Articles on: Settings

How the do not sell my data feature works

Overview


This article explains what a Do not sell my data page is and how it works with Pandectes GDPR Compliance.


The page gives eligible visitors a way to opt out of the sale or sharing of personal data, where this right applies under relevant U.S. state privacy laws.


What “Do not sell my data” means


Some U.S. privacy laws give consumers the right to opt out of the sale or sharing of their personal information.


The meaning of “sale” can be broader than a direct payment. In some laws, it may also include sharing personal information in exchange for other business value, such as advertising or analytics benefits.


Because requirements vary by state, merchants should review which laws apply to their store and customers.


States with data opt-out requirements


As of 2026, multiple U.S. states have privacy laws that may require qualifying businesses to provide a clear opt-out process for the sale, sharing, targeted advertising, profiling, or certain other uses of personal data.


State

Law / framework

Notes

California

CCPA / CPRA

Includes the “Do Not Sell or Share My Personal Information” requirement.

Colorado

CPA

Includes consumer opt-out rights.

Connecticut

CTDPA

Includes consumer opt-out rights.

Delaware

DPDPA

Includes consumer opt-out rights.

Florida

FDBR

Has a narrower scope than many other state privacy laws.

Indiana

Indiana Consumer Data Protection Act

Effective in 2026.

Iowa

ICDPA

Includes consumer privacy rights for qualifying businesses.

Kentucky

KCDPA

Effective in 2026.

Maryland

MODPA

Includes consumer privacy rights and data minimization requirements.

Minnesota

MCDPA

Includes consumer privacy rights for qualifying businesses.

Montana

MTCDPA

Includes opt-out rights for sale and certain processing activities.

Nebraska

NDPA

Includes opt-out rights for sale, targeted advertising, and profiling.

New Hampshire

NHPA

Includes opt-out rights for certain processing activities.

New Jersey

NJDPA

Includes consumer privacy rights for qualifying businesses.

Oregon

OCPA

Includes consumer privacy rights and opt-out requirements.

Rhode Island

RIDTPPA

Effective in 2026.

Tennessee

TDPA

Includes consumer privacy rights for qualifying businesses.

Texas

TDPSA

Includes opt-out rights for sale, targeted advertising, and profiling.

Utah

UCPA

Includes consumer opt-out rights.

Virginia

VCDPA

Includes opt-out rights for sale, targeted advertising, and profiling.


Note on Nevada and Maine


Nevada and Maine do not follow the same comprehensive state privacy framework as the states listed above, but they have targeted privacy laws that may still require certain businesses to provide opt-out options.


Merchants should review these requirements separately if they sell to visitors in those states.


When this page may be needed


A Do not sell my data page may be relevant if your store:


  • Sells to visitors in U.S. states with privacy opt-out rights
  • Uses advertising or tracking tools that may share personal data with third parties
  • Needs to provide visitors with an opt-out method
  • Uses Global Privacy Control (GPC) signals


This article is general product guidance and is not legal advice.



The opt-out link gives visitors a clear way to manage their data sale or sharing preference.


In Pandectes, you can configure this from the app settings by opening the Do not sell my data option.


The “Do not sell my data” page


The page displays the visitor’s current opt-out status and gives them an option to opt in or opt out, where applicable.


The opt-out action is shown only to visitors from supported regions where this privacy right applies.


For step-by-step instructions on how to create and add this page to your Shopify store, see the setup guide: How to setup the Do Not Sell My Data page


Global Privacy Control


Pandectes can also work with Global Privacy Control (GPC).


When the GPC integration is enabled, Pandectes can detect supported GPC signals and apply the opt-out behavior automatically based on your configuration.


Notes


  • The page should be easy for visitors to find, commonly from the footer menu.
  • Requirements vary by region and may change over time.
  • The opt-out page does not replace your privacy policy.
  • Review your advertising, analytics, and third-party apps to understand whether personal data may be sold or shared.
  • Consult a qualified privacy advisor if you are unsure which requirements apply to your store.

Updated on: 03/07/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!