How to Scrub Your Personal Information from the Internet
Your name, home address, phone number, email, relatives, income estimate, and property data are probably on hundreds of sites already. You did not opt in. Those sites sell the profile anyway.
This guide covers the main broker opt-outs, Google removal tools, social media cleanup, public-record suppression, facial-recognition opt-outs, and paid removal services. It also covers what will not come off the internet and what to do next.
Work in order. The big aggregators come first because their feeds reach many smaller sites.
Where Your Data Comes From
Before you start, know the source. Brokers usually do not create the data. They collect it from public and commercial records.
- Voter registration records — public in most US states. They often include your full name, registered address, date of birth, and party affiliation.
- Property and mortgage records — county assessor records are public in the US. Buying or selling a home usually creates a searchable record with your name and address.
- Court records — civil suits, criminal cases, bankruptcies, and divorce filings are often public and easy to search online.
- Marketing lists — loyalty programs, warranty cards, magazine subscriptions, and contest entries all feed this market.
- Social media profile data — public bios, job history, location tags, and linked accounts get scraped constantly.
- Historical phone book databases — old paper directory data was digitized and carried into modern people-search sites.
- Data breach compilations — breach data eventually gets cleaned up and folded into broker databases.
- Old forum posts and news mentions — any indexed page that ties your name to other personal details adds to the profile.
Step 1 — The Big Data Broker Opt-Outs (Manual, Free)
Start here. Tier-1 aggregators feed many smaller sites. Getting off Acxiom, LexisNexis, CoreLogic, and Verisk can reduce the spread. The people-search sites below still need separate opt-outs.
Use a temporary alias from SimpleLogin or AnonAddy when a form needs email confirmation. Do not hand brokers a fresh, verified primary address.
| Site | What it holds | Opt-out method | Processing |
|---|---|---|---|
| Spokeo | Full profiles — address, relatives, photos | spokeo.com/opt_out/new | 3–7 days |
| Whitepages | Address, phone, household members | whitepages.com/suppression_requests | 24–48 hrs |
| BeenVerified | Background profiles, social media links | beenverified.com/opt-out | 24 hrs |
| Intelius | People search, criminal records | intelius.com/opt-out | 24–72 hrs |
| Radaris | Full profiles, address history | radaris.com/control/privacy | 3–5 days |
| PeopleFinder | Address, phone, criminal records | peoplefinder.com/optout | 24–72 hrs |
| PeopleSmart | People search, email, phone | peoplesmart.com/opt-out | 24–72 hrs |
| FastPeopleSearch | Address, phone, relatives | fastpeoplesearch.com/removal | 24 hrs |
| TruthFinder | Background check, social, dark web scan | truthfinder.com/opt-out | 24–72 hrs |
| Instant Checkmate | Background check, address history | instantcheckmate.com/opt-out | 24–72 hrs |
| MyLife | Reputation profiles, ratings, reviews | mylife.com/ccpa/index.html | 3–7 days |
| USPhoneBook | Phone number lookup, address | usphonebook.com/opt-out | 24–48 hrs |
| Acxiom | Marketing data, demographics, purchase history | acxiom.com/optout — mail or portal | 30 days |
| LexisNexis | Comprehensive background, financial data | lexisnexis.com/privacy — form | 30 days |
| CoreLogic | Property, credit, tenant screening | corelogic.com/privacy-policy | 30 days |
| Epsilon | Marketing data, email/mail lists | epsilon.com/us/privacy-policy — email | 30 days |
| Verisk | Insurance, financial, property | verisk.com/privacy | 30 days |
| Experian Marketing | Credit + marketing lists, pre-approval data | optoutprescreen.com | 5 yrs or permanent |
| Gravy Analytics | Location data from mobile apps | gravyanalytics.com — email opt-out | 30 days |
| X-Mode / Outlogic | Precise location from SDKs in apps | optout.xmode.io | 30 days |
| Babel Street | Intelligence aggregator, social + comms data | babel-street.com/privacy — form | 60 days |
| Clearbit | Business contact data, job titles, company | clearbit.com/privacy — form | 30 days |
Step 2 — Google Removal Tools
Google usually does not host your information. It indexes it. Removing a page from search does not remove the page itself. Still, search is how most people find broker listings, so it is worth doing.
- Personal information removal request — Google's tool at support.google.com/websearch/troubleshooter/9685456 lets you ask for removal of doxxing-style content such as home addresses, phone numbers, emails, government ID numbers, login credentials, and financial data.
- Outdated content removal tool — if the source page is already gone but Google still shows a cached result or snippet, use support.google.com/websearch/troubleshooter/3111061 to push a re-crawl.
- Right to be Forgotten (EU/UK/Australia) — if you are in the EU, UK, or Australia, you can submit a name-based request under local privacy law. Use support.google.com/legal/contact/lr_eudpa.
- Google Images non-consensual imagery — request removal of non-consensual intimate imagery through support.google.com/websearch/troubleshooter/9685456.
- What Google cannot do — Google can delist a URL. It cannot erase the original page. Go to the source first whenever you can.
Step 3 — Social Media Account Purging
Social platforms are prime OSINT sources. Even private accounts leak metadataData about data, such as who contacted whom, when, from what device, and from which location. Metadata often remains exposed even when content is encrypted.Glossary →, photos, usernames, and social graphs. Deletion is cleaner than fiddling with settings forever.
- Facebook — Download your archive first. Deletion requests take 30 days before the account is gone for good. Deactivation leaves the data on Meta's servers.
- Instagram — Download your data, then delete through the permanent removal page. There is a 30-day reversal window.
- LinkedIn — Download your data, then close the account. Search caches can linger for weeks.
