TermsBox
PricingBlog
LoginGet Started
PricingBlogLogin
Get Started
  1. Home
  2. Blog
  3. CCPA Do Not Sell/Share Page Requirements
CCPA

CCPA Do Not Sell/Share Page Requirements

Guide to creating a do-not-sell/share page that meets CCPA/CPRA opt-out, GPC, and notice requirements with clear UX and logging.

TermsBox Team|November 30, 20259 min read

A do-not-sell/share page is mandatory if your data flows qualify as “sale” or “sharing” under CCPA/CPRA. This guide covers UX, legal requirements, GPC handling, and logging so you can prove compliance and avoid penalties like Sephora settled a CCPA action for about 1.2 million USD in 2022 (source: California AG).

Requirements checklist

  • Clear link labeled “Do Not Sell or Share My Personal Information” (and “Limit Sensitive PI” if applicable)
  • Visible on desktop and mobile; placed in footer, privacy policy, cookie banner, and relevant forms
  • GPC honored and logged
  • Simple opt-out form with minimal verification
  • Explanations of sale/share and ad tech practices
  • Links to privacy policy (Privacy Policy Generator) and cookie controls (Cookie Policy Generator)

Step-by-step build

  1. Determine if you sell/share based on your ad tech and disclosures.
  2. Build the page: link, form, GPC detection, and confirmation.
  3. Add links in footer, policy, cookie banner; keep text consistent across pages.
  4. Log opt-outs with timestamps, source, and scope.
  5. Test from multiple regions and devices.

Table: page essentials

Item Details Evidence
Link placement Footer, policy, banner Screenshots
Form Minimal fields, quick submission Form logs
GPC Detection and auto-opt-out CMP logs
Notice text Explains sale/share and sensitive PI limits Page copy
Processing time Document timelines Tickets

Common mistakes to avoid

  • Hiding the link or making text tiny on mobile
  • Over-verifying and delaying opt-outs
  • Not honoring GPC or failing to log signals
  • Inconsistent language between policy, banner, and page

External references

  • California AG CCPA resources
  • FTC on consumer privacy choices
  • ICO transparency guidance

Conclusion

Make opting out fast, clear, and provable. Tie the page to your Privacy Policy Generator disclosures and Cookie Policy Generator behavior, and keep Terms of Service Generator consistent with your data-sharing promises. Store logs and screenshots to demonstrate compliance.

H2: UX examples

  • Single-page form with a short description and immediate confirmation.
  • Prominent link in footer and banner; avoid accordion hiding.
  • Mobile-first layout with large buttons and minimal fields.

H2: Logging and proof

  • Store opt-out requests with timestamp, IP/region if relevant, GPC signal status, and scope (sale/share/sensitive PI limit).
  • Keep screenshots of the page, banner, and link placement each quarter.

H2: Testing cadence

  • Monthly GPC tests to ensure signals auto-opt-out users.
  • Quarterly mobile tests for link visibility and form completion.
  • Regression tests after tag/ad stack changes.

H2: Common pitfalls (expanded)

  • Confusing “do not sell” with general unsubscribe
  • Slow processing times with no confirmation
  • Failing to honor GPC in all flows (web, app)
  • Not linking to the privacy policy or Cookie Policy Generator for tracking context

H2: External resources

  • California AG CCPA resources
  • FTC guidance on consumer choices
  • ICO transparency guidance

H2: Conclusion

Make opting out unmistakable and verifiable. Connect the page to your policy (Privacy Policy Generator), cookie controls (Cookie Policy Generator), and contractual promises (Terms of Service Generator). Keep logs, screenshots, and tests to prove compliance.

H2: Copy examples

  • “You can opt out of the sale or sharing of your personal information. We honor browser signals like Global Privacy Control.”
  • “Limiting the use of sensitive personal information means we will use it only for necessary purposes.”

H2: SLA and ownership

  • Assign a page owner and a backup; review monthly.
  • Set an SLA for processing opt-outs and document completion.

Conclusion

An effective opt-out page is clear, fast, and logged. Keep it aligned with Privacy Policy Generator, Cookie Policy Generator, and Terms of Service Generator, and maintain proof for regulators and partners.

H2: Scripts and tag alignment

  • Configure your CMP/tag manager to disable sale/share tags after opt-out or GPC detection.
  • Keep a mapping of tags to purposes and confirm they respect opt-outs.

H2: Customer support readiness

  • Train support with macros explaining sale/share, sensitive PI limits, and timelines.
  • Provide a status page update template if ad services are impacted.

Conclusion

Do-not-sell/share flows must connect to your ad stack and support processes. Keep them aligned with {cta_priv}, {cta_cookie}, and {cta_terms}, with logs to demonstrate compliance.

