Ir al contenido
Empieza en HitKeep Cloud

CCPA and CPRA Analytics Review for HitKeep

Esta página aún no está disponible en tu idioma.

HitKeep can support a lower-risk CCPA / CPRA posture, but it does not replace your own privacy program.

HitKeep does not natively behave like an ad-tech sharing platform:

  • no built-in cross-context behavioral advertising stack
  • no vendor-side analytics data resale model
  • no default third-party analytics distribution
  • self-hosting can keep analytics inside your own environment

It also gives you building blocks for consumer-right workflows:

CCPA / CPRA obligations still sit with the business operating the site or service.

HitKeep does not automatically satisfy:

  • your notice at collection
  • your privacy policy
  • your methods for rights requests
  • your consumer identity verification workflow
  • your opt-out of sale/share obligations, if applicable
  • your Global Privacy Control handling, where applicable

Use this checklist with counsel or your privacy owner:

Question What to inspect in HitKeep
Is analytics data sold or shared for cross-context advertising? HitKeep does not include an ad-tech resale or cross-context advertising workflow by default. Your own integrations still matter.
Where does analytics data live? Self-hosted data stays in your HitKeep data directory. Cloud data lives in the selected managed region.
Can a consumer request export be handled? Use takeout exports for supported JSON, CSV, and Parquet surfaces.
Can old data expire? Configure retention rules and document backup retention separately.
Are service-provider terms needed? Yes for HitKeep Cloud or any managed infrastructure relationship you rely on.

HitKeep can reduce the number of analytics vendors in the review. It does not decide whether your broader site, ad stack, CRM, or tag manager triggers sale/share or targeted advertising obligations.

If you self-host HitKeep yourself, there is no HitKeep-hosted analytics vendor in the loop by default.

If you use HitKeep Cloud, you should treat the cloud relationship as one that needs the right contractual and privacy documentation before relying on it for regulated production use. In practice that means:

  • a DPA / service-provider-style contract
  • documented region choice
  • documented subprocessors, if any

Use HitKeep as one part of your CCPA / CPRA program, not as the whole program.

At minimum:

  1. update your privacy notice
  2. make sure rights requests have a real intake path
  3. decide whether your analytics flow implicates sale/share analysis
  4. document your cloud/self-hosted service-provider relationship clearly