Am I a Data Broker?
Answer 11 questions to find out if your business qualifies as a "data broker" under California's Delete Act (SB 362) — and what that means for you before the August 1, 2026 enforcement deadline.
Data Collection Sources
How does your business obtain personal information?
Do you collect personal information (names, emails, phone numbers, device IDs) about individuals?
Do you obtain any of this data from sources other than the individuals themselves? (e.g., purchased lists, data append services, scraping, third-party APIs)
Do you aggregate data from multiple public or commercial sources to create consumer profiles?
Do you use cookies, pixels, or tracking technologies that collect data about individuals who are NOT your direct customers?
Data Sharing & Sales
How does your business share or monetize data?
Do you sell, license, or rent personal information to other businesses?
Do you share personal information with third parties in exchange for anything of value (including services, cross-promotions, or data-for-data swaps)?
Do you provide personal information to advertising networks, lead generation platforms, or marketing services?
Do you operate an API or data feed that allows third parties to access your consumer data?
Direct Relationship Test
Do consumers know you have their data?
Do the individuals whose data you hold know that you have their information?
Did the individuals voluntarily provide their data directly to your company? (e.g., they signed up, made a purchase, or submitted a form on YOUR website)
Is your primary business relationship directly with the consumers whose data you hold?
Answer all 11 questions to see your risk assessment.