Free Cookie Policy Generator for Next.js Application — CCPA Compliant

🇺🇸 Key CCPA Requirements

The California Consumer Privacy Act (CCPA), enhanced by the CPRA in 2023, gives California residents extensive rights over their personal data. It applies to businesses that meet certain revenue or data processing thresholds. Fines range from $2,500 per unintentional violation to $7,500 per intentional violation.

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information collected
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising CCPA rights
• "Do Not Sell or Share My Personal Information" link required if applicable
• Privacy policy must list categories of personal information collected and sold in the past 12 months
• Annual privacy policy updates required

Next.js Application — Specific Considerations

Next.js applications combine server-side rendering with client-side React, meaning data collection happens on both the server (IP addresses, request logs) and the client (analytics, cookies). Next.js apps deployed on Vercel automatically collect performance and analytics data through Vercel's infrastructure. The hybrid nature of Next.js requires disclosing both server-side and client-side data collection practices.

Data typically collected by Next.js Application businesses: server-side request logs and IP addresses, Vercel analytics data, client-side analytics events, authentication data, API route request data, cookie and session data

• Vercel infrastructure data processing disclosure
• Server-side and client-side data collection distinction
• Next.js middleware data processing
• Edge function data handling
• API routes as data collection points