Best examples of sample CCPA privacy notice examples for businesses in 2025

Why start with real examples of sample CCPA privacy notice examples for businesses

Lawyers love theory. Regulators and consumers care about what you actually put on the page. That’s why walking through examples of sample CCPA privacy notice examples for businesses is far more helpful than restating the statute.

Since the CCPA took effect and the CPRA amendments kicked in (January 1, 2023, with enforcement ramping through 2024–2025), the California Privacy Protection Agency (CPPA) has made one thing very clear: notices must be specific, readable, and aligned with your real data practices. Boilerplate that doesn’t match reality is a liability, not a shield.

Below are concrete, sector‑specific examples you can adapt. They’re not one‑size‑fits‑all, but they show how to:

• Identify categories of personal information in plain English
• Link each category to a purpose for use and sharing
• Explain sales and “sharing” for cross‑context behavioral advertising
• Highlight consumer rights and how to use them
• Keep the whole thing short enough that people might actually read it

For legal text and official definitions, you should keep the statute nearby. California’s Attorney General and the CPPA publish primary materials and regulations here:

• California Attorney General CCPA page: https://oag.ca.gov/privacy/ccpa
• California Privacy Protection Agency: https://cppa.ca.gov

Use those for the legal backbone; use the examples below for tone, structure, and practical drafting.

Retail website: example of a short CCPA notice at collection

Let’s start with an online retailer. Think clothing or home goods, selling nationwide but shipping a lot of orders into California.

Here is an example of a notice at collection you might show in a banner or overlay when a California user first lands on your site:

California Privacy Notice (Summary)
We collect personal information about you when you shop on our website, create an account, or contact us. The categories of personal information we collect in the last 12 months include:

• Identifiers (like your name, email address, shipping address, and IP address)
• Commercial information (like products you view, add to cart, or purchase)
• Internet or network activity (like pages you visit and the type of device and browser you use)

We use this information to process your orders, provide customer support, prevent fraud, and show you products and offers that may interest you. We share this information with service providers that help us run our website, process payments, deliver orders, and show ads.

We may “sell” or “share” your personal information for cross‑context behavioral advertising as those terms are defined under California law. You can limit this by clicking “Do Not Sell or Share My Personal Information” at the bottom of any page. For more details, including your rights to access, delete, or correct your information, please read our full California Privacy Policy.

This is one of the best examples for retailers because it:

• Uses the statutory categories, but explains them in everyday language
• Clearly flags that targeted advertising may count as a “sale” or “sharing”
• Points to a more detailed CCPA privacy policy without overwhelming the user at first contact

If you’re looking for examples of sample CCPA privacy notice examples for businesses in ecommerce, this structure is a practical starting point.

SaaS startup: examples include a layered CCPA privacy policy

A B2B SaaS platform usually collects less obvious data than a retailer, but often tracks more behavior and uses more analytics tools. Here’s how a SaaS company might present a layered CCPA notice on its main privacy page.

High‑level summary section

California Privacy Summary for SaaS Users
In the last 12 months, we collected the following categories of personal information from California residents:

• Identifiers (name, business email, IP address, account ID)
• Professional or employment‑related information (job title, company)
• Internet or network activity (log‑in history, feature usage, pages viewed)
• Inferences drawn from your use of the service (such as feature adoption scores)

We collect this information directly from you, from your organization’s administrators, and automatically through our services. We use it to operate and secure the platform, provide customer support, improve our product, and communicate with you about service updates.

Detailed CCPA section

Your California Privacy Rights
If you are a California resident, you have the right to:

• Request access to the personal information we collected about you in the last 12 months
• Request deletion of your personal information, subject to certain exceptions (for example, when we need the data to provide the service or comply with law)
• Request correction of inaccurate personal information
• Opt out of the “sale” or “sharing” of your personal information for cross‑context behavioral advertising
• Limit the use and disclosure of sensitive personal information, if we collect it

We do not sell personal information for money. We may share limited identifiers and internet activity with analytics and advertising partners, which may be considered a “sale” or “sharing” under California law. To opt out, click “Your Privacy Choices” in the footer or email us at privacy@example.com.

Here, the layered approach keeps the entire privacy policy readable while still meeting CCPA requirements. Among the best examples of sample CCPA privacy notice examples for businesses in SaaS, this style balances legal accuracy with product‑driven clarity.

Mobile app: examples of sample CCPA privacy notice examples for businesses in-app

Mobile apps face an extra constraint: tiny screens and impatient users. The CCPA doesn’t give you a pass on that. You still need clear notice at or before collection.

