CCPA
Privacy Policy
California Consumer Privacy Act / California Privacy Rights Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CCPA
Consumer Rights Disclosure
The website lacks any notice informing California residents of their rights under the CCPA/CPRA, including the right to know what personal information is collected, the right to delete, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination. Even if the site does not actively sell data, CCPA requires a 'Notice at Collection' if any personal information (including IP addresses or browsing data) is collected from California consumers.
RecommendationAdd a 'Notice at Collection' that discloses the categories of personal information collected, the purposes for collection, and whether information is sold or shared. Include a dedicated section or page detailing CCPA consumer rights and provide a mechanism (e.g., email address or web form) for consumers to submit requests.
CPA
Privacy Policy
Colorado Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CPA
Consent Mechanisms
The Colorado Privacy Act requires controllers to honor universal opt-out signals (e.g., Global Privacy Control) starting July 2024. The website has no cookie banner, no opt-out mechanism, and no documentation indicating whether universal opt-out signals are recognized. Even if the site currently has no detected trackers, the absence of an infrastructure to detect and honor such signals represents a compliance gap if any tracking is introduced in the future.
RecommendationImplement a consent management platform that can detect and honor universal opt-out mechanisms such as Global Privacy Control (GPC). Document in the privacy policy that the site respects universal opt-out signals as required by the CPA.
CTDPA
Privacy Policy
Connecticut Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CTDPA
Data Protection Assessment
The Connecticut Data Privacy Act requires controllers to conduct and document data protection assessments for processing activities that present a heightened risk of harm to consumers, including targeted advertising and the sale of personal data. There is no publicly available evidence or policy reference indicating that such assessments have been conducted. While not all processing activities require an assessment, the complete absence of any privacy documentation raises concerns about whether the organization has evaluated its obligations.
RecommendationConduct a data protection assessment to evaluate all processing activities, even if minimal. Document the assessment internally and reference the organization's commitment to conducting such assessments in the privacy policy where high-risk processing occurs.
GDPR
Privacy Policy
General Data Protection Regulation requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Privacy Policy
The website does not have a privacy policy page or any discernible link to one. Under GDPR Articles 13 and 14, data controllers must provide comprehensive information about data processing activities to data subjects at the point of data collection. Even if the site claims not to collect data, the absence of a privacy policy means there is no transparency mechanism in place to inform visitors about any incidental data processing (e.g., server logs, IP addresses) that occurs when a user visits the site.
RecommendationPublish a comprehensive privacy policy that includes: the identity and contact details of the data controller, purposes and legal bases for processing, data retention periods, data subject rights, and contact information for a Data Protection Officer if applicable. Link it prominently in the website footer.
GDPR
Data Retention
There is no privacy policy or supplementary documentation specifying how long any collected data (including server logs, access logs, or IP addresses) is retained. GDPR Article 5(1)(e) requires that personal data be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed. Without a defined retention schedule, the organization cannot demonstrate compliance with the storage limitation principle.
RecommendationDefine and document a data retention schedule for all categories of personal data processed, including web server logs and any analytics data. Publish retention periods in the privacy policy and implement automated deletion or anonymization processes to enforce the schedule.
GDPR
Cross-Border Transfer
There is no disclosure regarding whether personal data (such as server logs or IP addresses) is transferred outside the European Economic Area. GDPR Articles 44-49 require that any transfer of personal data to a third country is subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs), adequacy decisions, or Binding Corporate Rules. The absence of this information means users cannot assess the risk to their data.
RecommendationAssess whether any personal data is transferred to servers or service providers outside the EEA (including hosting providers, CDNs, and email services). Document all cross-border transfers in the privacy policy, specify the legal mechanism relied upon for each transfer, and ensure appropriate safeguards such as SCCs are in place.
TDPSA
Privacy Policy
Texas Data Privacy and Security Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TDPSA
Children's Privacy
The Texas Data Privacy and Security Act includes heightened protections for the data of known children under 13. The website does not include any age-gating mechanism, children's privacy notice, or COPPA-compliant disclosures. If any data is collected from users who may be minors, the organization could face liability under both TDPSA and federal COPPA requirements. The absence of any such consideration in site design or policy is a gap.
RecommendationEvaluate whether the website's content or services may attract children under 13 or teenagers. If so, implement age-gating mechanisms, obtain verifiable parental consent before collecting data from children, and publish a children's privacy notice. Even if the site is not directed at children, include a statement in the privacy policy clarifying the organization's position on children's data.
TIPA
Privacy Policy
Tennessee Information Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
VCDPA
Privacy Policy
Virginia Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.