H2: User journey mapping

  • Entry points: footer, banner, privacy policy, emails.
  • Opt-out steps: click link, submit form, confirmation.
  • Backend actions: set flags, update tags, store logs, send confirmations.
  • Follow-up: ensure ads and sharing stop; provide re-entry option if they change mind.

H2: Evidence kit

  • Quarterly screenshots of link placement and page content.
  • Opt-out and GPC logs with timestamps.
  • Ticket or system logs showing processing timelines.
  • Change log for copy and form fields.

H2: Mobile and accessibility considerations

  • Large touch targets, readable fonts, high contrast.
  • Clear focus order and labels for assistive tech.
  • Test on multiple browsers and devices.

Conclusion

An effective do-not-sell/share page is visible, simple, and proven. Keep it synchronized with {cta_priv}, {cta_cookie}, and {cta_terms}, and hold an evidence bundle ready for regulators and partners.

H2: Longer copy and FAQs

  • FAQ: “What is selling or sharing?” Provide plain definitions and examples tied to your ad tech.
  • FAQ: “Do you sell sensitive personal information?” If not, say so and explain limits.
  • FAQ: “How fast do you process opt-outs?” State your SLA and confirm via email if possible.

H2: Data flow alignment

  • Map ad tags and partners; ensure opt-outs disable sharing in real time.
  • Keep a list of partners and purposes; align with your privacy policy and the {cta_cookie}.

H2: Periodic audits

  • Quarterly: verify links, forms, GPC, and tag behavior.
  • Annually: review copy against new laws or guidance.

Conclusion

Your do-not-sell/share page is a high-visibility compliance item. Keep it fast, clear, and tied to your {cta_priv}, {cta_cookie}, and {cta_terms}. Maintain logs and screenshots to show you honor choices.

H2: Additional UX and copy guidance

  • Provide a short explainer of what changes after opting out.
  • Offer a confirmation screen and optional email confirmation.
  • Include a link back to the preference center and cookie settings.

H2: Testing scripts

  • Run automated checks to confirm opt-outs update ad tech flags.
  • Test GPC with multiple browsers monthly.
  • Validate that opt-outs persist across sessions; avoid re-asking unnecessarily.

H2: Record keeping

  • Keep quarterly exports of opt-out logs and GPC detections.
  • Store copies of notice text and form fields with dates.

Conclusion

The opt-out page must be unambiguous and durable. Keep it consistent with your {cta_priv}, {cta_cookie}, and {cta_terms}, and maintain robust logs for proof.

Privacy Policy Generator

Create a comprehensive privacy policy for your website or app. Create yours in minutes with TermsBox.

Generate Now

H2: Multi-channel coverage

  • For apps, include opt-out controls in-app and link to the same backend.
  • For web, ensure the footer and banner links are always visible.
  • For email/SMS, link back to the opt-out page when relevant.

H2: Legal disclosures to include

  • Definition of sale/share in your context
  • Categories of data involved in sale/share
  • Statement on sensitive personal information limits
  • Contact info and links to {cta_priv}

Conclusion

Cover every channel and keep disclosures precise. Align the page with {cta_priv}, {cta_cookie}, and {cta_terms}, and keep proof of placement and processing.

H2: End-to-end SOP

  • Detect: Identify sale/share flows (ad tech, data partners).
  • Design: Build a simple page with form + GPC detection.
  • Link: Footer, banner, privacy policy, and forms.
  • Process: Apply opt-out flags across ad platforms and internal systems.
  • Confirm: Send optional confirmation and provide a way to change mind.
  • Audit: Keep logs, screenshots, and test results; review monthly.

H2: Roles and responsibilities

  • Privacy/legal: copy, legal definitions, GPC handling.
  • Engineering/marketing: tagging, CMP, and ad platform updates.
  • Support: user communication and troubleshooting.
  • QA: recurring tests and screenshots.

H2: Final CTA

An effective do-not-sell/share page is operational and well-documented. Keep it consistent with {cta_priv}, {cta_cookie}, and {cta_terms}, and retain logs for proof.

H2: Analytics and performance considerations

  • Ensure the opt-out page loads quickly and does not rely on third-party trackers.
  • Avoid blocking the page with cookie banners; the link should always work.
  • Monitor uptime for the opt-out page and alert if down.

Conclusion

Reliability and clarity matter. Keep the opt-out page fast, simple, and consistent with {cta_priv}, {cta_cookie}, and {cta_terms}, and maintain uptime and logs as part of your compliance evidence.