Here is an in‑app banner example of a CCPA notice for a location‑based fitness app:

California Privacy Notice (Short Form)
When you use our app, we collect:

• Account details (name, email)
• Device information (device ID, operating system, app version)
• Location data (if you enable location services)
• Fitness activity data (workout routes, distance, time, and pace)

We use this data to provide and improve the app, personalize workouts, show nearby route suggestions, and keep your account secure. We share limited data with service providers that host our app, send notifications, and analyze app performance.

If you are a California resident, you have rights to access, delete, and correct your information, and to opt out of certain data sharing. To learn more and submit a request, visit Settings → Privacy → California Privacy Rights.

For the full policy, the app can link to a detailed CCPA section hosted on the developer’s website or within a scrollable in‑app screen. Because location and health‑adjacent data can be sensitive, many apps now add a clear statement about sensitive personal information and how it’s limited or protected, drawing on best practices from sources like the U.S. Federal Trade Commission’s mobile privacy guidance: https://www.ftc.gov/business-guidance.

Data broker / Adtech: real examples of CCPA notice language

Data brokers and adtech platforms are under heavier scrutiny in 2024–2025. If your business “sells” or “shares” data at scale, your CCPA notice needs to be direct.

Here’s a stylized but realistic example of language for a data broker’s CCPA notice:

Categories of Personal Information We Collect and Sell
In the past 12 months, we collected and sold or shared the following categories of personal information about California residents:

• Identifiers (such as hashed email addresses, cookie IDs, mobile advertising IDs, and IP addresses)
• Commercial information (such as purchase or subscription interests inferred from browsing behavior)
• Internet or network activity (such as pages viewed, time spent, and referring URLs)
• Geolocation data (approximate location based on IP address or device signals)
• Inferences about interests (such as likely sports fan, pet owner, or small business owner)

We collect this information from publishers, app developers, advertisers, data suppliers, and through our own pixels and SDKs. We sell or share this information with advertisers, advertising agencies, and other marketing partners to help them deliver and measure ads.

You have the right to opt out of our sale or sharing of your personal information. To exercise this right, click “Your Privacy Choices” on our homepage or visit our opt‑out page at example.com/ccpa-optout. You may also use an opt‑out preference signal recognized under California law, such as the Global Privacy Control, and we will treat it as a valid request.

This is one of the clearest examples of sample CCPA privacy notice examples for businesses operating in data‑driven advertising. It:

• Names the categories regulators expect to see
• Admits that data is sold or shared, instead of hiding behind euphemisms
• References Global Privacy Control, which California regulators have repeatedly highlighted in enforcement announcements

For reference on data broker registration and obligations, California’s official data broker registry is here: https://oag.ca.gov/data-brokers.

Brick‑and‑mortar store: examples include point‑of‑sale CCPA notices

Not every CCPA‑covered business is digital‑first. A physical retailer that runs a loyalty program or collects email addresses at checkout still needs to provide CCPA notice.

Here is an example of a short printed or on‑screen notice near the checkout terminal:

California Consumer Privacy Notice
We collect personal information when you make a purchase, join our rewards program, or sign up for emails. This may include your name, email address, phone number, payment information, purchase history, and your preferences.

We use this information to process your transaction, manage your rewards account, send you offers (with your consent where required), and improve our products and services. We share information with service providers that process payments, manage our rewards program, and help us send communications.

If you are a California resident, you have rights to access, delete, and correct your personal information, and to opt out of certain data sharing. To learn more or submit a request, visit example.com/privacy or call us at 1‑800‑XXX‑XXXX.

This is a good model for examples of sample CCPA privacy notice examples for businesses that operate both in‑store and online. The notice at collection can be short and reference a full policy posted on the website and available in print upon request.

HR / employee data: examples of CCPA notices for workforce information

Since the CPRA removed the employee exemption, workforce data is firmly in scope. Employers need a dedicated CCPA notice for job applicants, employees, contractors, and sometimes even emergency contacts.

Here’s a realistic example of how a company might frame its workforce CCPA notice:

California Employee and Applicant Privacy Notice
We collect personal information from California job applicants, employees, and contractors for employment‑related purposes. The categories of personal information we collect may include:

• Identifiers (name, contact details, government ID numbers where required by law)
• Professional or employment‑related information (job history, qualifications, performance information)
• Financial information (bank account details for payroll)
• Internet or network activity on company systems (log‑in records, security logs)
• Sensitive personal information (such as Social Security number, driver’s license number, or demographic information you voluntarily provide)

We use this information to process applications, manage payroll and benefits, maintain workplace safety and security, comply with legal obligations, and operate our business. We share this information with service providers that help us run payroll and benefits, maintain IT systems, and comply with law.

