Skip to main content
DataBrokerRemover
Draft — pending counsel review

Privacy policy

Last updated 2026-05-19. This is the working draft we wrote for counsel review. The legally binding version will replace it before public launch.

In this policy

  1. 01. Overview
  2. 02. What we collect
  3. 03. How we use it
  4. 04. What we never do
  5. 05. Retention
  6. 06. Third parties we share with
  7. 07. Authorized-agent grant
  8. 08. Your rights (CCPA/CPRA)
  9. 09. Where we operate
  10. 10. Security
  11. 11. Children's data
  12. 12. Changes to this policy
  13. 13. Contact

1. Overview

Data Broker Remover (“DBR”, “we”) is a privacy service that finds and removes your personal information from US data broker websites. Our entire business is built on the promise that we will treat your data better than the brokers we remove you from. This policy explains exactly how.

If you only read one line: we never sell, license, rent, or share your personal information with anyone except the specific data brokers we're opting you out of on your behalf. Not advertisers. Not analytics vendors. Not data brokers. Not affiliates. Ever.

2. What we collect

To find and remove your records, we collect:

  • Identity: first name, last name, name variations you add (maiden name, nicknames).
  • Location: city, state, current + previous physical addresses you add.
  • Contact: email addresses, phone numbers — both what you sign up with and additional identifiers you add.
  • Age range: for narrowing matches; we do not ask for or store full date of birth.
  • Government IDs: never accepted through DBR. Brokers that require gov-ID verification (LexisNexis, certain credit bureaus) link out from your dashboard directly to the broker’s own secure portal. You upload to them; the ID never touches our servers.
  • Scan results: what each broker has about you. Held in ephemeral memory and hard-deleted within 24 hours until you create an account; stored encrypted at rest (AES-256) once you do.
  • Removal status: per-broker submission + confirmation state, with screenshots as proof.
  • Family plan info: if you're the master account holder, the email addresses you've invited. Each family member's scan data is encrypted with their own key — masters do not have visibility into it.
  • Affiliate / referral attribution: if you arrived via an affiliate link, an attribution cookie ties your sign-up to that partner for commission accounting (more in §6).
  • Operational logs: standard service logs (HTTP method, URL, status, anonymized IP) for debugging. These are PII-scrubbed and retained 30 days.

What we never collect: SSN, full date of birth, financial account numbers, credit card numbers (Stripe handles those), passport numbers, government ID images (a future Premium feature will let you upload an ID to specific brokers that require it; if so, the upload is encrypted and forwarded only to that specific broker, never retained), browsing history outside of scans, the contents of any document not directly required to perform a removal, or anyone else's data without their consent.

3. How we use it

  1. To search the public-facing pages of US data brokers for records matching your name + location.
  2. To submit opt-out / deletion requests to those brokers on your behalf as your authorized agent (§7).
  3. To verify and screenshot removals as proof.
  4. To monitor for re-listings on a recurring schedule.
  5. To communicate with you about your account (removal status, action needed, invoices, security notices). You control which notifications you receive in Settings → Privacy.
  6. To process payments (via Stripe) and pay affiliate commissions.

4. What we never do

  • We never sell your personal information to anyone.
  • We never share it for marketing, advertising, or list-building.
  • We never train AI models on your personal information.
  • We never retain non-customer reveal data beyond 24 hours.
  • We do not act as a data broker. We will resist any legal reclassification that would make us one.

5. Retention

Pre-signup scan results (24 hours). If you run a scan from the homepage but don't create an account, your scan results, screenshots, and identifiers are hard-deleted from our systems within 24 hours. The shareable result URL stops working at the same time. We will never use a pre-signup scan's data for marketing or retargeting.

Account data (while you have an account). If you create an account, your scan results and identifiers persist as long as your account does. You can request a full export or permanently delete your account from Settings → Privacy at any time.

Account deletion. When you delete your account, we hard-delete your data within 30 days (most within 7). Anonymized billing records may be retained as required by tax law.

Operational logs (30 days). PII-scrubbed.

Affiliate commission ledger. Retained as long as required for tax compliance (typically 7 years per IRS guidance).

