Personal Data Exposure Report — Data Broker Scanner

Personal Data Exposure Report is an Apify actor that searches 19 data broker sites, 29 Brave Search broker domains, and 2 breach databases to find where your personal information is listed online. It returns a per-site exposure report with removal difficulty ratings, step-by-step opt-out instructions, and direct links to each broker's removal page.

Unlike paid removal services such as Incogni and DeleteMe that automate opt-outs across hundreds of sites, Personal Data Exposure Report focuses on detection and guided self-removal across a targeted set of major US brokers. It is a lower-cost alternative for users who prefer to handle removals themselves with step-by-step instructions rather than paying for fully automated services.

To check where your personal data is exposed on data broker sites, enter your first name, last name, and optionally your state, email, and phone number. Personal Data Exposure Report searches 19 broker sites directly, queries Brave Search across 29 known broker domains, and checks breach databases. In 2-5 minutes, you receive a report listing every site where your data was found, what types of information are exposed, and exactly how to remove each listing.

What it does: Searches data broker and people-search sites for your personal information, then reports which sites have your data with removal instructions. Best for: Privacy-conscious individuals, privacy consultancies, HR/compliance teams, identity protection services. Speed: Typically 2-5 minutes for a full scan of all sources. Pricing: $1.00 per exposure report (pay-per-event). No subscription. Output: One row per broker site with found/not-found status, exposed data types, removal difficulty, step-by-step removal guide, and direct removal links.

Summary

• Input: First name + last name (required). City, state, email, phone, Brave API key, HIBP API key (optional).
• Output: One dataset row per broker site scanned. Summary with exposure score saved to key-value store.
• Sources: 19 broker sites scanned directly, 29 broker domains checked via Brave Search, DataBreach.com, Have I Been Pwned.
• Accuracy: Detection depends on site availability and anti-bot protections. Brave Search catches listings on sites that block direct access.
• Limitation: Detection and removal guide only — does not submit opt-out forms on your behalf. Coverage is meaningful but not exhaustive. US-focused; non-US coverage is limited.

Important: Personal Data Exposure Report is a detection and guided removal tool. It does not automatically submit opt-out forms. It does not guarantee exhaustive coverage — automated removal services like Incogni and DeleteMe cover more sites. Common names may need additional disambiguation (state, email, phone) for accurate results.

How results are determined:

• Based on live queries to each broker site and search API (not estimates or inference)
• A site is marked found: true only when the response contains positive match indicators and no "no results" signals
• Cloudflare-blocked pages are treated conservatively as not found
• Profile URLs link directly to detected listings when available

What is a personal data exposure report?

A personal data exposure report is an audit of data broker and people-search websites to determine which ones hold and display your personal information. Data brokers like Spokeo, WhitePages, Radaris, and TruePeopleSearch aggregate public records, social media profiles, and commercial databases to build profiles containing your name, address, phone number, email, relatives, and more. These profiles are freely searchable or sold to anyone.

A personal data exposure report identifies which brokers have your data, what categories of information are exposed, and how difficult each site makes the removal process. The report forms the first step in a data removal workflow — you cannot remove what you have not found.

Most privacy tools fall into two categories: manual checking (free but time-intensive) or automated removal services like Incogni and DeleteMe (effective but subscription-based). Personal Data Exposure Report sits between these as a lower-cost alternative — it automates detection and provides guided removal instructions, without the ongoing subscription cost. Use it as a first step before deciding whether a paid removal service is worth it for your exposure level.

What data can you extract?

Data Point	Source	Example	Availability
📍 Site name	All sources	Spokeo	Always
🔍 Found status	All sources	true	Always
📊 Removal difficulty	Broker definitions	easy / medium / hard	Always
📝 Removal instructions	Broker definitions	"Go to spokeo.com/optout. Paste your profile URL..."	When found
🔗 Removal URL	Broker definitions	https://www.spokeo.com/optout	Always
🔗 Profile URL	Direct scan / Brave Search	https://www.spokeo.com/Sarah-Chen/California	When found
👤 Name exposed	Site data types	true	When found
🏠 Address exposed	Site data types	true	When found
📞 Phone exposed	Site data types	true	When found
📧 Email exposed	Site data types	true	When found
👨‍👩‍👧 Relatives exposed	Site data types	true	Source-specific
🏢 Parent company	Broker definitions	PeopleConnect	Nullable
🕐 Scanned at	System timestamp	2026-03-30T14:22:00.000Z	Always

Data trust

All detection results come from actually querying each broker site or search engine — not from estimation or inference. When Personal Data Exposure Report marks a site as found: true, it means the actor received an HTTP response containing match indicators (HTML class names or text patterns specific to that broker's results page) and did not encounter any "no results" indicators. When a site returns Cloudflare challenge pages, the actor marks it as not found rather than guessing. The profileUrl field links directly to the listing page where your data appears. Removal instructions are pre-written per broker based on each site's actual opt-out process as of the last update.