Extra depth

Include a mini-FAQ on the page: what counts as sale/share, how to limit sensitive PI, how long processing takes, and who to contact. Provide a direct link back to your privacy policy ({cta_priv}) and cookie policy to explain tracking. Keep a printed/PDF copy of the page for audits and ensure {cta_terms} do not conflict with opt-out promises.

H2: Training and communications

  • Train marketing and support on what sale/share means and how opt-outs propagate.
  • Provide scripts for responding to user questions and regulator inquiries.
  • Add the page to onboarding for new marketers and engineers working on tags.

H2: Governance and review

  • Assign an owner for the opt-out experience and a backup.
  • Quarterly review copy, links, and logs; monthly GPC tests.
  • Annual legal review against new CCPA/CPRA guidance; update the Privacy Policy Generator and Cookie Policy Generator in parallel.

H2: Additional resources

  • California AG CCPA resources
  • FTC on consumer privacy choices
  • ICO guidance on transparency

Conclusion

The do-not-sell/share page is a legal requirement and a trust signal. Keep it obvious, fast, and backed by evidence. Align with Privacy Policy Generator, Cookie Policy Generator, and Terms of Service Generator, and train your teams so opt-outs work every time.

H2: Additional FAQs

  • “What data do you sell/share?” List categories in plain language.
  • “How long does it take to process my request?” State your SLA and that you will confirm completion.
  • “Do you still collect essential data?” Explain that essential cookies or processing may continue for service delivery.

H2: Visual and copy tips

  • Use plain-language headings and bullets for skimmability.
  • Keep the form short; avoid walls of text.
  • Add anchor links for sale/share and sensitive PI sections.

Conclusion

Keep refining the opt-out experience until it is clear, fast, and verifiable. Ensure consistency with Privacy Policy Generator, Cookie Policy Generator, and Terms of Service Generator, and keep an audit trail of every update and test.

Related Tools

Privacy Policy Generator

Create a comprehensive privacy policy for your website or app

Cookie Policy Generator

Create a cookie policy for GDPR compliance

Related Articles

CCPA

CCPA Regulations: What Businesses Must Know in 2026

Guide to California Consumer Privacy Act regulations, covering final rules, opt-out requirements, enforcement updates, and compliance steps for businesses.

April 4, 202614 min read
CCPA

California Data Privacy Law: A Complete Guide for 2026

Understand California data privacy law requirements, consumer rights, and business obligations under CCPA and CPRA. A practical compliance guide.

April 4, 202613 min read
CCPA

California Privacy Law: What Businesses Need to Know

Understand California privacy law requirements including CCPA and CPRA. Learn who must comply, consumer rights, penalties, and how to meet obligations.

April 4, 202613 min read

Ready to Create Your Legal Documents?

Generate professional privacy policies, terms of service, and more in minutes. Free to start, no credit card required.

View All Generators

On This Page

  • Requirements checklist
  • Step-by-step build
  • Table: page essentials
  • Common mistakes to avoid
  • External references
  • Conclusion
  • H2: UX examples
  • H2: Logging and proof
  • H2: Testing cadence
  • H2: Common pitfalls (expanded)
  • H2: External resources
  • H2: Conclusion
  • H2: Copy examples
  • H2: SLA and ownership
  • Conclusion
  • H2: Scripts and tag alignment
  • H2: Customer support readiness
  • Conclusion
  • H2: User journey mapping
  • H2: Evidence kit
  • H2: Mobile and accessibility considerations
  • Conclusion
  • H2: Longer copy and FAQs
  • H2: Data flow alignment
  • H2: Periodic audits
  • Conclusion
  • H2: Additional UX and copy guidance
  • H2: Testing scripts
  • H2: Record keeping
  • Conclusion
  • H2: Multi-channel coverage
  • H2: Legal disclosures to include
  • Conclusion
  • H2: End-to-end SOP
  • H2: Roles and responsibilities
  • H2: Final CTA
  • H2: Analytics and performance considerations
  • Conclusion
  • Extra depth
  • H2: Training and communications
  • H2: Governance and review
  • H2: Additional resources
  • Conclusion
  • H2: Additional FAQs
  • H2: Visual and copy tips
  • Conclusion
TermsBox

Scan your website, auto-generate legal documents, add a consent banner, and stay compliant. One platform for everything.

Product

  • Cookie Scanner
  • Consent Banner
  • Cookie Policy Generator
  • Pricing

Generators

  • Privacy Policy Generator
  • Terms and Conditions Generator
  • EULA Generator
  • Disclaimer Generator
  • Return and Refund Policy Generator

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
GDPR
ePrivacy
CCPA
LGPD
Google Consent Mode v2
IAB TCF 2.2
© 2026 TermsBox. All rights reserved.