Compliance Framework

CCPA-compliant binary verification

AffixIO satisfies CCPA consumer rights by default. Because no personal data is retained after a verification call, rights to know, delete, and opt-out are structurally enforced rather than operationally managed.

CCPA compliantRight to deleteNo data saleOpt-out support
Key capabilities

Compliance features

Built into the architecture — not bolted on as an afterthought.

👤

Right to know — satisfied by default

Verification decision logs are available to merchants for disclosure to their California consumers. AffixIO retains no personal data itself.

🗑

Right to delete — trivially satisfied

Because AffixIO retains no personal data after each API call, there is nothing to delete. Consumer deletion requests require no remediation on AffixIO's infrastructure.

🚫

Right to opt-out — fully supported

AffixIO integrates with consent management platforms, enabling merchants to halt verification for consumers who have exercised their CCPA opt-out rights.

📢

Transparent data usage disclosures

AffixIO's processing role and data minimisation practices can be accurately described in merchant privacy notices and CCPA disclosures.

📊

Minimal data processing

Only the minimum data required for a specific verification is evaluated, and only for the duration of the API call. No secondary use, no profiling, no data sale.

How it works

Implementation

CCPA compliance requires consumer rights to be operationally enforceable. AffixIO's stateless design makes this structurally guaranteed:

  • No data persistence: Personal identifiers processed during a verification call are never written to storage. Consumer deletion obligations on AffixIO's infrastructure are zero.
  • No data sale: AffixIO does not sell, share for cross-context behavioural advertising, or otherwise monetise consumer data. The API returns a binary verification result only.
  • Opt-out compatible: Integration with CCPA-compliant consent management systems allows merchants to enforce consumer opt-out decisions upstream of AffixIO API calls.
  • Audit trails: Pseudonymised decision logs provide merchants with the records needed to respond to consumer requests for information about verification decisions.
  • Transparent processing: AffixIO's data processing practices are documented and available for inclusion in merchant privacy policies and CCPA-required disclosures.

CCPA compliance built into the architecture

Get API access to AffixIO's CCPA-compliant verification infrastructure. Minimal data processing, consumer rights by design.

Get API Access Talk to us Architecture

Other compliance frameworks