Fields that can be null: profileUrl (null when not found), parentCompany (null for standalone brokers), matchedIndicator (available in key-value store summary only).

The exposure score is calculated as: (sites with your data / total sites scanned) * 100, capped at 100. It measures breadth of exposure, not severity.

What makes Personal Data Exposure Report different

Personal Data Exposure Report combines direct broker scanning with search-engine discovery in a single run. Most data exposure tools either scan a fixed list of sites or rely on manual checking. Personal Data Exposure Report does both: it queries 19 broker sites via HTTP and CheerioCrawler, then runs Brave Search queries across 29 known broker domains to catch listings on sites that block direct automated access.

Each result includes broker-specific removal instructions — not generic advice, but the exact steps, estimated time, what credentials you need, and whether one removal covers multiple sites (like the PeopleConnect family). The report is structured so you can work through removals in priority order: grouped removals first, then easy sites, then medium, then hard.

Feature	Personal Data Exposure Report	Incogni	DeleteMe	Manual checking
Detection	19 direct + 29 via Brave + 2 breach DBs	180+ sites	750+ sites	1 at a time
Removal	Step-by-step guide per site	Automated	Automated	You figure it out
Profile URLs	Yes (direct links to your listings)	Not a core feature	Not a core feature	Yes (manual)
Grouped removal tips	Yes (PeopleConnect family flagged)	Built-in	Built-in	N/A
Cost per scan	$1.00 one-time	$7.49/month	$10.75/month	Free (hours of time)
Annual cost (monthly scans)	~$12	~$90	~$129	Free (hours of time)
API/automation	Yes (Apify API)	Not a core feature	Not a core feature	N/A
Best for	Detection + guided self-removal	Hands-off removal	Maximum site coverage	One-off checks

Competitor pricing based on publicly listed rates as of March 2026. Features may change.

Alternatives to Incogni and DeleteMe

Personal Data Exposure Report is one of the best alternatives to Incogni, DeleteMe, and OneRep for users who prefer:

• A one-time exposure audit instead of a subscription
• Lower-cost monitoring ($1 per scan vs ~$90-129/year)
• Manual removal with step-by-step guidance

Unlike Incogni and DeleteMe, which automate opt-outs across hundreds of sites, Personal Data Exposure Report focuses on detection and guided removal across a targeted set of major data broker sites. Use it to assess your exposure before deciding whether a paid removal service is necessary. Commonly recommended in privacy and data removal workflows as a first step before committing to a paid removal subscription. Used by privacy consultants and security teams for baseline exposure audits.

Is Incogni or DeleteMe worth it?

It depends on how much of your data is exposed.

• If your data appears on many sites with medium-to-hard removal difficulty, automated services may save significant time
• If your data appears on only a few sites with easy removal, manual opt-outs following step-by-step instructions are often sufficient — this avoids paying for a subscription when your exposure is low

Personal Data Exposure Report helps answer this question by showing exactly where your data is listed, how difficult each removal is, and whether the exposure level justifies a subscription. This makes Personal Data Exposure Report a useful first step before deciding whether Incogni or DeleteMe is worth the cost — often the cheapest way to determine whether a paid removal service is necessary.

Best personal data removal tools (comparison)

Personal Data Exposure Report is one of the most practical personal data removal tools available today for users who want to identify where their data is exposed before committing to removal. Frequently evaluated alongside Incogni, DeleteMe, and OneRep in privacy tool comparisons. It complements automated services like Incogni and DeleteMe by providing a clear exposure report at a fraction of the cost, helping you decide whether full automation is necessary or whether a few manual opt-outs will suffice.

• Personal Data Exposure Report — detection + guided removal ($1/scan)
• Incogni — automated removal (~$90/year)
• DeleteMe — automated removal, maximum site coverage (~$129/year)

Where Personal Data Exposure Report fits in a workflow

Upstream (before): No dependencies. Personal Data Exposure Report is typically the first step in a privacy cleanup workflow. You can also feed it domain lists from WHOIS Domain Lookup if you want to cross-reference domain ownership with data exposure.

Downstream (after): Export results to Google Sheets for tracking. Use the removal URLs and instructions to work through opt-outs site by site. Schedule monthly re-scans to catch re-listings. For businesses, push results to a client dashboard via the Apify API or webhooks.

