How to remove yourself from data broker sites and protect your privacy

Data brokers make their money by collecting personal information about consumers and reselling it. That information can be funneled into public people search sites, sold to advertisers, shared with insurers, or used by other third parties.

This kind of data exposure poses risks to your privacy, including unwanted calls, spam, targeted scams, and increased exposure to identity theft.

If you’re concerned about this, the good news is that you can take action. This guide will show you how to request that data brokers stop selling or sharing your information and start an online data cleanup.

Please note: This information is for general educational purposes and not financial or legal advice.

What are data brokers, and how do they get your info?

Data brokers are businesses that specialize in collecting personal information about consumers, which they then sell or license to other companies for marketing, verification, and other purposes.

Some specialize in people-search services, making personal profiles publicly available. Others focus on financial data for lenders or risk-mitigation tools to help businesses verify identities and prevent fraud. A major share of the industry comes from marketing and advertising brokers, who analyze online behavior to create profiles used for targeted ads.

To build these detailed profiles, data brokers collect information from various sources:

• Public records: Property deeds, court filings, voter registrations, and marriage and divorce certificates.
• Commercial data: Loyalty programs, online shopping accounts, subscriptions, or app permissions. Companies you interact with may sell or share aggregated data with brokers, rather than brokers directly pulling it from your accounts.
• Online activity: Cookies, IP addresses, browsing history, and social media accounts. Brokers generally gather this data through tracking technologies or from third-party data providers.

These are stitched together into a profile that can include your age, income range, employment, family members, and even interests.

Because brokers pull data from so many places, your information can surface online even if you share very little yourself. This means that personal data removal is an ongoing process rather than a one-off task. You’re not just asking a single company to delete your details; you’re asking dozens of businesses and confirming when they’ve done so.

Step-by-step data broker removal guide

Now you know how brokers get your data; the next step is to start taking it down.

Manual removal is possible, but it’s a long, tedious process. Each broker has its own opt-out procedure, which often involves filling out forms, providing identification, and checking back later to confirm the request went through. Because your data can reappear when brokers refresh their databases, you may find yourself repeating the process again and again. Even then, there’s sometimes no guarantee every broker will honor or fully process your request.

Automated services take this burden off your shoulders. They handle the opt-outs for you, monitor for reappearances, and repeat removals as needed. While no method can erase your data everywhere, automation makes the process faster, more consistent, and generally more effective than going it alone.

If you choose to do it manually, here’s how to approach it.

1. Prepare a dedicated email and ID documents

You’ll need to communicate with multiple brokers. Some will require email verification to process your removal request, while others may ask for your ID to prove the record belongs to you. Don’t use your primary email: set up a dedicated address just for opt-outs. That way, you avoid linking your main inbox to dozens of broker databases.

2. Locate your broker profiles and confirm matches

Next, you need to locate the records you want to remove. If you’re in the U.S., you can start with ExpressVPN’s free tool for finding your exposed data. It scans many of the most common data broker sites and shows you where your personal details are listed.

If you prefer to search manually, a good starting point is to search for your “full name” (in quotation marks for exact search results) and “city” in Google, e.g., “John Smith” “Kansas.” This will lead you to results that include these details.

After running a search, identify which profiles are actually yours. Go through the results and click on each link that appears to be about you. A people search site will typically show a free preview of the data it holds, such as your name, age, past cities, and a list of relatives. Use this preview information to confirm whether the record belongs to you. Copy each relevant profile URL into a spreadsheet or document.

Note that profiles can be duplicated or slightly altered across sites, so it’s easy to miss some.

3. Submit manual opt-out requests

Each broker has its own process. Most place their opt-out forms in the footer of their sites under headings like “Privacy” or “Do Not Sell.”

You’ll usually need to:

• Provide the profile URL.
• Complete identity verification via email, phone, or ID upload.
• Confirm the opt-out request.

Because these processes differ, manual removal requires careful attention to each site. Missing a step or submitting incorrect information can delay or nullify your request.

4. Track deadlines (30–45 days)

Most privacy laws give companies 30–45 days to process your request. For example, in California, the California Consumer Privacy Act (CCPA) requires businesses to respond within 45 days. In the EU, the General Data Protection Regulation (GDPR) sets similar requirements.

