Direct Dine Logo
EN SQ

CCPA & Do Not Sell My Data: What US Restaurants Must Know (2026)

CCPA gives California consumers the right to know, delete, and opt out of the sale of their data. Here is what triggers it for restaurants and how Do Not Sell works.

Direct Dine team 6 min read AI-assisted
Lexo në Shqip

CCPA is California's consumer-privacy law that gives California residents the right to know what personal data a business holds, to delete it, and to opt out of its sale or sharing — including a "Do Not Sell or Share My Personal Information" choice. This is not legal advice.

For restaurants the question is usually: does it even apply, and what counts as "selling" data?

Does CCPA apply to my restaurant?

CCPA generally applies to for-profit businesses that handle California residents' data and meet at least one threshold, commonly: over $25M in annual revenue, buying/selling/sharing the personal data of 100,000+ consumers or households, or earning 50%+ of revenue from selling personal data. Many single-location restaurants fall below these — but loyalty programs, large chains, and data-sharing ad setups can cross the line.

What does "Do Not Sell My Data" actually mean?

"Sale" under CCPA is broad: it can include sharing data with ad networks or marketing partners in exchange for value, not just cash. If you pass customer emails to a third-party ad platform, that may count. The required response is a clear "Do Not Sell or Share My Personal Information" link and an opt-out that you honor.

What rights do consumers get?

  • Right to know what data you collected and why.
  • Right to delete their personal data.
  • Right to opt out of sale or sharing.
  • Right to non-discrimination for exercising these rights.

How Direct Dine helps

Direct Dine ships data-subject-rights tooling: a do-not-sell flag, DSAR export, and erasure that scrubs identifiers while keeping anonymized financial records. Because direct ordering keeps the customer relationship in-house, you are not handing data to a marketplace in the first place. This is not legal advice.

When is CCPA NOT your main concern?

  • You are well under every revenue and volume threshold and do not sell or share data.
  • You only take anonymous cash orders with no personal data and no third-party ad sharing.

Even then, building privacy-respectful habits early is cheap insurance — thresholds and state laws keep expanding.

Keep reading

How to Write a Restaurant Refund Policy That Protects Margin (2026)

A good refund policy keeps the customer and the margin. Here is how partial refunds, clear rules, and idempotent processing protect your bottom line in 2026.

How to Reduce Chargebacks and Payment Disputes in Restaurants (2026)

Every chargeback costs you the sale, the food, and a $15–25 fee. Here is how clear descriptors, receipts, and evidence cut disputes — including friendly fraud.

Choosing a Payment Processor: Restaurant Fees Decoded (2026)

Interchange, percentage, fixed fees — payment pricing is built to confuse. Here is how to read it, compare Stripe vs PayPal, and find your true effective rate.

We value your privacy

We use analytics cookies to understand how visitors interact with our website. No personal data is collected. You can read our Privacy Policy for details.