How to Honor "Do Not Sell My Personal Information" Requests with Ours Privacy
Nov 12, 2025
Tyler Zey
Supporting "Do Not Sell My Personal Information" requests are a common privacy requirement. Visitors can opt out of having their personal information sold or shared, and you need a way to honor that choice across your entire data pipeline.
The challenge: When a visitor opts out, it's not enough to just show a form. You need to pass that opt-out status through your entire data pipeline so platforms like Google Ads and Facebook know not to use that visitor's data for personalized advertising.
This guide shows you how to implement a complete "Do Not Sell My Personal Information" flow using Ours Privacy's CDP, from capturing the opt-out request to configuring destination-specific settings.
Important Disclaimer: This guide demonstrates how you can configure Ours Privacy and is for example purposes only. It is not legal advice and does not constitute a recommendation for how you should configure your privacy setup. Regulatory requirements vary by jurisdiction and may change over time. Always consult your own legal counsel and privacy officers when determining compliance strategies for your organization.
Understanding "Do Not Sell My Personal Information"
"Do Not Sell My Personal Information" is a privacy right that allows consumers to opt out of the sale or sharing of their personal information. When a consumer exercises this right, businesses typically need to stop selling or sharing that consumer's data with third parties, unless the consumer later authorizes them to do so again.
This requirement often comes up in the context of California privacy laws. The California Consumer Privacy Act (CCPA), enacted in 2018 and effective January 1, 2020, gives California residents the right to opt out of the sale of their personal information. The California Privacy Rights Act (CPRA), approved by voters in November 2020, amended and expanded the CCPA with additional protections that began on January 1, 2023.
Under these laws, businesses typically need to provide a clear and conspicuous link titled "Do Not Sell My Personal Information" on their websites, allowing consumers to easily opt out. For more details on CCPA requirements, see the California Attorney General's official CCPA page. For implementation guidance, Osano's article on DNSMPI provides additional context.
The technical challenge: If you need to support this, you need a way to capture opt-out requests, store that preference on the visitor's profile, and ensure that every platform receiving data from your CDP knows to respect that choice. This requires coordination between your UI, your CDP, and your destination platforms.
How Ours Privacy Supports This
Ours Privacy's CDP solves this by letting you:
Store opt-out status as a custom property on the visitor profile
Pass that status through to destinations like Google Ads and Facebook
Configure custom mappers that set platform-specific properties based on the visitor's opt-out choice
When a visitor opts out, you send an identify or track event with their consent status. The CDP stores this on their profile, and custom mappers can then read that property and set the appropriate flags (like Is Limited Data Usage for Facebook or Consent Ad User Data or Consent Ad Personalization for Google Ads) before sending data to those platforms.
This approach gives you a single source of truth for consent status that flows through your entire data pipeline.
Step 1: Set Up the Opt-Out UI
First, you need a way for visitors to submit their "Do Not Sell My Personal Information" request. This can be:
A standalone form on your website (like a dedicated "Do Not Sell" page)
A section within your CMP (Consent Management Platform)
Any other UI mechanism that your legal team approves
The Ours Privacy CMP can handle this—you can add a "Do Not Sell My Personal Information" option to your consent preferences modal. Or, you can add it through a form accessible in your footer.
If you are using the Ours Privacy Consent Manager (CMP), you can setup a category to handle this.
As an example, here is the UI Disney uses from the footer of their website.
Step 2: Send Consent Status via Identify or Track Event
After a visitor interacts with your UI, you need to record that choice on their visitor profile. Send an identify or track event with their consent status using custom properties.
Client-Side Implementation
If you're capturing the opt-out on the frontend, use the Web SDK:
What this does:
Stores the opt-out status on the visitor profile
Includes metadata about when and how the opt-out was submitted
Makes this data available for custom mappers to read
Step 3: Configure Custom Mappers for Facebook and Google Ads
Custom mappers let you modify the data sent to destinations based on visitor properties. For "Do Not Sell" requests, you'll configure mappers that set platform-specific properties telling Facebook and Google Ads not to use the visitor's data for personalized advertising.
Facebook Destination Mapper
For Facebook, set the Is Limited Data Usage property to true when a visitor has opted out.
This tells Facebook's Conversions API to process the data with limited data usage, which means Facebook won't use it for personalized advertising or audience building.
Alternatively, you could have Ours Privacy just stop the dispatch and send no data over. It really depends on your setup.
Wrapping Up
The key concept is that custom properties give you a single source of truth for consent status, and custom mappers let you translate that status into the specific properties each destination platform needs.
This approach works for any consent requirement—whether it's "Do Not Sell" requests, HIPAA authorization, regional compliance, or user preferences. You store the status once, and custom mappers handle the platform-specific translation.
Always verify your implementation works as expected by testing with real opt-out requests and confirming that the platform-specific properties are being set correctly in your destination platforms.
