Personal Data Exposure Report API — Data Broker Scanner for Agencies

Personal Data Exposure Report is an Apify actor that returns structured personal-data exposure intelligence for any subject (name, optional state/city/email/phone) by scanning 19 US data broker sites directly, 29 broker domains via Brave Search, and 2 breach databases. Output is a per-site JSON dataset with found status, exposed data types, removal difficulty, profile URLs, and step-by-step opt-out instructions. Designed for privacy consultancies, identity-protection providers, executive-protection programs, and OSINT/due-diligence teams that need API access to data broker exposure on behalf of clients, employees, or investigation subjects.

This is a B2B intelligence tool. There is no UI, no portal, no client login. You run it through the Apify API, the Apify Console, Zapier, Make, or any HTTP client, then drop the JSON output straight into your client report, security dashboard, CRM, or case file.

What it does: Returns a structured exposure report for any subject across data broker sites and breach databases. Per-site found/not-found, exposed data categories, removal URLs, removal difficulty. Who it's for: Privacy consultancies, identity-protection providers, executive-protection / corporate security teams, M&A due-diligence firms, OSINT shops, white-label privacy products. Pricing: $1.00 per exposure report (pay-per-event). No subscription, no seat fees, no minimum commit. Pay only for scans you actually run. Throughput: 2-5 minutes per subject. Run in parallel via Apify API — typical agency throughput is 50-500 subjects per hour depending on concurrency settings. Output: JSON dataset (one row per broker site) + key-value store summary with exposure score and counts. Webhook on completion. Export to S3, Google Sheets, Zapier, Make.

Why agencies use this instead of building in-house

Building a broker-scanning service in-house means writing site-specific parsers for 19+ broker sites, maintaining them as those sites change layout, handling Cloudflare and similar anti-bot protections, curating and refreshing the broker domain list for SERP-based discovery, integrating breach databases, and writing the removal-instruction copy for every site. It's a quarter of an engineer's time on an ongoing basis, plus the proxy and search-API spend.

Personal Data Exposure Report bundles all of that as a billable line item. $1 per subject scanned. The actor maintains the scanners, the broker definitions, the removal instructions, and the anti-bot fallbacks. You consume the JSON.

Approach	Setup cost	Per-subject cost	Maintenance
Personal Data Exposure Report (this actor)	$0 (Apify account)	$1.00	None — actor is maintained
Build broker scanners in-house	~$30-60k engineering	$0.10-0.40 (proxies + APIs)	Ongoing — sites change layout, brokers get added/removed
License enterprise removal API (Incogni/OneRep/Optery enterprise tiers)	Multi-month sales cycle	Seat-based, typical $5-15k/yr minimum commits	Vendor handles
Manual analyst checking	$0	~$30-60 (analyst time, 2-4 hours per subject)	None

The actor sits between "build it yourself" and "sign a $10k/yr enterprise contract." For agencies running 50-2,000 subject scans per month, that gap is exactly where it earns its keep.

Agency use cases

Privacy consultancy — client onboarding and monthly monitoring

Privacy consultancies sell a "we'll get your data off the internet" service to individuals or families. The first deliverable is an exposure audit. The actor produces that audit in 2-5 minutes per client at $1 of COGS, with structured per-site output you can render into a branded client PDF. Monthly re-scans become a recurring monitoring product at a known unit cost.

Typical economics: bill the client $100-300 for the initial audit, $20-50/month for monitoring. Your COGS is $1 per scan.

Identity-protection providers — white-label exposure intelligence

If you already sell credit monitoring, dark-web scanning, or identity-theft insurance, broker exposure is a logical adjacent feature. Add it via the Apify API. Pass subject details from your customer record, get JSON back, surface the result in your existing UI under your own brand. The actor is the supplier; the customer never sees it.

Executive protection and corporate security

Public exposure of executives, board members, and high-profile employees is a documented social-engineering and physical-threat surface. Run the actor across your protected-persons list quarterly, surface high-exposure individuals, prioritize remediation. Subject lists of 20-200 people are typical; the actor handles the whole list for $20-$200 per quarterly audit.

