Answer a short questionnaire about your site's pixels, session-replay tools, chat widget, consent banner, and California traffic. I will estimate your pixel, session-replay, and wiretapping litigation exposure and explain why, tied to the current 2025-2026 litigation trend.
These letters are going out in volume and many set a short deadline. I review the letter and your actual exposure, then map your realistic response options. Do not ignore it and do not overpay.
Demand-defense review. Flat-fee drafting / response work is $575; I confirm scope before any work.If your site fires pixels, session-replay, or a third-party chat widget to California visitors, that is the profile these claims target. I review your tracking, consent flow, and disclosures and tell you where the exposure is.
$240 written evaluation, or $575 if it involves drafting a compliant privacy policy or consent flow.The estimate combines the factors that current CIPA, pixel, session-replay, and wiretapping cases actually turn on. The two dominant theories are CIPA Section 631 (wiretapping and eavesdropping, applied to session-replay tools and third-party chat widgets that capture visitor interaction in real time) and CIPA Section 638.51 (pen register and trap-and-trace, applied to advertising and analytics pixels that capture IP address, URL, referrer, and device or session identifiers). The remedy under Cal. Penal Code Section 637.2 is the greater of $5,000 per violation or three times actual damages, with no requirement to prove real harm, which is the engine behind the volume of filings and demand letters.
Landscape summary sources are below in the FAQ and reflect the position as of June 2026. The law here is genuinely split: federal district courts have more often allowed pen-register pixel theories to proceed while California state trial courts have more often rejected them, and a proposed CIPA business exemption (SB 690) stalled in the Legislature, so no near-term relief is assured. None of this is a prediction; the actual exposure of any specific site depends on facts this tool does not capture.
CIPA is the California Invasion of Privacy Act. Since 2024 a large wave of lawsuits and demand letters has argued that common website tracking technology violates two CIPA sections: Section 631 (wiretapping and eavesdropping, applied to session-replay tools and chat widgets that capture visitor interaction in real time) and Section 638.51 (pen register and trap-and-trace, applied to advertising and analytics pixels that capture IP address, URL, referrer, and device or session identifiers). The remedy under Cal. Penal Code Section 637.2 is the greater of $5,000 per violation or three times actual damages, with no requirement to prove real harm, which is why these claims are filed and demanded in volume.
A relatively small group of plaintiff-side firms and serial litigants run automated scans of websites and send boilerplate demand letters, often calibrated to settle for less than it would cost a business to defend. Any business running a California-facing website with Meta Pixel, Google Analytics, TikTok pixel, session-replay, or a third-party chat widget can be targeted. Reported high-activity verticals include healthcare and hospitals, media and publishers, tax preparation, retail and e-commerce, and financial institutions. This calculator does not predict whether you will be targeted; it indicates how closely your site matches the current targeting profile.
No, and that is important. The case law is genuinely split. Federal district courts have more often allowed the pen-register pixel theory to survive a motion to dismiss, while California state trial courts have more often rejected it. The Ninth Circuit has sent mixed signals on the Section 631 wiretap theory. A proposed CIPA business exemption, SB 690, passed the California Senate in June 2025 but stalled in the Assembly as a two-year bill, so no near-term statutory relief is assured and existing cases are unaffected. Because the law is unsettled, this tool is a risk indicator only, never a prediction of any outcome.
No. It is an automated risk indicator based only on the inputs you provide. It estimates how closely your described setup matches the fact patterns driving current CIPA, pixel, session-replay, and wiretapping litigation. It is not legal advice, not a prediction of any outcome, and does not create an attorney-client relationship.
Do not ignore it, and do not assume you must pay the number demanded. Many of these letters set a short deadline. Preserve the letter and note the date you received it. A response plan typically starts with confirming what your site actually fires and when, assessing the specific theory the letter relies on against the current split in the case law, and mapping your realistic options before responding. You can start a request through the intake on this page to have the letter and your exposure reviewed.
Related: Terms and privacy scanners, the demand-letter ROI calculator, and all calculators.