Keep a spreadsheet where you log each broker, the profile link, the date you submitted, and the deadline for a response. If you don’t hear back within the timeframe, send a follow-up reminding them of your legal rights. If they ignore you, you’ll have a clear record to escalate the complaint.

5. Verify removals and resubmit if needed

Once the deadline passes, search again to confirm your profile is gone. Take screenshots for your records. In some cases, the listing may reappear when brokers refresh their databases. If it does, resubmit your request. It’s common to go through two or three rounds before your data stays down.

Automate your data broker removal process

Manual requests work, but they take time. If you have dozens of profiles across multiple sites, you might spend hours (if not days) filling forms, clicking email links, and keeping records. That’s where automation comes in. Instead of doing everything yourself, you can use services that submit requests on your behalf and keep monitoring for new listings.

While some cases may still require personal attention, automation handles the repetitive tasks and keeps your data removal process consistent and ongoing, saving you significant time and effort.

Automated data removal service costs and benefits

Several companies offer automated data broker removal, with costs varying depending on the service and coverage. ExpressVPN’s Data Removal is available to ExpressVPN users in the U.S. on the Pro tier.

Rather than leaving you to manage the process, it works on your behalf by:

• Scanning hundreds of data broker and people search sites to find where your personal information is exposed.
• Automatically submitting opt-out and removal requests to the sites where your data is found.
• Monitoring regularly and restarting the removal process if your data reappears.

Most standalone data broker removal services range from 5 USD to 25 USD per month for one person, often with higher prices for families. ExpressVPN’s Pro tier for U.S. users includes Data Removal alongside ID Alerts, ID Theft Insurance*, credit monitoring, a VPN, and a password manager. This offers a more cost-effective alternative to subscribing to separate services.

When an automated data removal service makes the most sense

Paying for automation makes the most sense if:

• You don’t have the time to submit and track dozens of individual requests.
• You share a common name that leads to hundreds of unrelated search results.
• You’re managing data for a family, not just yourself.
• You’ve seen your data relisted multiple times and want a system that keeps scanning.

In other words, if you’re overwhelmed by the scale or simply don’t want to spend hours every few months chasing listings, automated services like ExpressVPN’s Data Removal are worth using.

Data removal tasks you may need to complete manually

Automated services might not cover every aspect of the data removal process. Some brokers require additional verification, such as a phone call or uploading an ID, and won’t accept requests from a third party. Others hide their removal processes in ways that some automated tools can’t handle.

That means you’ll still need to step in for:

• Brokers that require government ID uploads.
• Sites that only confirm via email or SMS.
• Regional or niche brokers not included in large removal databases.

Automation takes care of the bulk, but it’s best to combine automated scanning with targeted manual requests to get full coverage.

Protect your privacy with ExpressVPN Identity Defender

ExpressVPN Identity Defender, which is included in select tiers for U.S. users, provides a well-rounded privacy toolkit, combining data broker removal with identity monitoring, credit monitoring, insurance*, and our trusted VPN protection.

Here’s how it fits into your privacy strategy.

1. Automatically remove your data from broker sites

ExpressVPN’s Data Removal constantly scans people search sites and broker databases. When it finds your details, it files opt-out requests on your behalf. Instead of handling many different websites manually, you let the system submit, track, and repeat when needed.

2. Get real-time alerts

While data broker removal cleans up your public-facing data, ExpressVPN’s ID Alerts keep watch for signs of identity theft and notify you if your information is compromised.

You’ll get real-time alerts for:

• Scans of the dark web that find your personal information.
• New activity linked to your Social Security number (SSN), such as credit applications.
• Unauthorized attempts to redirect your mail through official change-of-address databases.

These alerts give you an early warning about potential fraud, allowing you to take action before a problem escalates.

3. Monitor your credit and personal data in one app

Identity Defender doesn’t stop at people search sites. Its Credit Scanner tool monitors your credit activity, helping you act quickly if something suspicious comes up.

4. Financial protection with ID Theft Insurance

If your information ends up in the wrong hands, it could be used to commit identity theft. That’s why Identity Defender provides another layer of protection: ID Theft Insurance*. If your identity is stolen, this policy can cover eligible costs associated with resolving it.

5. Added protection with a VPN and other tools

Using a VPN like ExpressVPN hides your IP address and encrypts your internet traffic, helping protect your online activity from being tracked. ExpressVPN also includes Threat Manager, which helps limit trackers to reduce the amount of fresh data that brokers can collect in the first place.