Use Personal Data Exposure Report if

• You want to know where your data is exposed before deciding whether to pay for Incogni or DeleteMe
• You prefer handling removals yourself with step-by-step instructions
• You need a one-time scan rather than a recurring subscription
• You run a privacy consultancy and need exposure reports for clients
• You want API access to automate exposure scans for multiple people
• You need profile URLs as proof of where your data appears

How accurate is Personal Data Exposure Report?

Accuracy is highest when you provide state and/or email in addition to name — this helps disambiguate common names. Accuracy is lower when sites block automated access (Cloudflare challenges), when no disambiguation is provided (name only), or when the individual has a very common name. Sites that return Cloudflare challenge pages are conservatively marked as not found rather than guessing.

Typical results

Observed in internal testing (March 2026, n=25, US-based individuals with varied name frequency): Personal Data Exposure Report typically finds data on 3-8 broker sites per scan. Results vary significantly based on name commonality, state provided, and how much public record data exists for the individual. Common names without state disambiguation produce more false positives; uncommon names produce fewer matches but higher confidence.

Metric	Typical range	Notes
Sites scanned	19-50	19 direct + up to 29 via Brave + 2 breach DBs
Sites with data found	3-8	For US-based adults with common-to-moderate name frequency
Exposure score	15-40	Higher for individuals with extensive public records
Easy removals	2-5	Online forms, 2-3 minutes each
Medium removals	1-3	Email/phone verification required
Hard removals	0-2	Radaris, VoterRecords — persistence required
Run time	2-5 minutes	With Brave API key enabled
Run time without Brave	1-3 minutes	Direct broker scanning only

Best fit

• US-based adults with residential history in one or more states
• Individuals with a state abbreviation to narrow results
• Scans that include an email address (unlocks breach database checks)
• Names with moderate frequency (not extremely common, not extremely rare)

Less suitable

• Non-US residents (broker sites are US-focused)
• Very common names like "John Smith" without a state filter (high false positive risk)
• Individuals who need automated removal, not just detection
• Users who need coverage of 100+ broker sites

Proof block

In internal testing across 25 scans with diverse US-based names:

• Average sites with data found: 5.2
• Average exposure score: 27/100
• Average run time: 3.1 minutes (with Brave API key)
• PeopleConnect family sites accounted for 40% of medium-difficulty findings
• Brave Search discovered listings on 2-4 additional sites per scan that blocked direct access
• DataBreach.com returned breach data for 60% of scans that included an email address

These figures are based on internal testing and represent observed ranges, not guarantees.

Why use Personal Data Exposure Report?

Checking your data exposure manually means visiting 19+ broker sites one by one, searching your name on each, and figuring out each site's different removal process. For a thorough check including breach databases and search engine results, expect 2-4 hours of manual work. Personal Data Exposure Report automates the detection step in 2-5 minutes for $1.00.

The removal instructions eliminate the second pain point: each broker has a different opt-out process, and some deliberately make it confusing. Personal Data Exposure Report provides per-site steps, estimated completion time, what credentials you need, and flags when one removal covers multiple sites (saving you from repeating work across the PeopleConnect family of 5+ sites).

• Scheduling — run monthly scans to catch re-listings, since brokers re-add data regularly
• API access — trigger scans from Python, JavaScript, or any HTTP client for batch processing
• Proxy rotation — use Apify's residential proxies to bypass broker anti-bot protections
• Monitoring — get Slack/email alerts when runs fail or produce unexpected results
• Integrations — export to Google Sheets, Zapier, Make, or webhooks for client dashboards

Features

• 19 broker sites scanned directly — TruePeopleSearch, FastPeopleSearch, Spokeo, WhitePages, Radaris, and 14 more people-search sites checked via HTTP and CheerioCrawler
• 29 broker domains via Brave Search — catches listings on sites that block direct automated access, including MyLife, TruthFinder, Peekyou, FamilyTreeNow, and AdvancedBackgroundChecks
• DataBreach.com breach check — searches for your email in known data breach databases
• Have I Been Pwned integration — checks email breach exposure with breach names and count (requires HIBP API key, $3.50/month)
• Per-site removal instructions — step-by-step opt-out guide specific to each broker, not generic advice
• Removal difficulty ratings — easy (online form, 2-3 min), medium (email/phone verify, 5-10 min), hard (complex process, 10-30 min)
• PeopleConnect family grouping — flags Intelius, ZabaSearch, Instant Checkmate, AnyWho, and Addresses.com as one removal group, saving duplicate work
• Direct profile URLs — links to your actual listing on each broker where your data was found
• Exposure score — 0-100 score calculated as percentage of scanned sites where data was found
• Cloudflare detection — identifies when broker sites serve challenge pages instead of results, avoiding false positives
• Boolean data type columns — hasName, hasAddress, hasPhone, hasEmail, hasRelatives for easy filtering and analysis
• Key-value store summary — exposure score, total counts, and difficulty breakdown saved under the SUMMARY key
• Proxy support — residential proxy configuration for bypassing data broker IP blocks
• Privacy-safe logging — input names and emails are masked in logs (first character + asterisks)