The exposure score and per-site found status feed cleanly into a security dashboard. Pair with a webhook to alert when an executive's exposure score crosses a threshold.

M&A and pre-IPO due diligence

When a target company is being evaluated, exposure of the founders, executives, and key holders can be a deal factor (doxxing risk, family privacy, post-deal exec recruiting). Run the actor against the target's executive roster as part of standard due diligence. Output goes into the diligence report.

Legal, investigative, and OSINT firms

Investigators and litigation-support firms routinely need to know what's publicly available about a subject before deeper inquiry. The actor is a cheap first sweep: who has them, what categories of data, with direct profile URLs as evidence. Output is a clean evidentiary record (timestamped, source-attributed) that can attach to a case file.

For OSINT work it's often the cheapest way to confirm presence on a known list of brokers without paying for an analyst's manual checks.

HR / compliance — pre-hire and offboarding privacy audits

For sensitive roles (executive hires, security-cleared positions, public-facing positions), an exposure audit is part of the onboarding package. On offboarding, departing employees in regulated industries may need an exposure baseline. The actor produces both in one call per subject.

Summary

• Input: firstName + lastName required. Optional: city, state, email, phone, Brave API key (free tier), HIBP API key.
• Output: One dataset row per broker site (typically 19-50 rows). Key-value store SUMMARY object with exposure score and counts.
• Sources: 19 broker sites scanned directly, 29 broker domains checked via Brave Search, DataBreach.com, Have I Been Pwned (with key).
• Limitations: Detection and guided-removal data only — the actor does NOT submit opt-out forms. US-focused. Anti-bot may suppress some direct broker results; Brave Search backfills coverage.
• Compliance posture: Public-data only. Not an FCRA consumer report. Not for employment screening, stalking, harassment, or surveillance without subject consent. See Responsible use.

What the actor returns

Field	Type	Description
site	string	Name of the data broker or source (e.g. "Spokeo", "DataBreach.com (breach database)")
found	boolean	Whether the subject's data was detected on this site
difficulty	string	Removal difficulty: easy (online form), medium (email/phone verify), hard (complex process)
howToRemove	string	Pre-written removal instructions: steps, estimated time, required credentials
removalUrl	string	Direct link to the broker's opt-out page
profileUrl	string | null	Direct link to the subject's listing on the broker. Null when not found.
hasName	boolean	Name exposed on this site
hasAddress	boolean	Address exposed
hasPhone	boolean	Phone number exposed
hasEmail	boolean	Email exposed
hasRelatives	boolean	Relative names exposed
parentCompany	string | null	Parent company if one removal covers multiple sites (e.g. "PeopleConnect")
scannedAt	string	ISO 8601 timestamp

Plus a SUMMARY record in the run's key-value store:

{
    "exposureScore": 32,
    "sitesScanned": 48,
    "sitesFound": 7,
    "byDifficulty": { "easy": 4, "medium": 2, "hard": 1 },
    "peopleConnectGroupHit": true,
    "breachExposure": { "checked": true, "breachCount": 3 }
}

Fields that can be null: profileUrl (when not found), parentCompany (for standalone brokers). The exposure score is (sites with data / total sites scanned) * 100, capped at 100. It measures breadth of exposure, not severity.

Data trust

Every detection result comes from an actual live query against the broker site or search API. Nothing is inferred, estimated, or padded. A site is marked found: true only when the response contains positive match indicators (HTML class names and text patterns specific to that broker's results page) AND does not contain "no results" indicators. Cloudflare-challenged pages are conservatively marked as not found rather than guessed. Removal instructions are pre-written per broker based on each site's actual opt-out process as of the last update.

Pricing for agencies

Pay-per-event: $1.00 per exposure report. No subscription, no minimum, no seat fees. Platform compute is included in the per-event price.

