What types of compliance documents can ComplianceIQ generate?

ComplianceIQ generates privacy policies, terms of service, employee handbooks, data handling policies, OSHA compliance documents, acceptable use policies, HIPAA compliance docs, information security policies, and more — all tailored to your industry.

Are the generated documents legally valid?

ComplianceIQ generates comprehensive, industry-standard compliance documents informed by current regulations. While they provide an excellent foundation, we recommend having critical documents reviewed by legal counsel for your specific jurisdiction.

How does ComplianceIQ stay current with regulations?

Our AI models are continuously updated with the latest regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2, OSHA, and more. Pro and Enterprise plans include regulatory update alerts.

CCPA / CPRA compliance · Free audit · No signup

CCPA / CPRA Privacy Policy Audit

Check your existing privacy policy against the California Consumer Privacy Act and the 2023 CPRA amendments. Find missing Do-Not-Sell/Share links, consumer rights disclosures, and sensitive personal information categories.

Run free CCPA / CPRA audit

California Consumer Privacy Act / California Privacy Rights Act · California residents

What CCPA / CPRA non-compliance actually costs

$1.2M

Sephora (CA AG, 2022)

Failed to honor GPC + Do-Not-Sell

$375K

DoorDash (CA AG, 2024)

Selling PI without opt-out

$500K

Tilting Point (CA AG, 2024)

Children's data + opt-out

Who must comply with CCPA / CPRA?

For-profit business doing business in California, AND meeting one of: $25M+ annual revenue, processes 100K+ CA residents/households, or 50%+ revenue from selling/sharing PI
Any size if you sell or share the personal information of California minors under 16
Service providers and contractors of any covered business

What this audit checks

12 required clauses, scored as Present / Partial / Missing with the exact regulatory citation and suggested fix.

Categories of PI collected (12-month lookback)

Cal. Civ. Code §1798.130(a)(5)(A)

Categories of sensitive PI + right to limit use

CPRA §1798.121 — separate disclosure required

Business or commercial purpose for each category

§1798.130(a)(5)(B)

Sources of PI

§1798.130(a)(5)(C)(i)

Third parties + categories disclosed/sold/shared

§1798.130(a)(5)(C)(iii)

Right to know / access (12-month lookback)

§1798.110, §1798.115

Right to delete

§1798.105

Right to correct (CPRA addition)

§1798.106

Right to opt-out of sale OR sharing for cross-context advertising

§1798.120 + CPRA §1798.140(ah)

'Do Not Sell or Share My Personal Information' link in footer

§1798.135(a)(1) — clear and conspicuous

Right to limit use of sensitive PI

CPRA §1798.121 — 'Limit the Use of My Sensitive Personal Information' link

Non-discrimination + financial incentives disclosure

§1798.125

Why CCPA / CPRA audits actually fail

'We do not sell PI' but you run Meta/Google ads

Cross-context behavioral advertising IS 'sharing' under CPRA. If your site fires Meta Pixel or Google Ads tags, you almost certainly share PI and need the opt-out link.

Honoring GPC signal

California requires you to respect the Global Privacy Control browser signal as a valid opt-out — this is what got Sephora fined.

Missing CPRA additions

Policies written for the original CCPA (2018) miss the CPRA additions: sensitive PI category, right to correct, right to limit, data retention disclosures.

12-month update cadence

§1798.130(a)(5) requires the policy to be reviewed and updated at least every 12 months. Stale dates trigger scrutiny.

CCPA / CPRA FAQ

Is CCPA different from CPRA?

CPRA is an amendment to CCPA that took effect Jan 1, 2023. It added sensitive PI, the right to correct, sharing as a separate concept from selling, and the California Privacy Protection Agency. When people say 'CCPA compliance' today they almost always mean CCPA-as-amended-by-CPRA.

What are the fines?

Up to $2,500 per unintentional violation and $7,500 per intentional violation or violation involving minors. Plus statutory damages of $100-$750 per consumer per incident for data breaches. The CA AG and CPPA both enforce.

Do I need a separate California section?

Most policies handle this either with a dedicated 'Your California Privacy Rights' section or by integrating CCPA disclosures throughout. ComplianceIQ checks both patterns.

Grade your policy in 20 seconds

Paste your existing document. Get a 12-clause CCPA / CPRA scorecard. Generate a fully compliant version for $9 if you don't want to fix it manually.

Run free CCPA / CPRA audit