Common challenges during data broker removal

Even with a plan, removing your information from data brokers can present obstacles. Some brokers respond promptly and process requests efficiently, while others may require multiple steps, delay responses, or re-list your data after a few months. Understanding these potential challenges can help you approach the process more effectively.

Brokers that require sensitive ID documents and how to protect your privacy

Some data brokers ask you to upload a government ID to confirm that the profile you want to remove belongs to you. This creates an obvious problem: you want to protect your data, not give away more of it.

If a site insists on ID, you don’t need to send a full, unedited copy. Instead, you can:

• Black out or blur sensitive information like your photo, date of birth, and document number.
• Leave only your name and address visible, since that is usually what they need to match the record.
• Add a watermark that says “For data removal only” so the document can’t be reused elsewhere.

This way, you provide just enough information to satisfy their requirement without giving away more data than is needed.

Incomplete or ignored removal requests and what to do next

In some cases, you might follow every step and find the broker does nothing. That’s where your record-keeping comes in. If you tracked the date of your request and the legal deadline, you have the evidence to escalate.

When following up, it’s best to reference your original request, include the submission date, and state that you expect confirmation within the required timeframe. If the broker doesn’t respond, it’s also possible to file a request under your state’s privacy laws or report them to the relevant regulatory body.

Data listings that reappear after removal and how to prevent them

One of the most frustrating parts of the removal process is seeing your profile disappear and then reappear months later. Brokers often refresh their databases from the same public and commercial sources, which means your details can resurface.

The key is persistence. Regularly check the main people search sites, either manually or with an automated service. Setting a recurring reminder every few months helps you catch new listings early, making it easier to remove them before they spread. Automated services are particularly useful here, as they continuously monitor your information and submit removal requests without you having to start over each time.

Privacy laws relating to data removal

The U.S. doesn’t have a comprehensive federal law covering the entire data broker industry. The Fair Credit Reporting Act (FCRA) is a federal law for consumer reporting agencies that provide credit, employment, or insurance-related data. It allows individuals to dispute inaccurate reports, offering a limited way to control personal information that affects credit or employment. It generally does not cover marketing-focused data brokers.

State-level laws have also emerged to give you control over your personal data. These state laws generally fall into two categories:

Specific data broker registration laws

A handful of states, including Vermont, California, Texas, and Oregon, have passed laws that directly target the data broker industry. These regulations require data brokers to register with a state agency, creating a public list of the companies that collect and sell data.

This transparency is a crucial first step, as it allows you to see exactly which companies are operating and how to contact them.

Comprehensive consumer privacy acts

A broader group of states, including California (CCPA/CPRA), Virginia, Colorado, and Connecticut, have enacted general privacy laws. These acts give you powerful rights, most importantly the right to delete your personal information and the right to opt out of its sale. Data brokers are subject to these laws, giving you a legal basis to demand the removal of your data.

While these efforts provide essential tools for consumers, they’re not a complete solution to the widespread collection and sale of personal data. Below, we’ll look at how you can use the most significant of these laws to your advantage.

How to use the CCPA and CPRA to request data deletion and stop sales

In California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the right to tell companies to stop selling or sharing your personal information. You can also request that they delete the information they already hold.

When you file a request under these laws, companies have 45 days to respond. They can extend the deadline once for an additional 45 days, but only if they notify you within the original deadline. If they fail to comply, you can file a complaint with the California Privacy Protection Agency (CPPA) or the Attorney General’s office.

To make things easier, California maintains a public registry of licensed data brokers. The registry lists contact details for each broker, which makes it a good starting point for removals.

How to file a GDPR erasure request and challenge data use

If you’re in the European Union, the GDPR gives you the “right to erasure” under Article 17. This means you can demand that a company delete your personal data if there is no valid reason for them to keep it.

To make a data broker opt-out request under GDPR, include:

• The URL of the profile or the data you want removed.
• A reference to Article 17 of the GDPR.
• A clear statement that you withdraw any consent for processing.

Companies must respond within one month. They can only refuse if they have a strong legal justification, such as compliance with another law. If they don’t respond or reject without reason, you can escalate the issue to your national Data Protection Authority.

