If your business is subject to the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA), you are likely required to provide California consumers with a clear, accessible opt-out link labeled "Do Not Sell" or "Do Not Sell or Share My Personal Information." This guide shows you how to configure that CCPA opt-out widget text in your Secure Privacy dashboard.
Note: This article covers product configuration only and does not constitute legal advice. Consult your legal team to determine whether your data practices qualify as a "sale" or "share" under CCPA/CPRA.
Who Is This For?
This guide applies to your organization if:
Your business is subject to CCPA/CPRA — generally businesses meeting certain revenue, data volume, or data-sharing thresholds
You sell or share personal information — which under CPRA includes cross-context behavioral advertising
You need a visible opt-out link or widget on your website for California consumers
CCPA/CPRA Opt-Out Requirement: What It Means
CCPA/CPRA requires businesses to provide a clear, easily accessible opt-out mechanism for the sale or sharing of personal information. Most sites implement this as a persistent widget or footer link labeled "Do Not Sell" or "Do Not Sell or Share My Personal Information" — visible on every page of the site.
Correctly configuring this opt-out label helps your site:
Make the CCPA opt-out entry point immediately visible to California consumers
Align with common CCPA/CPRA compliance expectations and recognized opt-out wording
Build user trust and reduce friction for privacy requests
How to Configure the CCPA Opt-Out Widget Text
Step 1: Open the CCPA template
Sign in to your Secure Privacy dashboard
In the main navigation, click Templates
Select CCPA from the template categories
Step 2: Find the widget settings
In the CCPA template options, locate the Widget section
Click to expand the widget configuration panel
Step 3: Update the opt-out label
Find the Widget Display Text field
Clear the existing text and enter one of the following recognized CCPA/CPRA opt-out labels:
Do Not Sell
Shorter, widely recognized wording — sufficient for most CCPA implementations.
Do Not Sell or Share My Personal Information
The full CPRA-specific phrase — recommended if your business is subject to CPRA or engages in cross-context behavioral advertising.
Click Save
Verifying the CCPA Opt-Out Experience
After saving your changes, confirm the opt-out widget is working correctly end-to-end:
Open your website in an incognito or private browser window
Confirm the widget displays the updated "Do Not Sell" or "Do Not Sell or Share My Personal Information" text
Click the widget and verify the opt-out flow loads correctly
Complete the opt-out flow to confirm it works end-to-end
If your site uses caching or a CDN, clear all cache layers first and retest in an incognito window
Best Practices for the CCPA Opt-Out Link
Use recognized wording — "Do Not Sell" or "Do Not Sell or Share My Personal Information" matches what California consumers search for and expect to see
Make it easy to find — Place the opt-out link in your site footer and use a persistent widget that is visible on every page, not just the homepage
Verify the underlying opt-out works — The label is only meaningful if clicking it correctly limits the selling or sharing of personal data in your systems
Test regularly — Retest the full opt-out flow whenever you update your site, change analytics integrations, or add new advertising partners
Frequently Asked Questions
Why isn't my updated widget text showing on my live site?
Confirm you clicked Save in the CCPA template settings. Then clear your site cache, CDN cache, and browser cache, and retest in a fresh incognito window. If the text shows correctly in the dashboard preview but not on the live site, a caching layer is the most likely cause.
Can I customize widget text for GDPR and other regional templates?
Yes. Open the relevant regional template — for example, GDPR — and locate the equivalent Widget settings section to update the display text for that jurisdiction.
Does updating the opt-out label make my site fully CCPA/CPRA compliant?
No. The label helps users find the opt-out mechanism, but full CCPA/CPRA compliance requires that the underlying opt-out functionality correctly limits the sale and sharing of personal information. Your privacy disclosures, data processing agreements, and technical implementation all need to align. Consult your legal team for a complete compliance review.
What is the difference between "Do Not Sell" and "Do Not Sell or Share My Personal Information"?
"Do Not Sell" was the original CCPA wording. The CPRA extended this to "Do Not Sell or Share My Personal Information" to explicitly cover cross-context behavioral advertising as a form of "sharing." If your business engages in behavioral advertising or is subject to CPRA, the full phrase is the more appropriate label.
Where should the "Do Not Sell" link appear on my website?
CCPA/CPRA guidance recommends placing the opt-out link in your website footer so it is accessible from every page. A persistent floating widget — configured in Secure Privacy — also satisfies the visibility requirement and is often easier for users to find than a footer-only link.
Contact Secure Privacy Support
If the opt-out label updates correctly in the dashboard but does not appear on your live site, or if you are unsure whether your setup qualifies as a "sale" or "share" under CCPA/CPRA, contact Secure Privacy support at [email protected].