Documentation Index
Fetch the complete documentation index at: https://hydroxai.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Overview
The California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA), is the most comprehensive consumer privacy law in the United States. It grants California residents specific rights over their personal information and imposes obligations on businesses that collect, process, or sell that data. For AI systems, CCPA/CPRA compliance is critical because models can inadvertently collect, memorize, or expose personal information through their training data or real-time interactions.Key consumer rights
| Right | Description |
|---|---|
| Right to know | Consumers can request what personal data a business collects and how it is used |
| Right to delete | Consumers can request deletion of their personal information |
| Right to opt out | Consumers can opt out of the sale or sharing of their personal data |
| Right to correct | Consumers can request correction of inaccurate personal information |
| Right to limit use | Consumers can limit use and disclosure of sensitive personal information |
| Right to non-discrimination | Businesses cannot discriminate against consumers for exercising their rights |
AI-specific risks
AI systems introduce unique CCPA/CPRA compliance challenges:- PII leakage — Models may inadvertently output personal information from training data
- Data retention — AI interactions may store personal data beyond what’s necessary
- Automated decision-making — AI-driven decisions may trigger profiling disclosure requirements
- Third-party sharing — AI API calls may transmit personal data to model providers
- Consent management — Users must be informed when AI processes their personal data
How Know Your AI helps
Know Your AI provides automated CCPA/CPRA compliance analysis for every evaluation run:Three-tier violation scoring
| Tier | Name | Description |
|---|---|---|
| Tier 1 | Direct relevance | Responses that directly handle personal data or privacy requests |
| Tier 2 | Indirect relevance | Responses that indirectly impact data privacy practices |
| Tier 3 | Ancillary relevance | Responses with peripheral privacy implications |
Severity classification
Each violation is assigned a severity level: None, Low, Medium, High, or Critical.Evidence trails
For each flagged response, Know Your AI records:- The violating text snippet
- Violation category and tier
- Detailed analysis explaining the issue
- Legal reference citing the relevant CCPA/CPRA section
- Full prompt and response pair for audit purposes
Compliance dashboard
Track violation trends across evaluation runs with:- Total violation counts by tier and severity
- Regulation-level breakdown summaries
- Per-run compliance reports with evidence explorer
- Exportable findings for legal and leadership review
Relevant CCPA/CPRA sections
| Section | Topic |
|---|---|
| §1798.100 | Right to know what personal information is collected |
| §1798.105 | Right to deletion of personal information |
| §1798.110 | Right to know about collection and use |
| §1798.120 | Right to opt out of sale of personal information |
| §1798.121 | Right to limit use of sensitive personal information |
| §1798.125 | Right to non-discrimination |
| §1798.130 | Requirements for submission and handling of requests |
| §1798.140 | Definitions (personal information, business, service provider, etc.) |
Resources
Compliance in Know Your AI
See how compliance analysis works in the platform.
Firewall
Real-time protection against privacy violations.