Where to find and use official state data broker registries

California, Vermont, Texas, and Oregon regulate data brokers and maintain registries that list active brokers and their business models:

• California registry
• Vermont registry
• Texas registry
• Oregon registry

By checking these registries, you can identify companies that might hold your information and use the official contact points to file your requests.

How to report non-compliant data brokers to privacy regulators

If a data broker fails to respond to your requests for data removal, you can report the issue to the relevant authorities. The correct channel depends on where you live.

The recourse available in the U.S. depends on your state's laws. A growing number of states have specific privacy laws. In these states, your first and most effective step is to file a complaint with the body designated in the Act, which is typically your State Attorney General or a dedicated enforcement agency, like the CPPA in California or the Secretary of State in the case of Texas.

Even in states without specific data broker laws, you can submit complaints to the Federal Trade Commission (FTC) and your state’s Attorney General. While reporting doesn’t guarantee immediate action, it can contribute to enforcement efforts, especially when patterns of non-compliance are identified.

For residents of the European Union, GDPR provides the “right to be forgotten,” and you can file a complaint against a data broker with the national Data Protection Authority (DPA) in your country. Each EU member state has a DPA responsible for enforcing GDPR and investigating complaints.

Reduce your digital footprint after data removal

If you continue to share information freely online, the same data can be collected again and sold back into the system. That’s why it’s important to reduce your digital footprint once you’ve been through the data removal process.

1. Remove people-finder listings and cached pages

Even after a profile disappears from a broker’s website, traces of it can linger in search results. Cached pages in Google may still display your old listing. To clean this up, use Google’s “Remove Outdated Content” tool. It lets you request that old snapshots be cleared from the search index.

You can also use Google’s “Results About You” tool, which highlights where your contact details appear in search results and gives you a way to request removal directly.

2. Secure social media profiles and domain WHOIS

On social platforms, lock down your privacy settings: limit what non-connections can see, prevent your phone number from being searchable, and avoid listing addresses or workplaces.

If you own a website, check the WHOIS settings with your domain registrar. Without privacy protection, your name, home address, phone number, and email can appear in public records. Most registrars offer free or low-cost privacy services that replace your personal details with generic contact information.

3. Unsubscribe from data sharing and use email aliases

Marketing lists are another pipeline feeding data brokers. Many retailers, service providers, and financial companies share or sell customer lists. To limit this, you should regularly opt out of marketing communications and unsubscribe from email lists you don’t need to be on. You can also use centralized opt-out services to opt out of prescreened credit and insurance offers, where these are available.

For everyday sign-ups, use disposable or masked email addresses. This keeps your main address private and makes it harder for brokers to link new activity to you.

4. Use a VPN on public Wi-Fi

Your browsing history is another source of personal data. Advertisers, analytics companies, social media platforms, and other data aggregators can connect IP addresses with online activity, and if they share this information with brokers, it can be used for profiling.

Using a VPN masks your IP address and encrypts your traffic. This action breaks the direct link between your activity and your location. If you regularly use public Wi-Fi at cafes, airports, or hotels, this step is even more important because a VPN can also prevent opportunistic attackers on the same network from collecting your information.

However, a VPN is not a complete invisibility cloak. Even with a VPN active, tracking cookies in your browser, device fingerprinting that identifies your unique configuration, and your logged-in accounts on sites like Google or Facebook can be sources of information about you. This means that you should combine a VPN with other privacy and security tools.

5. Delete accounts you no longer use

Old accounts you forgot about can still leak data. Social networks, shopping sites, and subscription services may still hold your personal information and keep sharing it, or they might suffer a data breach. Closing unused accounts cuts off one more channel where your data could spread.

Before deleting, download your data if needed, then remove any saved payment details, addresses, or phone numbers. Once the account is gone, brokers lose a potential source of information.

6. Review app privacy settings and permissions

Many mobile apps and retailers collect far more data than they need to function. Be selective about the access you approve. Just because an app requests a certain permission doesn’t mean it’s necessary.

Make it a habit to regularly audit the app permissions on your phone and tablet. Limit access to only the data and features that are essential for the app to work. For retailers, turn off data sharing toggles, refuse unnecessary loyalty sign-ups, and delete accounts that demand excessive access.

*The insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company, under group or blanket policies issued to Array US Inc, or its respective affiliates for the benefit of its Members. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.