Compliance
CCPA / CPRA
Quick definition
California Consumer Privacy Act (2020) + California Privacy Rights Act (2023). Grants California residents data privacy rights similar to GDPR.
CCPA (effective 2020) gave California residents the right to know what data businesses collect, the right to delete it, and the right to opt out of its sale. CPRA (effective 2023) extended these rights with new protections for sensitive personal information. Applies to businesses with >$25M revenue OR processing data of 100K+ California consumers OR earning 50%+ revenue from selling personal information. Most B2B startups eventually trigger it.
Related compliance terms
SOC 2 Type I vs Type II
Type I attests controls are designed correctly at a point in time; Type II attests they operated effectively over 6–12 months.
SOC 1
Attestation report focused on internal controls over financial reporting (ICFR). Relevant for vendors whose services affect customers' financial statements.
HIPAA Compliance for Startups
Healthcare Information Privacy regulation governing protected health information (PHI). Required for any startup handling patient data.
GDPR (for US Startups)
EU General Data Protection Regulation governing how you handle personal data of EU residents — even if you're a US company.
Frequently asked questions
- What is CCPA / CPRA?
- CCPA (effective 2020) gave California residents the right to know what data businesses collect, the right to delete it, and the right to opt out of its sale. CPRA (effective 2023) extended these rights with new protections for sensitive personal information. Applies to businesses with >$25M revenue OR processing data of 100K+ California consumers OR earning 50%+ revenue from selling personal information. Most B2B startups eventually trigger it.
- Why is CCPA / CPRA important for startups?
- CCPA / CPRA is a compliance concept that matters for startup founders because it directly affects fundraising readiness, financial decision-making, or operational discipline at the stage where mistakes are expensive to undo. Founders who understand it have a meaningfully easier time in diligence, board meetings, and investor conversations.
- What category does CCPA / CPRA belong to?
- CCPA / CPRA is a Compliance term in the StartupCFO finance glossary — alongside other compliance concepts that founders, CFOs, and accountants use in daily startup operations and reporting.
- Where can I learn more about CCPA / CPRA?
- Beyond this definition, see the related compliance terms below, or explore StartupCFO's insights and tools that put CCPA / CPRA in context. For specific situations, talk to a fractional CFO who can walk through your numbers.
Got a finance question that needs more than a definition?
Talk to a real CFO. 30 minutes, no contract, free.