Use pattern	Subjects	Cadence	Monthly cost	Notes
Privacy consultancy — small	50 clients	Monthly monitoring	$50/mo	50 monitoring scans
Privacy consultancy — mid	200 clients	Monthly monitoring	$200/mo	200 monitoring scans
Identity-protection provider — white-label	5,000 subjects	Quarterly	$5,000/quarter	Customer base monitoring
Executive protection program	100 protected persons	Quarterly	$100/quarter	Plus targeted re-scans on alerts
OSINT / due-diligence firm	50 subjects	Per matter	$50/matter	Charged through to client matter
M&A advisory	10-30 execs per deal	Per deal	$10-30/deal	Standard line in diligence package

Set a per-run maximum spending limit in the Apify run options to hard-cap accidental cost spikes. The actor stops cleanly when the budget is reached.

How to call the actor from your stack

The actor is stateless — every call is a self-contained subject scan. Run in parallel via the Apify API for batch throughput. Default Apify account concurrency lets you run multiple subjects simultaneously; enterprise accounts can raise the ceiling further.

Python — single subject

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")

run = client.actor("ryanclinton/personal-data-exposure-report").call(run_input={
    "firstName": "Sarah",
    "lastName": "Chen",
    "state": "CA",
    "email": "sarah.chen@example.com",
})

# Per-site results
for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    status = "EXPOSED" if item["found"] else "clean"
    print(f"[{status}] {item['site']} — difficulty: {item['difficulty']}")

# Summary (exposure score, counts)
summary = client.key_value_store(run["defaultKeyValueStoreId"]).get_record("SUMMARY")
print(f"Exposure score: {summary['value']['exposureScore']}/100")

Python — batch across a client list

from apify_client import ApifyClient
from concurrent.futures import ThreadPoolExecutor, as_completed

client = ApifyClient("YOUR_API_TOKEN")

subjects = [
    {"firstName": "Sarah",   "lastName": "Chen",   "state": "CA", "email": "sarah@example.com"},
    {"firstName": "Michael", "lastName": "Torres", "state": "TX", "email": "michael@example.com"},
    # ... your full client / employee / subject list
]

def scan(subject):
    run = client.actor("ryanclinton/personal-data-exposure-report").call(run_input=subject)
    items = list(client.dataset(run["defaultDatasetId"]).iterate_items())
    summary = client.key_value_store(run["defaultKeyValueStoreId"]).get_record("SUMMARY")
    return {
        "subject": subject,
        "exposureScore": summary["value"]["exposureScore"],
        "sitesFound": [i for i in items if i["found"]],
    }

with ThreadPoolExecutor(max_workers=10) as pool:
    futures = [pool.submit(scan, s) for s in subjects]
    for f in as_completed(futures):
        result = f.result()
        name = f"{result['subject']['firstName']} {result['subject']['lastName']}"
        print(f"{name}: exposure={result['exposureScore']}, sites={len(result['sitesFound'])}")

JavaScript

import { ApifyClient } from "apify-client";

const client = new ApifyClient({ token: "YOUR_API_TOKEN" });

const run = await client.actor("ryanclinton/personal-data-exposure-report").call({
    firstName: "Sarah",
    lastName: "Chen",
    state: "CA",
    email: "sarah.chen@example.com",
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
const summary = await client.keyValueStore(run.defaultKeyValueStoreId).getRecord("SUMMARY");

console.log(`Exposure score: ${summary.value.exposureScore}/100`);
for (const item of items.filter(i => i.found)) {
    console.log(`[EXPOSED] ${item.site} (${item.difficulty}) — ${item.removalUrl}`);
}

cURL

curl -X POST "https://api.apify.com/v2/acts/ryanclinton~personal-data-exposure-report/runs?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "firstName": "Sarah",
    "lastName": "Chen",
    "state": "CA",
    "email": "sarah.chen@example.com"
  }'

# Pick up DATASET_ID and KV_STORE_ID from the response, then:
curl "https://api.apify.com/v2/datasets/DATASET_ID/items?token=YOUR_API_TOKEN&format=json"
curl "https://api.apify.com/v2/key-value-stores/KV_STORE_ID/records/SUMMARY?token=YOUR_API_TOKEN"

Webhooks for completion handling

Configure an Apify webhook on ACTOR.RUN.SUCCEEDED to push results to your backend when each scan finishes. For batch workflows this avoids polling — your handler receives the run ID, pulls the dataset and summary, and writes to your client record.

