Privacy rules across the United States are evolving rapidly. California’s Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) remain the most widely recognized frameworks, and we provide a dedicated guide to help you prepare for CCPA/CPRA.
Beyond California, more than 20 U.S. states now have (or soon will have) obligations related to user consent, privacy notices, and individual rights requests (access, correction, deletion, opt-out). Examples include:
Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
Utah Consumer Privacy Act (UCPA)
Florida Digital Bill of Rights (FDBR)
Delaware Personal Data Privacy Act (DPDPA)
Indiana Consumer Data Protection Act (ICDPA)
Iowa Consumer Data Protection Act
Kentucky Consumer Data Protection Act (KCDPA)
Maryland Online Data Privacy Act (MODPA)
Minnesota Consumer Data Privacy Act (MNCDPA)
Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas
While details vary, the goal is the same: give people more control over their data and require clear, transparent practices.
Why it matters
If you chat with customers across U.S. states, you’ll likely need to:
Provide a clear privacy notice before collecting personal data.
Obtain consent in certain circumstances, particularly for sensitive information.
Respond to requests from individuals who wish to access, correct, delete, and opt out of targeted ads/sales/sharing.
Ensure that conversations are handled securely and that the responsible handling of conversations and logs is ensured.
In addition, some states are opt-out (process until the user objects); others require opt-in. Many add extra protections for children’s data or introduce stricter regulations (e.g., Maryland’s strong data minimization rule; Florida’s FDBR with its own scope).
By enabling privacy features such as Privacy note in your website widget, you can better align with these evolving state-level requirements and demonstrate your commitment to compliance across multiple jurisdictions.
How to stay compliant
You do not need to overhaul your entire business model to address state privacy requirements. Implementing a few core practices will help ensure that your chat interactions align with evolving regulations:
Provide a Clear Privacy Note: Explain what data you collect (e.g., name, email address, or chat content) and why it is collected (for example, customer support or troubleshooting). Link your Privacy Policy for those who wish to review the details.
Obtain Consent When Required: When opt-in is required, make sure your Privacy note clearly states how customer information will be used. Make it clear that by continuing with the chat, the customer agrees to the use of their information in this manner.
Support Customer Rights: Establish processes for requesting access, deletion, correction, or opting out of data sharing, depending on the applicable state law.
Apply Security Measures: Implement appropriate technical and organizational safeguards to protect customer data against unauthorized access, loss, or misuse.
Assess Applicability and Keep It Proportional: Keep in mind that some state laws apply only to businesses above certain thresholds (revenue, the volume of data processed, or business model). Confirm which frameworks apply to your organization and tailor the above accordingly.
The information provided here is not meant to be construed as legal advice. It is always recommended to seek guidance from a legal advisor to ensure compliance with your local applicable regulations. Therefore, we advise consulting with qualified legal counsel regarding your particular business and data processing circumstances.
Handling customer data in your website widget
If your website widget is used for transactions (for example, on an ecommerce site), this information can be incorporated into the agreement between you and your customer. If you use the widget for support or general inquiries, you should still notify customers that their data (such as name, email, or chat content) will be collected and processed.
In addition, make sure your Privacy note addresses whether third-party providers (such as analytics or chat service platforms) are involved in handling customer data.
Note that you have to make sure that the agreement and/or the consent will match your business agenda, based on what data you are processing, for what purpose, or for how long you keep them.
Below, we will provide you with step-by-step instructions on how to do so using our Privacy note.
The Privacy note is not enabled by default and contains no pre-filled text. You can customize and enable it yourself to meet your organization’s compliance requirements.
How to enable the Privacy note
1. In Text App, go to Settings → Channels → Website widgets.
2. Click the three dots icon next to your website.
3. Select Customize.
4. You’ll be redirected to the on-site configurator with a live preview of your widget.
5. Go to Language → Privacy policy to set and enable your privacy note.
6. Add your Privacy note.
7. (Optional) Add a link to your full Privacy Policy or Data Processing Agreement (DPA).
8. Click Save changes.
You can adjust the tone and formality of your privacy note to fit your brand voice.
Privacy note examples
If you’d like to get a better idea of what the data processing acknowledgement should look like, we prepared a few examples of Privacy notes that you can use.
Note that the data protection acknowledgements provided are to be considered as general examples and are not legal advice. Keep in mind that you’ll need to adapt these examples to fit your unique business and legal requirements each time.
[Business notice]
I understand/acknowledge that the business handling my personal information is [your company name] with its registered office in [your business address]. I understand/acknowledge that my personal information shall be processed and transmitted in accordance with the [applicable U.S. privacy and communication laws].
