When a new company is reviewed, the attorney in charge of that review is tasked with identifying all relevant compliant documents that the company publishes.
Each vendor and product is reviewed on a case-by-case basis, evaluating which documents (if any) the vendor publishes.
Since 2004, CalOPPA has required commercial websites and online services to serve a privacy notice with its privacy practices. California is such a large market that almost every business/online service is in scope, so if there's a vendor without at least a privacy notice, it deserves strong due diligence.