Input parameters

Parameter	Type	Required	Description
firstName	string	Yes	First name as it appears on public records
lastName	string	Yes	Last name as it appears on public records
city	string	No	City. Helps disambiguate common names.
state	string	No	US state abbreviation (CA, NY, TX). Strongly recommended — most broker sites filter by state.
email	string	No	Email address. Required to enable DataBreach.com and HIBP breach checks.
phone	string	No	Phone number (any format). Enables phone-based Brave Search queries.
braveApiKey	string	No	Brave Search API key. Free tier at https://api.search.brave.com/ gives 2,000 queries/month.
hibpApiKey	string	No	Have I Been Pwned API key ($3.50/month at https://haveibeenpwned.com/API/Key).
proxyConfiguration	object	No	Proxy settings. Residential proxies strongly recommended for broker coverage.

Recommended input for agency workflows

{
    "firstName": "Sarah",
    "lastName": "Chen",
    "state": "CA",
    "email": "sarah.chen@client-domain.com",
    "braveApiKey": "BSA_your_brave_key_here",
    "proxyConfiguration": { "useApifyProxy": true, "apifyProxyGroups": ["RESIDENTIAL"] }
}

The combination of state + email + Brave key + residential proxy gives the broadest, most accurate coverage. For high-volume monitoring runs where breach data isn't critical, you can drop the HIBP key and the email — this trims roughly 30 seconds per scan.

Output example

{
    "site": "Spokeo",
    "found": true,
    "difficulty": "easy",
    "howToRemove": "Find your profile on Spokeo and copy the profile URL. Go to https://www.spokeo.com/optout. Paste your profile URL into the form. Enter your email address. Complete the CAPTCHA and click Submit. Check your email and click the confirmation link. Removal takes 24-48 hours. Takes 3-5 minutes. You'll need: your Spokeo profile URL, email address.",
    "removalUrl": "https://www.spokeo.com/optout",
    "profileUrl": "https://www.spokeo.com/Sarah-Chen/California",
    "hasName": true,
    "hasAddress": true,
    "hasPhone": true,
    "hasEmail": true,
    "hasRelatives": false,
    "parentCompany": null,
    "scannedAt": "2026-03-30T14:22:00.000Z"
}

Interpretation guide

• found: true with difficulty: easy — highest-priority remediation. Online forms, 2-3 minutes each. Surface these first in client reports.
• parentCompany: "PeopleConnect" — Intelius, ZabaSearch, Instant Checkmate, AnyWho, and Addresses.com share one removal flow at suppression.peopleconnect.us. Group them in client reports to avoid duplicating work.
• difficulty: hard — Radaris requires account creation and possibly phone verification. VoterRecords offers only partial opt-out (voter registration is a public record in most states). Set client expectations accordingly.
• Exposure score (SUMMARY) — 0-20 low, 20-40 moderate, 40+ high. Useful as a single triage number across a client portfolio.

How it works

Phase 0 — Brave Search broker discovery

If a Brave Search API key is provided, the actor queries the Brave Web Search API with the subject's name (optionally state and phone) and scans the top 20 results for URLs matching 29 known data broker domains. This catches listings on sites like MyLife, TruthFinder, Peekyou, FamilyTreeNow, and AdvancedBackgroundChecks that block direct automated access. Matching results are recorded with direct profile URLs and tagged via Brave Search.

Phase 0c-0d — Breach database checks

If an email is provided, the actor queries DataBreach.com by constructing a search URL with the email and checking the response HTML for breach indicators ("breach", "exposed", "compromised") while filtering out negative indicators ("no results", "not found", "0 breaches"). If an HIBP API key is provided, the actor queries the Have I Been Pwned v3 breached-accounts endpoint and retrieves breach names and counts.

