CCPA and CPRA
HitKeep can support a lower-risk CCPA / CPRA posture, but it does not replace your own privacy program.
Where HitKeep Helps
Section titled “Where HitKeep Helps”HitKeep does not natively behave like an ad-tech sharing platform:
- no built-in cross-context behavioral advertising stack
- no vendor-side analytics data resale model
- no default third-party analytics distribution
- self-hosting can keep analytics inside your own environment
It also gives you building blocks for consumer-right workflows:
- takeout exports
- retention controls
- admin deletion of users and sites
- clearly bounded analytics data stores
What CCPA / CPRA Still Requires From You
Section titled “What CCPA / CPRA Still Requires From You”CCPA / CPRA obligations still sit with the business operating the site or service.
HitKeep does not automatically satisfy:
- your notice at collection
- your privacy policy
- your methods for rights requests
- your consumer identity verification workflow
- your opt-out of sale/share obligations, if applicable
- your Global Privacy Control handling, where applicable
Service Provider / Processor Positioning
Section titled “Service Provider / Processor Positioning”If you self-host HitKeep yourself, there is no HitKeep-hosted analytics vendor in the loop by default.
If you use HitKeep Cloud, you should treat the cloud relationship as one that needs the right contractual and privacy documentation before relying on it for regulated production use. In practice that means:
- a DPA / service-provider-style contract
- documented region choice
- documented subprocessors, if any
Conservative Recommendation
Section titled “Conservative Recommendation”Use HitKeep as one part of your CCPA / CPRA program, not as the whole program.
At minimum:
- update your privacy notice
- make sure rights requests have a real intake path
- decide whether your analytics flow implicates sale/share analysis
- document your cloud/self-hosted service-provider relationship clearly