How the do not sell my data feature works
Overview
This article explains what a Do not sell my data page is and how it works with Pandectes GDPR Compliance.
The page gives eligible visitors a way to opt out of the sale or sharing of personal data, where this right applies under relevant U.S. state privacy laws.
What “Do not sell my data” means
Some U.S. privacy laws give consumers the right to opt out of the sale or sharing of their personal information.
The meaning of “sale” can be broader than a direct payment. In some laws, it may also include sharing personal information in exchange for other business value, such as advertising or analytics benefits.
Because requirements vary by state, merchants should review which laws apply to their store and customers.
States with data opt-out requirements
As of 2026, multiple U.S. states have privacy laws that may require qualifying businesses to provide a clear opt-out process for the sale, sharing, targeted advertising, profiling, or certain other uses of personal data.
State | Law / framework | Notes |
|---|---|---|
California | CCPA / CPRA | Includes the “Do Not Sell or Share My Personal Information” requirement. |
Colorado | CPA | Includes consumer opt-out rights. |
Connecticut | CTDPA | Includes consumer opt-out rights. |
Delaware | DPDPA | Includes consumer opt-out rights. |
Florida | FDBR | Has a narrower scope than many other state privacy laws. |
Indiana | Indiana Consumer Data Protection Act | Effective in 2026. |
Iowa | ICDPA | Includes consumer privacy rights for qualifying businesses. |
Kentucky | KCDPA | Effective in 2026. |
Maryland | MODPA | Includes consumer privacy rights and data minimization requirements. |
Minnesota | MCDPA | Includes consumer privacy rights for qualifying businesses. |
Montana | MTCDPA | Includes opt-out rights for sale and certain processing activities. |
Nebraska | NDPA | Includes opt-out rights for sale, targeted advertising, and profiling. |
New Hampshire | NHPA | Includes opt-out rights for certain processing activities. |
New Jersey | NJDPA | Includes consumer privacy rights for qualifying businesses. |
Oregon | OCPA | Includes consumer privacy rights and opt-out requirements. |
Rhode Island | RIDTPPA | Effective in 2026. |
Tennessee | TDPA | Includes consumer privacy rights for qualifying businesses. |
Texas | TDPSA | Includes opt-out rights for sale, targeted advertising, and profiling. |
Utah | UCPA | Includes consumer opt-out rights. |
Virginia | VCDPA | Includes opt-out rights for sale, targeted advertising, and profiling. |
Note on Nevada and Maine
Nevada and Maine do not follow the same comprehensive state privacy framework as the states listed above, but they have targeted privacy laws that may still require certain businesses to provide opt-out options.
Merchants should review these requirements separately if they sell to visitors in those states.
When this page may be needed
A Do not sell my data page may be relevant if your store:
- Sells to visitors in U.S. states with privacy opt-out rights
- Uses advertising or tracking tools that may share personal data with third parties
- Needs to provide visitors with an opt-out method
- Uses Global Privacy Control (GPC) signals
This article is general product guidance and is not legal advice.
The “Do not sell my data” notice and link
The opt-out link gives visitors a clear way to manage their data sale or sharing preference.
In Pandectes, you can configure this from the app settings by opening the Do not sell my data option.

The “Do not sell my data” page
The page displays the visitor’s current opt-out status and gives them an option to opt in or opt out, where applicable.
The opt-out action is shown only to visitors from supported regions where this privacy right applies.
For step-by-step instructions on how to create and add this page to your Shopify store, see the setup guide: How to setup the Do Not Sell My Data page
Global Privacy Control
Pandectes can also work with Global Privacy Control (GPC).
When the GPC integration is enabled, Pandectes can detect supported GPC signals and apply the opt-out behavior automatically based on your configuration.
Notes
- The page should be easy for visitors to find, commonly from the footer menu.
- Requirements vary by region and may change over time.
- The opt-out page does not replace your privacy policy.
- Review your advertising, analytics, and third-party apps to understand whether personal data may be sold or shared.
- Consult a qualified privacy advisor if you are unsure which requirements apply to your store.
Updated on: 03/07/2026
Thank you!