Phase 1 — HTTP broker scanning

For broker sites that respond to direct HTTP (USPhoneBook, Spokeo, ZabaSearch, AnyWho, Addresses.com, CocoFinder), the actor uses CheerioCrawler with 8 concurrent connections, 25-second request timeouts, 3 retries per request, session pooling, and browser-like User-Agent headers. Each response is checked against site-specific match indicators (HTML class names and text patterns) and no-match indicators.

Phase 2 — Protected site scanning

For 13 broker sites that use Cloudflare or similar protections (TruePeopleSearch, FastPeopleSearch, WhitePages, Radaris, etc.), the actor uses direct fetch() with browser-like headers in batches of 4 concurrent requests. Cloudflare challenge pages ("cf-challenge", "Checking your browser", "Just a moment") are detected and the result is marked as not found rather than guessed. The same match/no-match indicator system applies to non-challenged responses.

Result enrichment and output

Each result is enriched with broker-specific removal data: step-by-step removal instructions, estimated removal time, required credentials, parent-company grouping. Results are sorted exposed-first. Data types are split into boolean columns for filtering. The SUMMARY object (exposure score, counts, difficulty breakdown) is written to the key-value store under the SUMMARY key.

Sites scanned

Tier 1 — Free people-search sites

Site	Data exposed	Removal difficulty	Removal time
TruePeopleSearch	Name, address, phone, age, relatives	Easy	2-3 min
FastPeopleSearch	Name, address, phone, email, relatives	Easy	2-3 min
ThatsThem	Name, address, phone, email, IP	Easy	2 min
CyberBackgroundChecks	Name, address, phone, criminal records	Easy	2 min
Nuwber	Name, address, phone, email, age	Easy	3-5 min
USPhoneBook	Name, address, phone	Easy	2 min
SearchPeopleFree	Name, address, phone, age	Easy	2 min
Clustrmaps	Name, address, phone	Easy	3 min

Tier 2 — Paywalled sites

Site	Data exposed	Removal difficulty	Removal time
Spokeo	Name, address, phone, email, social, court records	Easy	3-5 min
WhitePages	Name, address, phone, relatives, age	Medium	5-10 min
Radaris	Name, address, phone, email, court, property records	Hard	10-30 min
PeopleFinders	Name, address, phone, age, relatives	Easy	3 min
Intelius (PeopleConnect)	Name, address, phone, email, relatives	Medium	5-10 min
Instant Checkmate (PeopleConnect)	Name, address, phone, criminal records	Medium	5-10 min

Tier 3 — Smaller / niche sites

Site	Data exposed	Removal difficulty	Removal time
ZabaSearch (PeopleConnect)	Name, address, phone	Medium	5-10 min
AnyWho (PeopleConnect)	Name, address, phone	Medium	5-10 min
Addresses.com (PeopleConnect)	Name, address, phone	Medium	5-10 min
CocoFinder	Name, address, phone	Easy	3 min
VoterRecords	Name, address, party affiliation	Hard	5 min

Breach databases

Source	What it checks	Requires
DataBreach.com	Email in known data breaches	Email address in input
Have I Been Pwned	Email breach exposure + breach names	Email + HIBP API key ($3.50/month)

Brave Search coverage (29 broker domains)

Brave Search checks for the subject's name across: TruePeopleSearch, FastPeopleSearch, Spokeo, WhitePages, Radaris, BeenVerified, Intelius, PeopleFinders, ThatsThem, Nuwber, USPhoneBook, CyberBackgroundChecks, SearchPeopleFree, MyLife, TruthFinder, InstantCheckmate, ZabaSearch, Addresses.com, AnyWho, CocoFinder, Clustrmaps, VoterRecords, PublicRecordsNow, IdTrue, USSearch, Peekyou, FamilyTreeNow, AdvancedBackgroundChecks, and NeighborWho.