As a California resident, you may have rights to access, delete, or correct your personal information, and to limit the use of certain sensitive personal information. To submit a request, contact HR at hrprivacy@example.com or call 1‑800‑XXX‑XXXX.

Employee‑focused examples of sample CCPA privacy notice examples for businesses are often missing from generic templates, but regulators are paying close attention to this area.

2024–2025 trends that should shape your CCPA notice examples

If you’re updating your policy now, you’re not writing in a vacuum. Enforcement and guidance over the last few years give some clear signals about what “good” looks like.

Some trends to factor into your own examples of sample CCPA privacy notice examples for businesses:

• Plain language is winning. California regulators have repeatedly criticized dense, legalistic privacy policies. Aim for an 8th–10th grade reading level. The U.S. government’s plain language guidelines at https://www.plainlanguage.gov are a helpful benchmark.
• Global Privacy Control (GPC) matters. Enforcements have stressed honoring browser‑based opt‑out signals. If you sell or share personal information, your notice should say whether you recognize GPC and how you handle it.
• Sensitive personal information needs special treatment. Under the CPRA, sensitive data (like precise geolocation, certain financial data, or health‑related information) requires more careful handling and, in some cases, the ability to limit its use.
• Dark patterns are under fire. The CPPA and the FTC both scrutinize manipulative designs that make it hard to exercise privacy rights. Your opt‑out and request flows should be as straightforward as your sign‑up flows.

Aligning your notice with these trends makes your own policy one of the better real‑world examples, not just something that barely clears the bar.

How to adapt these examples of sample CCPA privacy notice examples for businesses

You can’t just copy these examples and call it a day. Your notice has to match your actual data practices. But you can use these models as a drafting toolkit.

When you build or revise your notice:

• Start with a short, readable summary for California residents, then link to more detail
• Use the statutory categories, but always add plain‑English explanations and real examples of data points
• Create separate sections for:
  • Categories of information collected
  • Purposes of use
  • Categories of recipients (including whether data is sold or shared)
  • Consumer rights and how to exercise them
• Keep a clear, persistent link labeled “Do Not Sell or Share My Personal Information” or “Your Privacy Choices” if you sell or share data
• Document your data flows internally so your notice stays accurate as your tech stack changes

If you need a legal cross‑check, many law schools and public‑interest groups publish CCPA explainers. For instance, the International Association of Privacy Professionals (IAPP) offers detailed CCPA resources and analysis: https://iapp.org.

FAQ: examples of common CCPA privacy notice questions

Q1. Can I just use one generic privacy policy for all states, including California?
You can, but it needs a clearly labeled California section that satisfies CCPA/CPRA requirements. Many of the best examples of sample CCPA privacy notice examples for businesses use a single policy with state‑specific addenda. The key is that California residents can easily find their rights and the required disclosures.

Q2. What is a simple example of a CCPA “Do Not Sell or Share” disclosure?
A straightforward example of this disclosure is: “We may sell or share your personal information (such as identifiers and internet activity) with advertising partners to show you more relevant ads. You can opt out of this sale or sharing by clicking ‘Do Not Sell or Share My Personal Information’ at the bottom of this page or by enabling a browser‑based opt‑out signal, such as Global Privacy Control.” Short, direct, and specific.

Q3. Do small businesses need CCPA notices too?
Only if they meet the CCPA thresholds (for example, annual gross revenues over $25 million, or handling the personal information of 100,000 or more California residents or households, including for targeted ads). If you meet those thresholds, you need a notice, even if you consider yourself “small” in headcount.

Q4. Are cookie banners the same as CCPA notices?
No. Cookie banners can be part of your implementation, but the CCPA requires a broader notice at or before collection covering all categories of personal information, not just cookies. The better examples of sample CCPA privacy notice examples for businesses integrate cookie information into a wider explanation of data practices.

Q5. How often should I update my CCPA privacy notice?
At minimum, review it annually and whenever you change your data practices in a material way—new categories collected, new adtech partners, new uses of sensitive data, or expanded data sharing. If your tech stack changes quickly, quarterly reviews are safer.

If you treat these examples of sample CCPA privacy notice examples for businesses as a drafting playbook—not a script—you’ll end up with a policy that respects your customers, satisfies regulators, and actually reflects how your business works.