[Data processing acknowledgment, purpose, retention period, revocation]
I agree for my personal information, provided via chat, to be processed by [your company name] for the purposes of providing support via chat. I agree for my personal information to be processed for the time [e.g., needed to carry out the service]. I understand that this acknowledgment may be revoked by sending an email at: [your business email/your data protection officer’s email].
Understanding your consumers’ privacy rights
Across the U.S., privacy laws are giving consumers more control over their personal information. While the details differ by state, many frameworks (like those in California, Virginia, Colorado, Connecticut, Utah, and others) grant individuals similar rights when interacting with businesses online.
Here are some of the common rights you should be prepared to honor:
Right to Know/Access: Consumers have the right to request that businesses disclose the personal information they collect, use, share, or sell about them. They can also request details about specific pieces of personal information, categories of sources, business purposes for collecting or selling, and categories of third parties with whom the business shares personal information.
Right to Delete: Consumers can ask businesses to delete the personal information they have collected from them, with certain exceptions.
Right to Opt-Out: Consumers have the right to direct businesses not to sell their personal information. This is often referred to as the right to “opt-out” of the sale of personal information.
Right to Correct: Some laws (like California’s CPRA and Connecticut’s CTDPA) give consumers the ability to correct inaccurate personal data.
Rights Around Sensitive Data: In some states, businesses need explicit opt-in consent before collecting or using sensitive categories of personal information.
For businesses, the key is to have clear processes in place to receive, verify, and respond to these requests within the timelines set by law (often around 45 days).
How to give your customers easy access
With Text App, you already have simple tools to help support these rights:
Access: You can provide customers with transcripts of their chat conversations or tickets upon request.
Deletion: You can remove conversations or tickets from your records if a customer requests that their personal information be deleted.
Transparency: Through Privacy note, you can explain upfront what rights your customers have and how they can exercise them.
By making these options clear and easy to use, you’ll not only stay aligned with state privacy requirements but also build greater trust with your customers.
Copy of chat transcripts
If you want to provide your customers with a transcript of a conversation they’ve requested, follow the steps below.
1. Go to the Archive section in your Text App.
2. Choose the requested chat from the list.
3. Click Send transcript under the More menu in the top-right corner of the conversation.
4. A modal will appear asking for an email address. Enter your customer’s email and click Send transcript to proceed.
We will now send the transcript of the conversation to the provided email address.
But that’s not all — the same rule applies to you. If you would like to retrieve your chat history with our support team, simply email us at support@text.com and request the data we have collected about you in Text App.
Please make sure to send the information retrieval request from the email address you use to log in to Text App. We will send a verification code to the email address associated with your Text App account, and will send over the information after receiving the code back from you.
Copy of tickets
When it comes to tickets, each one is automatically forwarded to your customer’s email whenever an agent replies to their query. However, if a customer asks you to resend a ticket, you can easily do so from the Tickets section of your Text App.
1. Go to the Tickets section and find the ticket in question.
2. Click on the ticket to open it.
3. To resend the ticket, simply write a new message and click Send. All messages within the ticket will be resent to the customer.
If you need to send the ticket to another email address, click Add recipients. Enter the new email address in the modal and click Save. After that, write a new message and click Send. The full ticket history will also be sent to the new address.
The right to be forgotten
Under privacy laws such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and a growing number of state frameworks (including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and others), consumers have the right to request the deletion of their personal information.
You, as a business owner, may decline a request to delete a customer’s personal information upon receiving such a request for the following reasons:
if it is necessary for the business;
or if your service provider needs personal information under certain conditions.
However, if you ever face such a request and you have no reason to decline, we have prepared an internal procedure that allows you to remove the requested conversation or a ticket from your Text App license. Moreover, we’ll take care of the hard part for you.
What does the procedure look like?
All you need to do is provide us with a chat or ticket ID (you can find it on the right side of the transcript in the application) or, if it’s multiple documents, tag the chats or tickets you would like us to remove. You can create a separate tag and name it 'Delete' so that you can use it only when such a request arises.
Not using tags in Text App yet, or unsure how to create one? Click here to learn more.
After tagging a conversation or ticket, please send us an email at support@text.com requesting that we remove all transcripts and/or tickets marked with the specified tag.
Please make sure to send the deletion request from the email address of an Owner or Admin of your account. We will send a verification code to the email address associated with your account and will delete the transcripts and/or tickets as soon as we get the code back from you.
After receiving an email, we will remove all of the requested data as soon as possible. Also, after fulfilling your request, one of our Support Heroes will send you an email confirmation to notify you that the process has been completed.
Questions?
If you have any questions about this article, feel free to start a chat with one of our Support Heroes. They are available 24/7 and always ready to provide additional information on adjusting your Text App license.