6. Third parties we share with

We share the minimum necessary data with the following service providers, all under contract that prohibits them from using your data for any other purpose:

  • Stripe — payment processing. Card details are entered directly into Stripe-controlled fields and never touch our servers.
  • Postmark — transactional email delivery (account notices, removal confirmations, CCPA opt-out emails sent on your behalf).
  • Supabase — hosted database and authentication. All personal data is encrypted at rest (AES-256) for account holders.
  • CapSolver — solves CAPTCHAs on broker websites during paid-tier removals. Sees only the CAPTCHA image, not your identity.
  • DataImpulse — residential proxy network used to reach broker sites that block datacenter IPs. Sees only the broker request, not your account context.
  • Anthropic Claude vision API — used in narrow, explicit cases to verify a broker page rendered correctly after an opt-out. Per our internal policy, the request prompt instructs Claude not to echo PII back, and a server-side redactor scrubs the response before logging.
  • The specific data broker we are opting you out of — to submit a removal request, we must transmit the minimum identifiers required to identify your record. Only the specific broker handling your request receives this data; never an aggregator.
  • State governments — for California users (and other states that follow), we submit deletion requests to government data-broker registries (e.g. California DROP) on your behalf.
  • Vercel — frontend hosting + edge logs (PII-scrubbed).
  • Railway / Hetzner — backend hosting for the removal pipeline.
  • Affiliate partners — receive ONLY aggregate commission accounting (masked user ids, plan tier, amount). Never your name, email, scan results, or any other PII.

We do not share with analytics vendors that profile users. Aggregate, non-PII usage metrics (page views without ids) may be used for product improvement.

7. Authorized-agent grant

When you create an account or run a scan, you grant Data Broker Remover the authority to act as your “authorized agent” under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and similar state-level laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, etc.). This authority lets us submit deletion, opt-out, and right-to-know requests to data brokers on your behalf using the personal information you provide.

You can revoke this authority at any time by deleting your account or by emailing privacy@databrokerremover.com.

8. Your rights (CCPA / CPRA)

  • Right to know. Download a full export of everything we have on you from Settings → Privacy → Download your data.
  • Right to delete. Permanently delete your account + all data from Settings → Privacy → Delete account. Hard-deletion happens within 30 days.
  • Right to correct. Update any identifier from Settings → Profile.
  • Right to opt out of “sale” or “sharing.” Not applicable — we do not sell or share for cross-context behavioral advertising.
  • Right to non-discrimination. We will never charge you more or provide a lower level of service for exercising any of these rights.

If you're a California resident, you can also file a complaint with the California Privacy Protection Agency at cppa.ca.gov.

9. Where we operate

At launch, Data Broker Remover operates in the United States only. We do not knowingly accept or process personal information from residents of the European Union, the United Kingdom, or other jurisdictions whose privacy laws we are not currently positioned to comply with end-to-end. The homepage reveal form geofences submissions to US IP addresses.

10. Security

Encryption at rest. All personal information is encrypted with AES-256 in Supabase for account holders. Anonymous scan data is held in ephemeral memory and hard-deleted within 24 hours. See /security for the full posture.

Encryption in transit. All connections to our service use TLS 1.2 or higher.

Access controls. Per-user row-level security (Supabase RLS) ensures no employee or customer can read another customer's data. Family-plan masters cannot read family members' scan data — each family member's data is encrypted with their own key.

Two-factor authentication is on the launch checklist; the auth flow is wired through Supabase Auth which supports TOTP and recovery codes natively.

SOC 2. Planned pre-launch.

11. Children's data

Data Broker Remover is for adults 18+. We do not knowingly collect personal information from anyone under 18. The homepage scan form requires an age affirmation; signup follows the same rule. If we learn we've collected information from a minor, we will delete it immediately.

If you are a parent or guardian and believe a minor has submitted information, contact privacy@databrokerremover.com and we will purge it.

12. Changes to this policy

We'll email account holders at least 30 days before any material change. Changes that strictly expand your rights or clarify existing practices may take effect immediately.

13. Contact

Privacy questions: privacy@databrokerremover.com
Data subject requests: privacy@databrokerremover.com
General: hello@databrokerremover.com

See also our Terms of Service.