Throughput and accuracy guidance for agency operators

Accuracy

Accuracy is highest when you provide state and email in addition to name. The state filter eliminates most cross-person false positives on common names; email unlocks the breach databases. For executive-protection programs against people with very common names (Smith, Johnson, Garcia), provide city as well as state.

When a broker site returns a Cloudflare challenge, the actor reports found: false rather than guessing. This is a deliberate conservative posture — false negatives are recoverable (Brave Search will often catch the listing); false positives in a client report are not.

Throughput

A single subject scan takes 2-5 minutes with all sources enabled, 1-3 minutes for name-only. The actor is stateless and parallelizable. Default Apify account limits allow several concurrent runs; raise concurrency on a paid Apify plan if you need to push through hundreds of subjects per hour.

For very large batches (1,000+), the recommended pattern is: enqueue all subjects to a queue, run a controller that triggers actor runs with a target concurrency (e.g. 10-20 simultaneous), collect dataset IDs into a results table, post-process when all runs complete. Use Apify webhooks rather than polling.

Cost predictability

Per-event pricing means you know the exact unit cost before you scan. For agency cost modelling: monthly_cost = subjects × scans_per_subject_per_month × $1.00. A 200-client privacy practice on monthly monitoring is $200/month of COGS. No surprises.

Set a per-run maxSpend in the Apify run options for hard-cap protection on accidental runaway batches.

Limitations

• Detection and guided removal only. The actor returns where data is listed and how to remove it. It does NOT submit opt-out forms on the subject's behalf. Pair with manual analyst work or a removal-submission service for end-to-end removal.
• US-focused coverage. The 19 direct broker sites and 29 Brave Search domains are primarily US people-search engines. International broker coverage is limited.
• Anti-bot protections. Some sites use Cloudflare, CAPTCHA, or other protections that block direct automated access. Brave Search provides a fallback, but direct data-category detection may not be possible for blocked sites.
• Point-in-time snapshot. Data brokers continuously re-aggregate from public records. A clean scan does not guarantee data won't reappear. Recommend re-scanning monthly or quarterly.
• Common-name false positives. For very common names without state filtering, results may include listings belonging to other people with the same name.
• No raw personal data in output. The actor does NOT return the subject's actual address, phone number, or other PII content. It reports which sites have listings and links to those listings. This is intentional — it keeps the output safe to log, store, and share inside your agency's normal data-handling boundary.
• Removal instructions may drift. Broker sites occasionally change their opt-out processes. If instructions don't match what's currently on the site, check the broker's removal page directly.

Integrations

• Zapier — trigger scans from a CRM record creation, push results into client tracking spreadsheets, fire Slack alerts on high-exposure subjects.
• Make — orchestrate monthly batch scans of your client list, route results to email, Slack, or your DB.
• Google Sheets — append exposure reports to a shared sheet for client-facing dashboards.
• Apify API — programmatic batch runs from your backend.
• Webhooks — get notified when a scan completes; ideal for batch processing without polling.
• LangChain / LlamaIndex — feed exposure data into AI workflows for automated risk assessments.

Combine with other Apify actors

Actor	How agencies combine it
WHOIS Domain Lookup	Verify domain ownership of broker sites in case you need to escalate removal disputes
Website Contact Scraper	Pull broker site DPO / privacy contact emails for direct removal escalation
Bulk Email Verifier	Validate breach-database email hits are still active
Website Change Monitor	Watch broker profile pages for re-listing after removal requests are submitted
Website Content to Markdown	Archive broker listing pages as markdown evidence before submitting removal requests
B2B Lead Qualifier	Score business contacts that appear alongside personal data in broker listings

Responsible use

• The actor accesses publicly available data broker websites and search APIs. It does not bypass authentication or scrape paywalled content.
• Use only with proper authorization — for the subject's own data, or for clients, employees, and investigation subjects with appropriate legal basis or consent.
• This is NOT an FCRA-compliant consumer report and must not be used for employment-screening decisions, tenant screening, credit decisions, or any other FCRA-covered use.
• Do not use for stalking, harassment, doxxing, unauthorized surveillance, or building personal-information databases for sale.
• Comply with GDPR, CCPA, and other applicable data-protection laws in the subject's jurisdiction.
• For web scraping legal context see Apify's guide.

