Use this guide to check your privacy rights by state, find opt-out links for major companies, and get ready-to-send request templates β all free.
Select your state to see exactly which privacy rights you have and which laws apply to you.
Your rights depend on where you live. Find your state's law above, then read the full analysis on our State Laws page.
Every covered company must provide an opt-out mechanism. Look for it in the website footer, privacy policy, or use our company lookup below.
Use our ready-made templates to send a legally clear request. Cite the applicable law and specify which right you're invoking.
Note the date you submitted. Companies must respond within 45 days. If they miss the deadline, you can escalate to your state AG.
β οΈ Replace all text in [brackets] with your actual information. Always send through the company's official privacy request portal for it to be legally binding.
Under most U.S. state privacy laws (California, Virginia, Colorado, Connecticut, Texas, and others), businesses must respond within 45 days of receiving your verified request. They can extend this by an additional 45 days if they notify you in writing before the initial deadline expires, explaining the reason for the extension. If a company exceeds these deadlines without notice, you may file a complaint with your state's attorney general.
Generally, no. Companies must respond to one copy of your personal data per 12-month period at no charge. If you make multiple requests within a year, some states allow companies to charge a reasonable fee for processing additional requests, but the first request must always be free. California's CCPA explicitly prohibits charging fees for standard privacy requests.
A company may legitimately be unable to find your data if they don't have it, or if you provided insufficient identifying information. If you believe they do have your data, provide more specific identifying information: all email addresses you may have used, account numbers, phone numbers, or any other identifiers. If after providing sufficient identification the company still claims to have no data, you can request a written confirmation of that fact. If you have evidence they do hold your data (e.g., you've received marketing emails from them), you can escalate to your state AG.
No. All major U.S. state privacy laws include a non-discrimination provision that prohibits businesses from penalizing you for exercising your privacy rights. They cannot deny you services, charge higher prices, or provide lower quality service because you opted out of data sale or submitted a deletion request. If a company retaliates against you for exercising your rights, that is itself a violation of the applicable privacy law and grounds for a complaint to your state AG.
Not necessarily. Deleting an account and deleting your personal data are different things. Many companies retain your data after account deletion for business purposes, analytics, or security. A formal deletion request under your state's privacy law is legally binding and requires the company to actually delete the data (with limited exceptions for legal obligations and security). Always submit a formal privacy rights request separately from any account closure.
You have fewer rights, but not none. Federal laws like HIPAA (health data), COPPA (children's data), FCRA (credit data), and GLBA (financial data) apply nationwide. Some companies apply their California privacy protections to all U.S. users as a matter of policy. You can also ask companies voluntarily to delete your data or opt you out β many will comply even without a legal obligation. Additionally, federal legislation remains possible, and your state may enact privacy legislation in coming years.