- Twitter/X — Download your archive first. Use Semiphemeral or TweetDelete to wipe tweets before deleting the account.
- Reddit — Usernames cannot be changed. Posts and comments stay visible after deletion unless you overwrite them first. Use Shreddit or nuke.reddit.com before closing the account.
- Old forum accounts — Ask admins for deletion with a GDPR Article 17 or CCPA request where it applies. Include the username and registered email.
- Wayback Machine — If your own site or a page about you is archived, request exclusion at archive.org/about/exclude.php or email info@archive.org for personal-data removal from specific URLs.
Step 4 — Public Records (The Hardest Category)
- US voter registration — Many states offer address confidentiality for domestic violence survivors, judges, law enforcement, and some stalking victims. Search for your state's "Safe at Home" or "Address Confidentiality Program."
- Property records — Some counties allow suppression by written request. Another option is to hold property through an LLC or trust so the record shows the entity name instead of yours.
- Court records — Federal records can sometimes be sealed by petition. State courts vary. Some allow expungement or sealing for arrests that did not lead to conviction.
- Business registrations — If you used your home address, file an amendment and switch to a registered agent address.
- Arrest records — Many states allow expungement for non-conviction arrests and some minor offenses. That can remove a record from public databases, though not always from federal systems.
Step 5 — Facial Recognition Opt-Outs
Facial recognition changes the game. Sites like PimEyes let strangers search your face and find indexed photos even if they do not know your name. Opt-outs exist, but they are limited.
- PimEyes — Free opt-out at pimeyes.com/page/forget-me. You submit a photo for matching.
- Clearview AI — Submit a data subject and deletion request at clearview.ai/data-subject-requests if your jurisdiction allows it.
- FaceCheck.ID — Use the contact address listed in the privacy policy for removal.
- Find and remove your indexed photos — Use Google Images and TinEye to find mirrors and ask host sites to remove them. Then use Google's outdated-content tool for cached results.
- Social media photos — Remove profile photos and untag yourself from other people's uploads before deleting accounts.
Step 6 — Automated Removal Services (Paid)
Manual opt-outs cover the main brokers, not the long tail. Paid services keep sending removal requests and catch new listings as they appear. They help. They do not replace the manual steps.
| Service | Sites covered | Annual cost | Notes |
|---|---|---|---|
| DeleteMe | ~750+ sites | $129/year | Detailed quarterly reports, human-reviewed, US-focused |
| Incogni (Surfshark) | 180+ sites | $77.88/year | Automated, uses GDPR/CCPA legal basis, fast |
| Privacy Bee | 250+ sites | $197/year | Ongoing monitoring, family plans available |
| Kanary | 500+ sites | $99/year | Monitoring + removal, Canadian sites included |
| Optery | 650+ sites (premium) | $0–$180/year | Free tier available; self-serve + automated on premium |
| OneRep | 200+ sites | $99.96/year | Automated with manual verification of removals |
Step 7 — Email and Username OSINT Reduction
Your email addresses and usernames are pivot points. One reused email can link old and new accounts even after you delete half of them.
- Check breach exposure — Run your emails through HaveIBeenPwned. Any exposed address is now a confirmed broker datapoint.
- Check for leaked passwords — Dehashed can show cracked or plaintext passwords tied to an email or username. If one appears, rotate it everywhere it was reused.
- Switch to email aliases — Use SimpleLogin, AnonAddy, or Apple Hide My Email. One alias per service keeps future breaches contained.
- Find all accounts linked to a username — Use Sherlock locally or Namechk to find old accounts and break the cross-platform trail.
- Old email addresses — Search those addresses on HaveIBeenPwned and send deletion requests wherever they still control an account.
What Cannot Be Fully Removed
Some things will stay public. You need to know that early.
- Historical news articles — legitimate journalism is often protected from erasure requests.
- Government filings and regulatory records — SEC filings, court decisions, and regulatory actions are usually permanent public records.
- Blockchain transactions — Bitcoin activity tied to a KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary → exchange address stays on-chain. Chainalysis and similar firms keep those links. Use Monero for future private transfers.
- Data already sold to insurers, employers, and law enforcement — Opting out stops future sales. It does not pull back copies already sold.
- Aggregated and anonymized data — your patterns can stay in bulk datasets even after your name drops off a record.
- Dark web breach dumps — once a dump spreads, it is effectively permanent. Rotate the credentials and treat the address as burned.
- Cached and archived versions — Google cache, Wayback snapshots, and snippets can linger for weeks or months after the source is gone.
Ongoing Maintenance
One cleanup pass is not enough. Records update, brokers scrape again, and new sites appear all the time. Treat removal as maintenance.
- Google Alerts — Set alerts for your full name plus city and your name plus phone number so you catch new indexed pages fast.
- Quarterly broker re-checks — Search the big people-search sites every few months and repeat the opt-outs when a profile returns.
- Optery free tier monitoring — The free scan is useful for spotting re-listings.
- Annual GDPR/CCPA deletion requests — Send yearly erasure requests to the large aggregators.
- Address change protocol — When you move, re-run the opt-out sequence for the new address within 60 days.
- New account hygiene — Give your real name and address only where the law requires it. Use aliases, PO Boxes, and email aliases everywhere else.
Follow the Money
Data brokers make billions from people who never agreed to be listed. That is why removal stays hard.
Opt-out flows are full of friction. Some ask for an account, a phone number, or even an ID upload. The FTC has proposed rules to make this easier, but as of 2026 the US still has no broad federal law that forces a clean, universal opt-out. The EU and UK give you more leverage under GDPR.
The real fix is prevention. Create less data. Use aliases, pay with Monero, put entities in your LLC's name, and keep your home address off every form that does not legally need it.