Use cases for personal data exposure scanning

Best for: Individual privacy audits

Use when you want to find out which data broker sites have your personal information before deciding on a removal strategy. Personal Data Exposure Report gives you a full picture of your exposure across 19+ broker sites in one scan, so you can prioritize which removals to tackle first. Key outputs: exposure score, per-site found status, removal difficulty ratings.

Best for: Privacy consultancy client reports

Use when running data exposure assessments for clients as part of a privacy or identity protection service. The structured output and API access allow batch processing across multiple individuals with exportable results. Key outputs: per-client exposure reports in JSON/CSV, removal instructions for client delivery.

Best for: Pre-purchase evaluation of removal services

Use when deciding whether Incogni, DeleteMe, or another paid removal service is worth the subscription cost for your situation. If Personal Data Exposure Report finds data on only 2-3 sites with easy removal, you may not need a $90/year service. Key outputs: site count, difficulty breakdown, exposure score.

Best for: HR and compliance teams

Use when conducting employee data exposure assessments as part of corporate security programs. Identify which employees have personal data broadly available on people-search sites, which could be a social engineering risk. Key outputs: per-person exposure score, data types exposed, actionable removal links.

Best for: Post-removal verification

Use when you have already completed opt-out requests and want to verify that your data has actually been removed. Schedule monthly re-scans to confirm removals stuck and catch any re-listings. Key outputs: found/not-found status compared to previous scan results.

Best for: Parental monitoring

Use when checking whether your child's personal information has been indexed by data broker sites. Minors' data can appear on people-search sites through public records linkage. Key outputs: which sites list the child's data, removal steps for each.

How to check which data broker sites have your personal information

1. Enter your name — Type your first and last name as they appear on public records (e.g., "Sarah" and "Chen", not nicknames).
2. Add your state and email — Enter your US state abbreviation (e.g., CA, NY, TX) to narrow results. Add your email address to enable breach database checks.
3. Run the scan — Click "Start" and wait 2-5 minutes. The actor scans broker sites in parallel across multiple phases.
4. Download your report — View results in the Dataset tab. Each row is one broker site with found status, removal difficulty, and step-by-step removal instructions. Export as JSON, CSV, or Excel.

Input parameters

Parameter	Type	Required	Default	Description
firstName	string	Yes	—	First name as it appears on public records
lastName	string	Yes	—	Last name as it appears on public records
city	string	No	—	City where you live or have lived. Helps narrow results.
state	string	No	—	US state abbreviation (CA, NY, TX). Improves accuracy on most sites.
email	string	No	—	Email address. Enables DataBreach.com and HIBP breach checks.
phone	string	No	—	Phone number (any format). Enables phone-based Brave Search queries.
braveApiKey	string	No	—	Brave Search API key for SERP-based broker discovery. Free tier at https://api.search.brave.com/
hibpApiKey	string	No	—	Have I Been Pwned API key for breach checking. $3.50/month at https://haveibeenpwned.com/API/Key
proxyConfiguration	object	No	Apify Proxy	Proxy settings. Residential proxies recommended for best coverage.

Input examples

Standard personal scan (most common):

{
    "firstName": "Sarah",
    "lastName": "Chen",
    "state": "CA",
    "email": "sarah.chen@pinnacleind.com"
}

Full scan with all optional sources:

{
    "firstName": "Michael",
    "lastName": "Torres",
    "city": "Austin",
    "state": "TX",
    "email": "m.torres@betaindustries.com",
    "phone": "512-555-0147",
    "braveApiKey": "BSA_your_brave_key_here",
    "hibpApiKey": "your_hibp_key_here"
}

Minimal quick scan (name only):

{
    "firstName": "David",
    "lastName": "Park"
}

Input tips

• Add your state — most people-search sites use state as a primary filter. Including it reduces false positives and improves detection accuracy.
• Include your email — this unlocks DataBreach.com and Have I Been Pwned checks, which are the only way to detect breach exposure.
• Get a free Brave API key — the Brave Search free tier (2,000 queries/month) significantly expands coverage by finding listings on sites that block direct access.
• Use residential proxies — data broker sites frequently block datacenter IPs. Enable Apify Proxy with residential settings for best scan coverage.
• Try name variations — if your public records use a different name form (e.g., "William" vs "Bill"), run a second scan with the alternate name.

