1
State-law audit
We map which state privacy laws apply to you, using each state's volume thresholds and activity tests, and write up where you are exposed today.
US State Privacy Compliance
A dozen US state privacy laws. One coherent compliance plan.
California, Virginia, Colorado, Connecticut, Utah, Texas and more — every state writes its own rulebook. We map your obligations, build the opt-out and consumer-rights workflows, and keep the programme current as new states pass laws.
From $1,200 Quoted by scope after a short data-practices review
10,739+ clients11 attorneys5 offices10+ years
IIPLA Top IP Consultancy 2026Upwork · Top Rated Plus
Trusted by founders and brands worldwide
How it works
From a state-by-state patchwork to one defensible programme
2
Strategy call
A short call to set your unified-baseline strategy — build to the strictest applicable standard, then layer state-specific exceptions on top — and agree priorities.
3
Build and maintain
We draft the notice, stand up opt-out and consumer-rights workflows, and add vendor contract terms. An optional retainer keeps the programme current as new states pass laws.
What it costs
Quoted by scope
CCPA & US State Privacy Compliance starts from $1,200. GTC's fee is quoted after a short review of your data practices and the states in scope, then confirmed before any work begins. The figure shown on this page is a live anchor from our catalog. Where any government or filing fees apply, they are charged at cost.
What's included
- State-by-state applicability analysis using volume thresholds and activity tests
- Unified privacy notice covering every applicable state
- 'Do Not Sell or Share My Personal Information' workflow
- Universal Opt-Out Mechanism and Global Privacy Control configuration
- Sensitive Personal Information handling under CPRA, CPA and CTDPA
- Profiling and automated-decision-making disclosures and opt-outs
- Consumer-rights workflow: access, delete, correct and port
- Vendor service-provider and processor contract terms
- Data Protection Assessments where a state requires them
- US state privacy programme
- Quoted by scope
- Optional maintenance retainer
- Quoted by scope
- Government or filing fees, if any
- At cost
Compliance is ongoing rather than a one-time outcome. We build the programme and, with an optional retainer, keep it current as new state laws take effect.
Get started
Get CCPA and US state-privacy ready
Tell us about your data practices and a GTC attorney will scope your US state-privacy compliance and email a quote.
No payment required Reply within 1 business dayA GTC attorney reviews it & sends a flat-fee quote.
-
01Your request
-
02Documents
-
03Your details
Compliance is ongoing. We build the programme and, with an optional retainer, keep it current as new states pass laws.
Your request
1
Your company or product name — we use it to label the matter.
2
Pick the closest. California's CCPA/CPRA and other US state laws give consumers rights over their personal data.
3
Based on where your customers live. Not sure? Tick the closest — thresholds vary by state and we will confirm.
4
Sensitive categories — health, children's, biometric — carry stricter rules.
5
Selling or sharing data, or running targeted advertising, triggers opt-out obligations under CCPA/CPRA.
Why GTC
Why companies bring US state privacy to GTC
Handled by
GTC's privacy team
Data-protection counsel
Attorney-led
Built to the strictest standard
One privacy notice and one set of workflows, built to the strictest applicable state rule, then adjusted for each state's exceptions. The result is defensible everywhere you operate.
Opt-out done correctly
We configure the 'Do Not Sell or Share My Personal Information' workflow and the Universal Opt-Out Mechanism, including Global Privacy Control browser signals, at the consent-platform level.
Sensitive data handled right
We map each sensitive-PI category under CPRA, CPA and CTDPA to your actual collection, then build the consent, limit-use and opt-out flows each state requires.
Kept current as states pass laws
The US patchwork grows every legislative session. An optional retainer tracks new state laws and federal proposals and updates your programme before they take effect.
Your Customer Success Team
A dedicated team that owns your matter from start to finish.
Every GTC client gets a dedicated Account Manager and a Senior Account Manager who learn your business and stay with you from first email to final filing. They are named people who pick up the phone and already know your matter, so every step moves forward without delay.
Your Account Manager
Your day-to-day point of contact, who coordinates every matter, keeps things moving, and already knows your file. They have your full history, so you start every conversation where the last one left off.
Your Senior Account Manager
Senior oversight on strategy and escalations, stepping in as your needs grow, so every important detail stays on track.
A named person, on email or a call, at every step.
How we compare
GTC vs a template vs a big consultancy
| What you get | GTC | Online filing services | Doing it yourself |
|---|---|---|---|
| Multi-state mapping across CCPA/CPRA, VA, CO, CT, TX and more | |||
| Universal Opt-Out Mechanism and Global Privacy Control configured | |||
| Sensitive personal information handling per state | |||
| Consumer-rights workflow: access, delete, correct, port | |||
| Vendor service-provider and processor contract terms | |||
| Drafted and reviewed by senior attorneys, quoted by scope |
Multi-state mapping across CCPA/CPRA, VA, CO, CT, TX and more
GTC
Online filing services
Doing it yourself
Universal Opt-Out Mechanism and Global Privacy Control configured
GTC
Online filing services
Doing it yourself
Sensitive personal information handling per state
GTC
Online filing services
Doing it yourself
Consumer-rights workflow: access, delete, correct, port
GTC
Online filing services
Doing it yourself
Vendor service-provider and processor contract terms
GTC
Online filing services
Doing it yourself
Drafted and reviewed by senior attorneys, quoted by scope
GTC
Online filing services
Doing it yourself
The timeline
What to expect
A typical US state privacy engagement moves from audit to a working programme in a few weeks. Timing depends on the number of states in scope and your data practices.
-
Days 1–2
State-law audit
We map applicable state laws using volume and activity thresholds and deliver a written read on your exposure.
-
Day 3
Strategy call
A 30-minute call to choose your unified-baseline strategy and prioritise the build.
-
Weeks 1–4
Build
Privacy notice, opt-out and consumer-rights workflows, and vendor contract terms are drafted and put in place.
-
Ongoing
Maintain
An optional retainer keeps the programme aligned as new states pass laws and enforcement evolves.
In their words
All your legal, in one place.
One accountable team across every practice, operating since 2016.
10,739+
Clients served
11
In-house attorneys
5
Global offices
10+
Years since 2016
CCPA & US State Privacy Compliance FAQ
Frequently asked questions
Each state sets its own thresholds, usually based on the number of consumers processed and revenue. Many state laws apply at around 100,000 consumers, and California applies above set revenue or consumer thresholds. The audit tells you exactly which laws apply to you.
Start your US state privacy programme
Ready when you are.
Send us your data practices and a senior attorney will map your obligations across CCPA/CPRA and the US state patchwork, then scope a flat-fee programme that satisfies the strictest state in your footprint.
