California is the only state that has active data privacy laws. Although, I don't think there's any financial transactions, it's just public data scraping. I wonder if the company can even be held liable for the output of these LLMs. There's no direct hosting of any static data.