CCPA/CPRA Contract Clauses
- Terms of Service
- Terms of Use
- Partner Program Terms
- Privacy Policy
- California Privacy Notice
- CCPA Contract Clauses
- Do Not Sell My Info
- Cookie Policy
- Data Processing Agreement
- Anti-Spam
- Opt Out
- Payment Terms
- Restricted Payment Businesses
- Processing Fees
- End User License Agreement
- Mobile App End User License Agreement
- LSA Terms
- LSA Requirements
- MADI Terms
- Trademarks
- DMCA Copyright Policy
- AG EULA
CCPA/CPRA Contract Clauses
Last Updated: April 7, 2026. These clauses are effective immediately.
1. Definitions
The following definitions and rules of interpretation apply in this Agreement:
(a) CCPA/CPRA means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code §§ 1798.100 to 1798.199), and any related regulations or guidance provided by the California Attorney General or the California Privacy Protection Agency (CPPA). Terms defined in the CCPA/CPRA, including "personal information," "sensitive personal information," "business purposes," "service provider," and "contractor," carry the same meaning in this Agreement.
(b) Contracted Business Purposes means the services described in your Marketing 360 Service Agreement, Websites 360 Service Agreement, Top Rated Local Service Agreement, or any other purpose specifically identified in Appendix A for which the Service Provider receives or accesses personal information
(c) Customer means a business or individual that has signed a service agreement with Madwire, LLC or any of its affiliated entities, and that qualifies as a "business" as defined under the CCPA/CPRA with respect to the personal information processed under this Agreement.
(d) Service Provider / Contractor means Madwire, LLC d/b/a Marketing 360, Websites 360, and/or Top Rated Local. Madwire acts as a "service provider" or "contractor" (as those terms are defined under the CCPA/CPRA) with respect to personal information it processes on behalf of Customer under this Agreement.
(e) Sensitive Personal Information has the meaning set forth in Cal. Civ. Code § 1798.140(ae), and includes, among other things, Social Security numbers, financial account credentials, precise geolocation data, racial or ethnic origin, religious beliefs, genetic data, biometric data for the purpose of uniquely identifying a consumer, health information, and information concerning a consumer's sex life or sexual orientation.
(f) Sharing means the disclosure of personal information by a business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, as defined in Cal. Civ. Code § 1798.140(ah).
2. Service Provider Obligations
(a) Service Provider will only collect, use, retain, or disclose personal information for the Contracted Business Purposes for which Customer provides or permits personal information access, in accordance with the Terms of Service and Customer's instructions. Service Provider's receipt of personal information pursuant to this Agreement does not constitute a sale or sharing of personal information.
(b) Service Provider will not collect, use, retain, disclose, sell, share, or otherwise make personal information available for Service Provider's own commercial purposes, or in a way that does not comply with the CCPA/CPRA. If a law requires Service Provider to disclose personal information for a purpose unrelated to the Contracted Business Purpose, Service Provider must first inform Customer of the legal requirement and give Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
(c) Service Provider will limit personal information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve the Contracted Business Purposes or another compatible operational purpose.
(d) Service Provider will not collect, use, retain, or disclose Sensitive Personal Information beyond what is reasonably necessary to perform the Contracted Business Purposes, and will not use or disclose Sensitive Personal Information for any purpose not permitted under Cal. Civ. Code § 1798.121.
(e) Service Provider must promptly comply with any Customer request or instruction from authorized personnel requiring Service Provider to provide, amend, transfer, or delete personal information, or to stop, mitigate, or remedy any unauthorized processing.
(f) If the Contracted Business Purposes require the collection of personal information from individuals on Customer's behalf, Service Provider will provide a CCPA/CPRA-compliant notice addressing use and collection methods that Customer specifically pre-approves in writing. Service Provider will not modify or alter the notice in any way without Customer's prior written consent.
(g) If permitted by the CCPA/CPRA, Service Provider may aggregate, deidentify, or anonymize personal information using methods consistent with the CCPA/CPRA, such that the data no longer meets the definition of personal information, and may use such aggregated, deidentified, or anonymized data for its own research and development purposes. Service Provider will not attempt to re-identify any previously aggregated, deidentified, or anonymized data, and will contractually prohibit downstream data recipients from doing so.
