Detect and redact personal information covered by CCPA and CPRA. AI-assisted, privacy-first document redaction.
No signup required · 2 free documents/day
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give California residents control over their personal information.
CCPA defines 11 categories of personal information. SafeRedact's AI detects most text-based categories automatically.
Name, alias, SSN, driver's license, passport, postal address, email, account name
Bank account, credit card, debit card numbers, financial history
Age, race, gender, religion, national origin, disability, citizenship
Purchase records, purchasing histories, consuming tendencies
Fingerprints, face, voice (non-text - manual review)
Browsing history, search history, IP addresses, device IDs
Physical location, GPS coordinates, addresses
Audio, video, photos (non-text - manual review)
Job title, employer, salary, work history
Enrollment records, grades, transcripts, student IDs
Profiles, preferences, characteristics derived from data
AI-detected | Non-text (manual review needed)
CPRA added a new "sensitive personal information" category with additional protections. SafeRedact can detect most of these.
Government-issued identification numbers
Account + security codes or passwords
Location within 1,850 feet
Protected demographic information
Medical conditions, diagnoses, treatments
Gender identity, sexual orientation
CCPA/CPRA grants California residents specific rights. Fulfilling these rights often requires precise document redaction.
Consumers can request copies of all personal information collected about them. When fulfilling these requests, you must redact any third-party personal information contained in the same documents — employee names, vendor contacts, other customers' data.
Consumers can request deletion of their personal information. For documents that contain both the consumer's data and business-critical information, redaction is often more practical than full deletion — you remove the personal information while preserving the business record.
CPRA added the right for consumers to limit the use of sensitive personal information — including SSNs, driver's license numbers, financial account details, and precise geolocation. When these data points appear in shared documents, they must be redacted unless a specific business purpose exemption applies.
Businesses cannot discriminate against consumers who exercise their privacy rights. This means your redaction processes need to be efficient enough that honoring requests doesn't create operational friction that discourages future requests.
Enforced by the California Attorney General and the California Privacy Protection Agency (CPPA).
$2,500
Per Unintentional Violation
Each affected consumer record counts as a separate violation. A breach involving 10,000 records = potential $25M exposure.
$7,500
Per Intentional Violation
Knowingly failing to comply with consumer requests or mishandling personal information. CPRA also applies this rate to violations involving minors' data.
$100–$750
Per Consumer (Private Action)
Consumers can sue directly under § 1798.150 if their unredacted/unencrypted personal information is exposed in a data breach. Class actions can reach tens of millions.
CPRA (effective January 2023) significantly expanded CCPA's scope. Key changes affecting redaction workflows:
Bottom line for redaction: CPRA's elimination of the cure period means there's no grace period to fix problems after a complaint. Your redaction processes need to be correct from the start. Automated PII detection reduces the risk of human error in high-volume document processing.
Redact third-party information before fulfilling "right to know" requests.
Remove personal information from employment documents before sharing.
Redact personal information before sending contracts to third parties.
De-identify customer data for analytics or reporting purposes.
Redact non-relevant personal information from discovery documents.
Prepare documents for CCPA compliance audits.
When redacting personal information, how your tool handles files is critical.
Your files are processed entirely in your browser. The actual document never leaves your device.
Only extracted text is sent for AI analysis. We never see your actual documents, images, or formatting.
Redactions are applied locally. The clean PDF is created in your browser and downloaded directly.
Start free, pay only when you need more.
CCPA applies to for-profit businesses that collect California residents' personal information AND meet one of these criteria: (1) $25M+ annual revenue, (2) buy/sell/share data of 100K+ consumers, or (3) derive 50%+ of revenue from selling personal information.
Intentional violations can result in fines up to $7,500 per violation. Unintentional violations can result in fines up to $2,500 per violation after a 30-day cure period. Consumers can also sue for data breaches ($100-$750 per consumer per incident).
SafeRedact helps you redact personal information from documents, which is one component of CCPA compliance. Full compliance requires additional measures including data mapping, privacy policies, consumer request processes, and security practices. Consult with a privacy professional for comprehensive compliance guidance.
SafeRedact's AI detects most text-based CCPA categories including identifiers (names, SSNs, addresses, emails), financial information, professional/employment data, education records, and internet activity data. Biometric data and photos require manual review.
See if it fits your workflow. No account required for the free tier.