Privacy Notice / Privacy Policy Template

Consumer-facing privacy notice disclosing data collection, use, sharing practices, and consumer rights under CCPA/CPRA.

What This Policy Covers

Introduction and Scope-Company identity, effective date, and geographic scope.

Categories of Personal Information Collected-12-month lookback categories per CCPA schedule.

Purposes for Collection and Use-Business or commercial purposes for each data category.

Sale, Sharing, or Disclosure of Personal Information-Third parties, purposes, and opt-out rights.

Sensitive Personal Information-SPI categories collected and purpose limitations.

Your Rights Under CCPA/CPRA-Access, deletion, correction, opt-out, portability, and limit-use rights.

How to Submit a Consumer Rights Request-Intake mechanisms (toll-free, web form, email).

Retention Periods-How long each category of personal information is retained.

Contact Information-Privacy team contact details and designated representative.

Required Sections

A compliant Privacy Notice / Privacy Policy for CCPA/CPRA must include the following9 sections. Each section addresses a specific control requirement that auditors will review.

Introduction and Scope

Company identity, effective date, and geographic scope.

Categories of Personal Information Collected

12-month lookback categories per CCPA schedule.

Purposes for Collection and Use

Business or commercial purposes for each data category.

Sale, Sharing, or Disclosure of Personal Information

Third parties, purposes, and opt-out rights.

Sensitive Personal Information

SPI categories collected and purpose limitations.

Your Rights Under CCPA/CPRA

Access, deletion, correction, opt-out, portability, and limit-use rights.

How to Submit a Consumer Rights Request

Intake mechanisms (toll-free, web form, email).

Retention Periods

How long each category of personal information is retained.

Contact Information

Privacy team contact details and designated representative.

Generate a Customized Version

This template shows the required structure. PoliWriter generates a fully customized Privacy Notice / Privacy Policy that references your actual cloud providers, identity systems, tools, and team practices — ready for auditor review.

Generate Customized Privacy Notice / Privacy Policy

Policy Details

Framework

CCPA/CPRA

Other CCPA/CPRA Templates

Consumer Rights Procedures

Internal procedures for handling consumer rights requests including access, deletion, correction, opt-out, and portability.

Data Inventory & Mapping Policy

Policy for maintaining an inventory of personal information collected, used, shared, and deleted across the organization.

Opt-Out & Do Not Sell/Share Policy

Procedures for honoring consumer opt-out requests from sale and sharing of personal information under CCPA/CPRA.

Data Retention & Deletion Policy

Retention schedules and secure deletion procedures for personal information under CCPA/CPRA data minimization principles.

Vendor & Service Provider Contracts Policy

Requirements for data processing agreements and service provider contracts to comply with CCPA/CPRA third-party requirements.

Security Practices Policy

Reasonable security measures required to protect personal information and avoid CCPA private right of action for data breaches.

Employee Privacy Training Policy

Training requirements for employees who handle consumer personal information or process consumer rights requests.

Back to all templates