Agencies running the actor under their own client engagements remain responsible for their own legal basis (consent, legitimate interest, etc.), client data handling, and reporting practices.

FAQ

Is there a minimum commit or seat fee? No. Pay-per-event at $1.00 per scan. No subscription, no minimum monthly spend, no seat-based pricing. You can run one scan a month or ten thousand — same unit cost.

How is this priced relative to Incogni / DeleteMe / OneRep / Optery? Those are consumer-subscription products at ~$90-200/year per person, or enterprise tiers under custom contract. This actor is per-event, no commitment, designed for agencies that want API access to exposure intelligence without an enterprise contract. The product is also narrower (detection + removal guidance, not automated opt-out submission) — that's the tradeoff.

Can I white-label this inside my own product? The actor is the supplier; how you present output to your customer is your choice. Standard Apify Store TOS apply. For high-volume white-label use, contact through Apify and we can discuss volume terms.

How many subjects can I scan in parallel? Depends on your Apify account concurrency. Default accounts support a handful of concurrent runs; paid Apify plans raise the ceiling significantly. For sustained high-throughput batch workflows (hundreds per hour), an Apify Team or Enterprise plan is typical.

Does the actor submit removal requests for me? No. It detects where data is listed and returns the removal URL and step-by-step instructions per broker. Submission is on you (or your analyst, or your client). This is by design — automated opt-out submission has account verification and CAPTCHA friction that is fundamentally manual at the broker side.

What about subjects outside the US? Coverage is limited. The 19 direct sites and 29 Brave Search domains are primarily US people-search engines. UK, EU, and other international broker sites are not currently in scope. Subjects with US public-records history will get useful results; subjects with no US footprint will mostly get empty scans.

How do I handle a client whose data is on Cloudflare-protected sites? The actor falls back to Brave Search for Cloudflare-blocked sites, which catches the listings if they're indexed. If you need direct profile-page detection on blocked sites, enable residential proxies (apifyProxyGroups: ["RESIDENTIAL"]) and rerun. For sites that block everything, the listing may still be visible to a manual browser check — flag it as "search-engine confirmed" rather than direct-detected.

Can I store results in my own database? Yes. The output is plain JSON from the Apify API. Pipe it into Postgres, BigQuery, your CRM, your client report system — wherever your normal client data lives. The actor returns no raw PII content (only "found on this site, here are the categories"), which makes the output safe to log inside your normal client-data boundary.

What if a broker site changes its layout and detection breaks? The actor is maintained. Detection patterns are updated as broker sites change. The conservative bias (mark uncertain results as not-found) means layout changes cause under-counting rather than false positives. Brave Search backfill catches most cases where direct detection fails.

Can I use the actor as a step inside a larger compliance / privacy SaaS? Yes. The Apify API makes the actor a callable backend service. Agencies and product builders use it as the "exposure intelligence" step in pipelines that also include consent capture, removal-request submission, evidence archival, and client reporting.

Is there a free trial? Apify gives all new accounts $5 platform credit, which covers the first ~5 exposure reports without payment setup. Beyond that, pay-per-event at $1 per scan.

Recent updates

• May 2026 — README reframed for agency / API-access use cases. Output schema, scanners, and pricing unchanged.
• March 2026 — Added PeopleConnect family grouping (one removal covers 5+ sites). Per-broker removal steps, estimated time, required credentials. Boolean data-type columns (hasName, hasAddress, etc.).
• March 2026 — Initial release with 19 broker sites, Brave Search integration, DataBreach.com, and HIBP support.

Support

For bug reports or feature requests, open an issue in the Issues tab on this actor's page. For volume pricing discussions, white-label arrangements, or custom integration work, reach out through Apify Console messaging.

Help us debug faster

If a run fails or returns unexpected results, you can let the actor developer see your run details by enabling run sharing:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

Run details are visible only to the actor developer, not publicly.