from collecting, processing, or sharing personal data beyond what is reasonably necessary and proportionate to provide the product or service requested. It also restricts the sale of sensitive data and imposes heightened requirements around geolocation and minors' data. Without any privacy policy or transparency mechanism, compliance with these enhanced requirements cannot be demonstrated.
RecommendationConduct a data inventory to identify all personal data collected (even passively). Implement and document data minimization practices ensuring only data reasonably necessary for the specific service is collected. Publish a privacy policy that clearly describes the necessity and proportionality of each data processing activity, and ensure compliance with MODPA's restrictions on sensitive data sales and geolocation tracking.
NDPA
Privacy Policy
Nebraska Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NHPA
Privacy Policy
New Hampshire Privacy Act (SB 255) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Privacy Policy
New Jersey Data Privacy Act (SB 332) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Data Protection Assessment
The New Jersey Data Privacy Act requires controllers to conduct and document data protection assessments for processing activities that present a heightened risk of harm to consumers, including targeted advertising, sale of personal data, profiling, processing of sensitive data, and any processing involving minors' data. Without a privacy policy or any documented compliance framework, there is no evidence that such assessments have been conducted or that the organization has evaluated its processing activities against this requirement.
RecommendationConduct data protection assessments for all processing activities that present heightened risk as defined under NJDPA (and similar requirements under VCDPA, CPA, CTDPA, and other state laws). Document these assessments, weighing the benefits of processing against potential risks to consumers. Retain assessments for disclosure to the state AG if requested, and establish a recurring review cycle to reassess as processing activities change.
OCPA
Privacy Policy
Oregon Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
OCPA
Children's Privacy
The Oregon Consumer Privacy Act (OCPA) and several other state laws (CTDPA, TDPSA, MNCDPA, MODPA) include heightened protections for minors' data. OCPA requires opt-in consent before processing personal data of consumers aged 13-15 for targeted advertising or sale, similar to COPPA requirements for children under 13. The website provides no age-gating mechanism, no children's privacy disclosures, and no mechanism to obtain verifiable parental consent if children's data could be collected.
RecommendationAssess whether the website's content or audience could attract users under 16. If so, implement age-gating mechanisms and obtain verifiable parental consent for users under 13 (per COPPA) and opt-in consent for users aged 13-15 before any targeted advertising or data sale. Include a dedicated children's privacy section in the privacy policy detailing protections, parental rights, and data handling practices for minors' information.
RIDPA
Privacy Policy
Rhode Island Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TDPSA
Privacy Policy
Texas Data Privacy and Security Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TIPA
Privacy Policy
Tennessee Information Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
UCPA
Privacy Policy
Utah Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
VCDPA
Privacy Policy
Virginia Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.