3. Assistance with Customer's CCPA/CPRA Obligations
(a) Service Provider will reasonably cooperate and assist Customer in meeting Customer's CCPA/CPRA compliance obligations and responding to CCPA/CPRA-related inquiries, including verifiable consumer requests for access, correction, deletion, and data portability, taking into account the nature of Service Provider's processing and the information available to it.
(b) Service Provider must notify Customer without undue delay, and in any event within ten (10) business days, if it receives any verifiable consumer request, complaint, notice, or communication that directly or indirectly relates to either party's compliance with the CCPA/CPRA with respect to personal information processed under this Agreement.
(c) Service Provider will maintain reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, destruction, use, modification, or disclosure, and will notify Customer promptly — and in no event later than seventy-two (72) hours — upon becoming aware of any actual or reasonably suspected security breach involving personal information processed under this Agreement.
(d) Upon Customer's reasonable written request, Service Provider will make available to Customer information reasonably necessary to demonstrate Service Provider's compliance with the obligations set forth in this Agreement and the CCPA/CPRA, including by permitting and cooperating with reasonable audits or inspections conducted by Customer or Customer's authorized agent, subject to reasonable confidentiality protections.
4. Consumer Rights — Opt-Out of Sale or Sharing
(a) To the extent Customer instructs Service Provider to cease the sale or sharing of a specific consumer's personal information pursuant to a consumer's opt-out request under Cal. Civ. Code § 1798.120, Service Provider will honor that instruction and cease the applicable processing within the timeframe required by the CCPA/CPRA.
(b) Service Provider will not sell or share personal information processed under this Agreement for any purpose other than the Contracted Business Purposes, and will not engage in cross-context behavioral advertising using personal information obtained under this Agreement without Customer's prior written authorization.
5. Subcontracting
(a) Service Provider may engage subcontractors to assist in providing the Contracted Business Services, provided that Service Provider ensures each subcontractor is bound by written obligations at least as protective as those set forth in this Agreement and the CCPA/CPRA.
(b) Upon Customer's written request, Service Provider will provide an up-to-date list disclosing for each subcontractor: (i) the subcontractor's name, address, and contact information; (ii) the type of services provided; and (iii) the categories of personal information disclosed to the subcontractor in the preceding twelve (12) months.
(c) Service Provider remains fully responsible to Customer for the performance of any subcontractor's obligations under this Agreement to the extent Service Provider would be responsible if performing the services directly.
6. Warranties and Certifications
(a) Both parties will comply with all applicable requirements of the CCPA/CPRA when collecting, using, retaining, or disclosing personal information subject to this Agreement.
(b) Service Provider certifies that it understands the restrictions and prohibitions under this Agreement and the CCPA/CPRA on selling or sharing personal information, and on retaining, using, or disclosing personal information outside of the parties' direct business relationship, and that it will comply with them.
(c) Service Provider warrants that it has no reason to believe any CCPA/CPRA requirements or restrictions prevent it from providing any of the Contracted Business Purposes or otherwise performing under this Agreement. Service Provider must promptly notify Customer of any changes to the CCPA/CPRA's requirements that may materially affect its performance under this Agreement.
(d) Service Provider warrants that it will not engage in any activity that would cause Customer to violate the CCPA/CPRA, including by using personal information in a manner inconsistent with Customer's privacy notices or the rights of consumers under the CCPA/CPRA.
7. Term and Termination
These clauses remain in effect for the duration of the Agreement between the parties. Upon termination or expiration of the Agreement, Service Provider will, at Customer's direction, promptly return, delete, or destroy all personal information processed under this Agreement, except to the extent retention is required by applicable law, in which case Service Provider will continue to protect such information in accordance with this Agreement.
8. Governing Law
These clauses are governed by and construed in accordance with the laws of the State of California, to the extent they relate to obligations under the CCPA/CPRA, and otherwise in accordance with the governing law provision of the underlying Agreement between the parties.
Appendix A — Personal Information Processing Purposes and Details
Contracted Business Purposes: Advertising, marketing, CRM, payment processing, and other business management services provided under the applicable Marketing 360, Websites 360, or Top Rated Local service agreement.
| Category | Examples | Processed under this Agreement |
|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories. |
YES |
| C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
NO |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
YES |
| G. Geolocation data. | Physical location or movements. |
YES |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. |
NO |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | NO |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
| K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
Get everything you need to manage and grow your business.
Plus, get a free trial. No credit card required.