# United States: CCPA, CPRA, and state privacy laws Source: https://help.pet-connect.co/privacy-policy/united-states-ccpa-cpra-and-state-privacy-laws United States privacy law is state-led. California’s CCPA (as amended by CPRA) is the best known, but Colorado, Virginia, Connecticut, Utah, Texas, and other states have their own comprehensive privacy laws. This article outlines common themes for US pet salons using PetConnect. ## Laws and frameworks covered CCPA/CPRA (California) · VCDPA (Virginia) · CPA (Colorado) · CTDPA (Connecticut) · UCPA (Utah) · TDPSA (Texas) · and others > Disclaimer: This Help Center article is general information only—not legal advice. Consult a qualified privacy lawyer in your jurisdiction for compliance specific to your business. ## Who is covered Thresholds vary by state—often based on revenue, number of California/resident consumers, or percentage of revenue from selling/sharing personal information. Many independent grooming salons fall below thresholds but should still follow good privacy practice; multi-location brands and franchises are more likely to be in scope. Determine which states your clients reside in, not only where your shop is located, if you take online bookings nationally. ## Notice and consumer rights Publish a privacy notice describing categories of data collected (contact details, pet records, purchase history), purposes, retention, and whether you “sell” or “share” data for cross-context behavioural advertising. Consumers may have rights to know, access, delete, correct, and opt out of sale/share of personal information. Some states add opt-out of targeted advertising and profiling. Provide a clear way to submit requests (web form, email, or toll-free number as required). Train staff not to discriminate against clients who exercise rights. ## Sensitive data and minors Some laws treat precise geolocation, account log-in credentials, or certain health-related pet notes as sensitive—obtain opt-in consent where required before collection. If you knowingly collect data from children under 16 (rare in grooming), additional consent rules may apply. ## Practical steps in PetConnect Limit staff permissions to roles that need client contact details. Disable unused integrations that export client lists. Document marketing consent for SMS/email. Honour opt-outs in the inbox module. For access/deletion requests, export or update the client profile, then confirm in writing what was done. ## Frequently asked questions ### Does PetConnect comply with these laws for me? PetConnect provides tools and contractual processor terms, but you remain responsible for how you collect, use, and disclose client data in your salon. ### Which article should I read if I have stores in multiple countries? Read the guide for each country where you have a store, plus the privacy overview and retention/export article. Align brand policies to the strictest requirement. ### Can PetConnect help with a client access request? Use in-app export and profile editing. For platform-level questions, email support@pet-connect.co. ### Do I need a Data Protection Officer? Depends on law and scale—GDPR, LGPD, and Quebec Law 25 may require one in some cases. Ask your legal adviser. ### Where is data stored? Confirm current hosting and sub-processor locations with PetConnect support for transfer and disclosure documentation. ## Summary US operators should track state privacy laws affecting their clients, publish clear notices, and honour access, deletion, and opt-out rights.