---
title: "CCPA Privacy Notices and Disclosures"
canonical_url: "https://www.sorena.io/artifacts/us/ccpa/privacy-notices-and-disclosures"
source_url: "https://www.sorena.io/artifacts/us/ccpa/privacy-notices-and-disclosures"
author: "Sorena AI"
description: "Design the California notice stack so each disclosure appears in the right place and says the right thing."
keywords:
  - "CCPA notice at collection"
  - "California privacy notices"
  - "CCPA disclosures"
  - "do not sell or share notice"
  - "CCPA"
  - "Privacy Notices and Disclosures"
  - "California privacy"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# CCPA Privacy Notices and Disclosures

Design the California notice stack so each disclosure appears in the right place and says the right thing.

*Notices* *CCPA*

## California CCPA Privacy Notices and Disclosures

Grounded in the California statute, CPPA regulations, and current California enforcement themes.

California compliance often fails because all disclosures are collapsed into one generic privacy policy. The regulations instead expect a notice architecture built around when and how personal information is collected and used.

## Notice at collection

The notice at collection belongs at or before the point of collection. It should identify the categories of personal information to be collected, the purposes for which they will be used, and whether the information is sold or shared.

- List categories of personal information and SPI in plain terms
- State the business or commercial purposes for collection and use
- Disclose whether the data is sold or shared and whether a limit notice is relevant
- Provide the notice where collection actually happens, including apps and third party collection contexts

## Privacy policy and rights notices

The privacy policy gives the broader picture, while the notice of right to opt out of sale or sharing and any notice of right to limit support specific consumer choices.

- Describe rights, request methods, and verification practices
- Explain how GPC or other opt out preference signals are processed
- Link directly to the opt out flow and any limit flow that applies
- Disclose 12 month look back information for sales, sharing, and business purpose disclosures

## Disclosure governance

The same source data should drive the notice at collection, the privacy policy, and vendor disclosures. Otherwise the notices drift apart and become contradictory.

- Use the same category dictionary across all consumer notices
- Review disclosures after launching new tags, SDKs, or partners
- Compare notices against the rights workflow and actual adtech behaviour
- Retain prior versions and approval records

*Recommended next step*

*Placement: near the end of the main content before related guides*

## Turn California CCPA Privacy Notices and Disclosures into an operational assessment

Assessment Autopilot can take California CCPA Privacy Notices and Disclosures from turning this guidance into an operational assessment workflow to a reusable workflow inside Sorena. Teams working on California CCPA can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Assessment Autopilot for California CCPA Privacy Notices and Disclosures](/solutions/assessment.md): Start from California CCPA Privacy Notices and Disclosures and turn the guidance into owned tasks, evidence requests, and review checkpoints.
- [Talk through California CCPA](/contact.md): Review your current process, evidence gaps, and next steps for California CCPA Privacy Notices and Disclosures.

## Primary sources

- [CPPA regulations](https://cppa.ca.gov/regulations/?ref=sorena.io) - Official California regulations hub.
- [California privacy statute effective January 1, 2026](https://cppa.ca.gov/regulations/pdf/ccpa_statute_2026.pdf?ref=sorena.io) - Current statutory text as reflected in CPPA materials.
- [CPPA FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official California FAQ.
- [CPPA CCPA updates](https://cppa.ca.gov/ccpa_updates.html?ref=sorena.io) - Rulemaking and effective date updates.

## Related Topic Guides

- [CCPA Applicability Test | California Scope Test](/artifacts/us/ccpa/applicability-test.md): Test whether a business is in scope under the current California threshold model.
- [CCPA Checklist | California Privacy Compliance Checklist](/artifacts/us/ccpa/checklist.md): Track the California controls that must actually exist in policy, product, and vendor operations.
- [CCPA Compliance Program | California Operating Model](/artifacts/us/ccpa/compliance.md): Build a California privacy programme that survives regulator questions and product change.
- [CCPA Consumer Rights Workflow | 45 Day Request Handling](/artifacts/us/ccpa/consumer-rights-workflow.md): Run California rights operations with clear timing, verification, and downstream instructions.
- [CCPA Deadlines and Compliance Calendar](/artifacts/us/ccpa/deadlines-and-compliance-calendar.md): Use the dates that actually shape California privacy work.
- [CCPA Enforcement and Penalties | CPPA and AG Exposure Guide](/artifacts/us/ccpa/enforcement-and-penalties.md): Understand how California enforcement usually starts and what evidence the agency will ask for.
- [CCPA FAQ | Practical California Privacy Answers](/artifacts/us/ccpa/faq.md): Answer the California privacy questions that usually stall implementation.
- [CCPA Penalties and Fines | California Exposure Summary](/artifacts/us/ccpa/penalties-and-fines.md): Know the penalty ranges, then work backward to the controls that reduce them.
- [CCPA Privacy Policy Template | Required California Disclosures](/artifacts/us/ccpa/ccpa-privacy-policy-template.md): Write a California privacy policy that actually matches the statute and regulations.
- [CCPA Requirements | California Control Requirements](/artifacts/us/ccpa/requirements.md): Translate California law into control statements that can be implemented, tested, and audited.
- [CCPA Scope and Thresholds | California Business Threshold Guide](/artifacts/us/ccpa/scope-and-thresholds.md): Use the real California threshold tests instead of rough privacy folklore.
- [CCPA Service Provider and Contractor Contracts](/artifacts/us/ccpa/service-provider-contractor-contracts.md): Draft California vendor contracts that work in practice, not only on paper.
- [CCPA vs CPRA | What Actually Changed in California Privacy](/artifacts/us/ccpa/ccpa-vs-cpra.md): A practical CCPA vs CPRA delta guide grounded in the current California statute, CPPA regulations, and official agency guidance.
- [CCPA vs GDPR | California and EU Privacy Comparison](/artifacts/us/ccpa/ccpa-vs-gdpr.md): Compare California CCPA obligations with the GDPR without assuming the two models are interchangeable.
- [Do Not Sell or Share Implementation | CCPA and GPC Guide](/artifacts/us/ccpa/do-not-sell-share-implementation.md): Implement California opt out controls that actually work across websites, apps, and partner pipelines.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/us/ccpa/privacy-notices-and-disclosures