This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Privacy Platform for Colorado (CPA)

Colorado CPA commences July 1, 2023. Future-proof your company in an evolving US privacy landscape — with a privacy platform that scales to your compliance needs.

Colorado Privacy Act

People demand control of their privacy rights. DataGrail powers the world's most trusted companies to understand and satisfy CPA requirements.

What is CPA?

Colorado's CPA is effective July 1, 2023.

The Colorado Privacy Act (CPA) provides comprehensive consumer privacy protections and expands consumer privacy rights for Colorado residents, including through opt-out preference signals.

Sharing commonalities with the CPRA and VCDPA, CPA establishes new, modernized definitions for personal data. It enshrines European-style necessity and proportionality principles, tackles data monetization through "sales" and targeted ads, and creates enforceable obligations -- notably conducting "genuine" privacy risk assessments.

Who does CPA apply to?

CPA applies when in the State you:

  1. Collect personal data from 100,000 Colorado residents; or
  2. Collect data from 25,000 Colorado residents and derive revenue from the sale of personal data.
  3. There is no annual revenue threshold or consideration for company size.

Some CPA obligations do not apply to B2B organizations. It also has numerous entity-level and data-level exemptions, notably for data subject to US federal laws such as GLBA, HIPAA and FCRA.

Operationalize CPA Compliance

Respect Personal Data Decisions

Data Subject Requests

Consumers have the right to ask businesses to access and delete their data. Automate the process for them to build brand trust and save your team’s time (and money).


Put the Power in Consumers' Hands

Opt-Out Support

Consumers are increasingly opting out of their data being “sold”, including for advertising purposes. Lead with respect and prevent their data from being sold, bartered, exchanged, or monetized.


Go Beyond the Template

Privacy Assessments

When it comes time to complete a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA), rely on a solution that leverages 1,800+ deep integrations to auto-populate responses.


Future-Proof Against Risk

Uphold Brand Trust

The legislative landscape around privacy is changing every day. DataGrail keeps request policies and functionality up-to-date to support compliance with international and US state privacy laws, and whatever comes next.


“DataGrail has supported and guided us through CCPA, CPRA, and GDPR compliance.””

E-Commerce VP

How DataGrail Can Help with CPA

It's time to see what a Privacy Control Center can do for you.

CPA Requirements

Handle It with DataGrail

Centralize privacy requests (DSRs) like Access, Deletion, Portability and others

Request Manager

Branded intake forms, Operations Dashboard, search and filters

Verify requestor identity, proportionally

Request Manager

Smart Verification™ uses pre-existing data with Authorized Agent support

Fulfill DSRs safely, collaboratively and on time

Request Manager

Customizable SLAs and workflows, authorized handoffs and alerts

Honor Do Not Sell opt-out requests

Request Manager

Multichannel handling with GPC opt-out signal recognition

Document your data and processing purposes

Live Data Map

Auto-detect systems containing personal data, generate dynamic RoPAs

Maintain data maps and processing records (RoPAs)

Live Data Map

Proprietary taxonomy and exports driving standardized summaries

Conduct Data Protection / Privacy Impact Assessments

Risk Monitor: Assessments

Assess vendors and high-risk processing activities at scale

Take holistic stock of your privacy footprint

Integration Network

Tight integrations with 1,800+ apps and platforms, from salestech to HRIS

Focus your internal teams on their most strategic work

Managed Services

Access to a dedicated privacy manager who helps build a scalable program and manage DSR processes

Get Up to Speed Fast on CPA


CPA Explained

Learn about the Colorado consumer privacy law, its requirements for businesses, and what this means in relation to the CCPA/CPRA and a holistic privacy management program.

Read the Guide
In the News

'Do Not Sell' Compliance

The Californian right to opt-out of data "sales" has been adopted into other US State privacy laws, including CPA. CPRA co-author Rick Arney weighs in on the underlying issues affecting all US businesses.

Watch the Interview

Data Protection Impact Assessments

Learn what DPIAs are, what they require, and why they are an essential to your privacy management program.

Read the Guide

“DataGrail helped us reduce compliance risk. Our adoption of DataGrail has only increased over time and it's great to have a knowledgeable partner as we look to the next year with CPRA going into effect.”

Verified User in Software

Mid-Market (51-1000 emp.)

Resources for every step
of your data privacy journey

Privacy Primer: Mastering the Data Privacy Basics
Learn More
Data Privacy Solution Buyer’s Guide
Learn More
Meet DataGrail: On-Demand
Learn More
Curious about how it all works?
Learn more about the DataGrail Platform

Whether you're an expert or just starting out, join the privacy community for professionals who lead with trust.

Join the Community