American privacy law runs backwards from the rest of the world’s.
Your tracking should know the difference.
Most tracking tools are built to a “global” standard, which in practice means a European one. The United States doesn’t run on the European model. We run on the opposite default. CleanClicks is engineered for the rules American websites actually operate under, not a worldwide average that fits no one.
Opt-in and opt-out aren’t a setting. They’re opposite starting points.
Europe’s GDPR is an opt-in regime. Nothing tracks until a visitor affirmatively says yes. The default is off: consent first, data second.
United States privacy law works the other way. Under California’s CCPA/CPRA and the laws modeled on it, a business may collect and use data by default, with clear notice, and the consumer holds an enforceable right to opt out, to say “don’t sell or share my information,” including through an automated Global Privacy Control signal you are required to honor. The default is on, with a real and enforceable exit.
That single difference, off-by-default versus on-with-the-right-to-leave, shapes everything downstream: how a tracker should behave on a first visit, what it does when no choice has been made, and which signals it may send to ad platforms. A tool built around the European default makes the wrong assumption the moment it loads on a US audience. It either suppresses data you are legally permitted to collect, or it bolts US logic on as an afterthought. Neither is the same as being built for the rules you live under. For the mechanics of how CleanClicks captures and filters data, see how it works under the hood.

Two regimes, examined honestly
Same goal, opposite defaults. The architecture a tool inherits from its home jurisdiction decides what it does on your traffic.
Default State
Off until the visitor consents. No collection happens unless and until someone clicks “accept.” Silence means stop.
On, with notice and a standing right to opt out. Collection is permitted by default once notice is given; the consumer can withdraw at any time, and you must honor it.
Legal Basis
Affirmative, freely given consent before processing, the consent-first model at the center of the GDPR.
Notice plus a consumer right to opt out of the sale or sharing of personal information, the structure shared by California’s CCPA/CPRA and the state laws that followed it.
When No Choice Is Made
Treat it as no consent. Collect nothing until the visitor acts. The burden sits on the business to earn a yes.
Collection is permitted, and an opt-out is honored the instant it arrives, including an automated Global Privacy Control signal sent by the browser. The burden sits on the tool to listen.
Who It’s Built For
The EU and EEA, the UK, and other consent-first jurisdictions. A tool tuned here assumes off-by-default everywhere.
US businesses serving a US audience. CleanClicks assumes the American default and honors the American exit.

There’s no single American privacy law. There are twenty, and counting.
The United States has no comprehensive federal privacy statute. Instead it has a fast-growing patchwork of state laws. California led in 2018 with the CCPA, strengthened by the CPRA. Virginia, Colorado, Connecticut, and Utah followed. As of 2026, roughly twenty states have comprehensive consumer privacy laws in effect, with more arriving on staggered dates.
They share a backbone, notice plus a consumer right to opt out, but they differ in their thresholds, definitions, and enforcement. A tool designed for one worldwide standard flattens that landscape into the lowest common denominator that fits none of them precisely. A tool built for the American market is tuned to the structure all of these laws share: opt-out, honor the signal, respect the right to leave.
That patchwork is only getting denser. Building for it isn’t a feature we bolted on for one state. It’s the assumption the whole product starts from.
Built in America, for American business.
CleanClicks is an American company. We build for American businesses and the customers they serve. We didn’t design for a global average and trim it down to fit; we started from the rules that govern websites here and built outward from those.
That isn’t a slogan. It’s the reason the product behaves the way it does. When the rules you operate under are the rules the tool was made for, you stop fighting your own software, and you stop paying a quiet tax for measurement designed around someone else’s laws.


What “built for US rules” actually does
US-first by default. Every new configuration ships with a United States geographic allowlist out of the box. You serve the United States; the tool assumes it, and filters traffic from outside it.
Opt-out is honored at the server. Global Privacy Control and CCPA/CPRA “do not sell or share” signals are detected and enforced server-side, not left to a browser script that an ad blocker can strip away.
When a visitor opts out, the ad platforms get nothing. No advertising signal goes to Meta, TikTok, LinkedIn, or Microsoft. Google receives only privacy-preserving, identifier-free Consent Mode signals.
Your own analytics keeps running. Opting out of cross-context advertising doesn’t blind you to your own first-party measurement. The data you’re entitled to is still yours.
Measurement, not a gate. All the traffic you receive still reaches your website. CleanClicks lives in the measurement path, never between a visitor and your pages. What we filter is your data, deciding what gets counted and what’s sent to your ad platforms, not whether your site loads.
If your site serves the USA, it should be tracked by something built for the USA.
American rules, American defaults, no global compromise.
