Over 540 registered data brokers are currently selling your name, location, relationships, income estimates, and behavioral profiles. California's DROP platform lets you nuke all of them with a single request. Track your deletion game plan and watch your risk surface shrink.
Four categories of risk that broker data creates. Check off completed steps in the Game Plan below to watch these meters shrink.
Behavioral profiles built from your browsing, purchases, and inferred income/political leanings enable hyper-targeted advertising. Brokers sell audience segments to ad platforms.
MAIDs let brokers sell precise movement history — where you live, work, worship, and receive healthcare. This data has been used to track protest attendees, abortion clinic visitors, and journalists.
Sites like Spokeo, Radaris, BeenVerified, and Intelius aggregate your address history, relatives, phone numbers, and court records. Anyone can look you up for $5.
Leaked broker data fuels "recovery scammers," social engineering, SIM-swapping, AI voice cloning impersonation, and spear-phishing attacks with your real family member names.
Based on your digital footprint as a California-based software engineer, these broker categories almost certainly hold your data. DROP covers all 540+ registered brokers simultaneously.
Companies like Acxiom, Experian Marketing, Oracle Data Cloud, and LiveRamp build behavioral profiles from credit card transactions, loyalty programs, app usage, and web tracking. They sell audience segments to every major ad platform. Your inferred income, political affiliation, and purchasing intent are all products.
Aggregators pull from public records, voter rolls, utility filings, and social media to build dossiers any stranger can buy for a few dollars. They've been shown to hide opt-out pages from Google search results. DROP forces all 540+ into compliance simultaneously.
Apps silently harvest GPS coordinates via MAIDs and sell them to brokers. Senate investigations confirmed companies like Babel Street's Locate X sell real-time movement tracking to government agencies with no warrant. Providing your MAID to DROP hits these brokers hardest.
Note: brokers covered by FCRA (credit bureaus like Equifax, Experian, TransUnion) are exempt from DROP. But many financial aggregators selling non-FCRA data — estimated net worth, transaction patterns, debt inferences — are fully covered. These feed lenders, insurance, and employers.
Not HIPAA-covered brokers build health profiles from pharmacy purchases, fitness app data, and consumer behavior to infer medical conditions. Note: actual health records covered by HIPAA are exempt from DROP, but inferred health data is not.
As a software engineer, your GitHub activity, Stack Overflow profile, LinkedIn data, and professional email address are premium targets for B2B brokers selling "technographic" and "intent" data to SaaS vendors. These profiles drive SDR spam and recruiter targeting.
Prioritized steps to maximize your privacy gains before and after the August 1 processing deadline. Complete each phase in order for the biggest risk reduction per unit of effort.
Collect: all name variants (including maiden names or aliases), up to 3 ZIP codes, up to 3 email addresses, up to 3 phone numbers, your Mobile Advertising ID (MAID) from phone settings, Connected TV ID, and vehicle VIN(s). More identifiers = more records matched = more data deleted.
Go to privacy.ca.gov/drop, verify your California residency via the Identity Gateway, create your profile, and submit. Select "All brokers" — there's no reason to exempt any of the 540+. Save your DROP ID from the confirmation screen. Bookmark the status page.
Processing doesn't begin until August 1, 2026. Set a calendar reminder for August 15 to check your DROP status dashboard. Brokers have up to 90 days to report results after August 1. Save the confirmation page screenshot.
While DROP will cover these brokers, manually opt-outing now removes you immediately — before the August 1 deadline. Priority targets: Spokeo, Radaris, BeenVerified, Intelius, WhitePages, PeopleFinders, Truthfinder, FastPeopleSearch, MyLife. Use Yael Grauer's Big Ass Data Broker Opt-Out List.
The Network Advertising Initiative and Digital Advertising Alliance run industry opt-out tools that cover hundreds of ad networks simultaneously. These operate outside the DROP framework (ad networks aren't classified as data brokers) so this is a necessary complement.
Your MAID is the persistent identifier that lets location brokers track you across apps. Reset it now to break historical data chains, then enable "Limit Ad Tracking" (iOS) or "Opt out of Ads Personalization" (Android). iOS 14.5+ requires explicit opt-in per app.
As an engineer, your professional data is premium. ZoomInfo, Apollo.io, RocketReach, and Clearbit sell your work email, direct phone, and employer data to SDRs globally. These B2B brokers often aren't registered under California's framework — opt out directly.
Check your DROP dashboard using your DROP ID. Review statuses: "Deleted" (success), "Opted-out" (no match but opted out), "Exempted" (data protected by other law), "Record not found." For "Record not found," add more identifiers and resubmit — you may need variant name spellings or additional emails.
Location deletion is only as good as future data hygiene. Revoke "precise location" from all apps that don't strictly need it. Switch remaining apps to "While Using" only. Review: weather apps, food delivery, photo apps, retail apps. None need "Always On" location.
Google and Apple are first-party data collectors (not brokers), so DROP doesn't apply to them. Use their own privacy tools: Google My Activity deletion, Maps timeline deletion, ad personalization opt-out. Request your Apple data and delete what you don't need.
New data brokers register with California annually. New brokers are automatically covered by your existing DROP request, but updating your profile with new phone numbers, email addresses, or additional identifiers ensures maximum coverage. Set a yearly calendar reminder to review.
Log your deletion confirmations and notes here. Data is saved locally in your browser.
DROP is powerful, but it has real limits. Know what you're getting before you depend on it.
DROP platform launches. California residents can begin submitting deletion requests. Status shows "Pending" — brokers not yet required to act.
D-Day. Brokers legally required to begin processing DROP requests every 45 days. Deletion begins. Brokers have up to 90 days to report status per request.
Latest possible date for brokers to report deletion status for August 1 submissions (90-day window). Most will report sooner.
Ongoing: brokers process deletion lists and opt-out requests. New broker registrations covered automatically by your existing request.
DROP is California-only. Here are the best alternatives for residents of other states — ranging from free manual tools to paid services that automate the work.
Yael Grauer's comprehensive, community-maintained list of data broker opt-out links. Flags "crucial" and "high priority" targets so you know where to start. Works anywhere in the world.
The Network Advertising Initiative and Digital Advertising Alliance run industry-wide opt-out portals. One visit covers hundreds of ad networks. Cookie-based — do once per browser and device.
Sends opt-out requests to people-search sites on your behalf and re-submits quarterly, since some brokers re-add your data. Consumer Reports rated it highly for coverage and ease of use. ~$129/year for one person.
Scans 200+ data broker sites and shows you exactly what data exists before opting out. Transparent, granular reporting. Free tier available for manual opt-outs; paid tier automates. Strong for technical users who want visibility.
Budget-friendly automated opt-out service covering 170+ data brokers. Lower cost than DeleteMe, no free tier, but straightforward. Good for users who want automation without a premium price. ~$20/year.
Several states have passed their own privacy laws with deletion rights: Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, and Florida all have comprehensive privacy laws. Vermont requires data broker registration. Watch for a federal DELETE Act bill.
| Option | Cost | CA Only? | Brokers Covered | Automation | Best For |
|---|---|---|---|---|---|
| DROP (CA) | Free | Yes | 540+ | Single submission | CA residents, comprehensive |
| Big Ass List | Free | No | 200+ | Manual | Budget, global |
| DeleteMe | ~$129/yr | No | 750+ | Full | Non-CA, recurring |
| Optery | Free–$249/yr | No | 200+ | Partial/Full | Visibility + control |
| EasyOptOuts | ~$20/yr | No | 170+ | Full | Budget automation |