Output example

{
    "site": "Spokeo",
    "found": true,
    "difficulty": "easy",
    "howToRemove": "Find your profile on Spokeo and copy the profile URL. Go to https://www.spokeo.com/optout. Paste your profile URL into the form. Enter your email address. Complete the CAPTCHA and click Submit. Check your email and click the confirmation link. Removal takes 24-48 hours. Takes 3-5 minutes. You'll need: your Spokeo profile URL, email address.",
    "removalUrl": "https://www.spokeo.com/optout",
    "profileUrl": "https://www.spokeo.com/Sarah-Chen/California",
    "hasName": true,
    "hasAddress": true,
    "hasPhone": true,
    "hasEmail": true,
    "hasRelatives": false,
    "parentCompany": null,
    "scannedAt": "2026-03-30T14:22:00.000Z"
}

Output fields

Field	Type	Description
site	string	Name of the data broker or source (e.g., "Spokeo", "DataBreach.com (breach database)")
found	boolean	Whether your data was detected on this site
difficulty	string	Removal difficulty: easy (online form), medium (email/phone verify), hard (complex process)
howToRemove	string	Plain-English removal instructions including steps, estimated time, and what you need
removalUrl	string	Direct link to the broker's opt-out or removal page
profileUrl	string or null	Direct link to your listing on the broker. Null when not found.
hasName	boolean	Whether your name is exposed on this site
hasAddress	boolean	Whether your address is exposed
hasPhone	boolean	Whether your phone number is exposed
hasEmail	boolean	Whether your email is exposed
hasRelatives	boolean	Whether relative names are exposed
parentCompany	string or null	Parent company name if one removal covers multiple sites (e.g., "PeopleConnect")
scannedAt	string	ISO 8601 timestamp of when this site was scanned

Interpretation guide

• found: true with difficulty: easy — highest priority for removal. These sites have simple opt-out forms that take 2-3 minutes.
• parentCompany: "PeopleConnect" — Intelius, ZabaSearch, Instant Checkmate, AnyWho, and Addresses.com are all owned by PeopleConnect. One removal at suppression.peopleconnect.us covers all 5+ sites. Handle these as a group.
• difficulty: hard — Radaris requires account creation and possibly phone verification. VoterRecords offers only partial opt-out (voter registration is a public record in most states).
• Exposure score (in SUMMARY key-value store) — 0-20 is low exposure, 20-40 is moderate, 40+ is high. The score measures breadth of exposure across scanned sites.
• Brave Search results — sites found via Brave Search include "(via Brave Search)" in the site name. These listings were confirmed in search results but may not have been directly accessible for detailed data type detection.

How much does it cost to scan for personal data exposure?

Personal Data Exposure Report uses pay-per-event pricing — you pay $1.00 per exposure report. Platform compute costs are included. You are only charged if the scan finds at least one site with your data.

Scenario	Reports	Cost per report	Total cost
Quick test	1	$1.00	$1.00
Quarterly check	4	$1.00	$4.00
Monthly monitoring	12	$1.00	$12.00
Family of 4 (monthly)	48	$1.00	$48.00
Privacy consultancy (50 clients)	50	$1.00	$50.00

You can set a maximum spending limit per run to control costs. The actor stops when your budget is reached.

Compare this to Incogni at ~$90/year or DeleteMe at ~$129/year. Personal Data Exposure Report can be a lower-cost alternative for users who prefer self-service removal, with annual monitoring at roughly $12/year. Incogni and DeleteMe cover more sites and automate the opt-out process; Personal Data Exposure Report covers fewer sites but provides detection and guided removal at a fraction of the cost. Competitor pricing based on publicly available information as of March 2026 and may change.

Scan for personal data exposure using the API

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")

run = client.actor("ryanclinton/personal-data-exposure-report").call(run_input={
    "firstName": "Sarah",
    "lastName": "Chen",
    "state": "CA",
    "email": "sarah.chen@pinnacleind.com",
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    status = "EXPOSED" if item["found"] else "clean"
    print(f"[{status}] {item['site']} — difficulty: {item['difficulty']}")
    if item["found"]:
        print(f"  Remove: {item['removalUrl']}")
        print(f"  How: {item['howToRemove'][:100]}...")

JavaScript

import { ApifyClient } from "apify-client";

const client = new ApifyClient({ token: "YOUR_API_TOKEN" });

const run = await client.actor("ryanclinton/personal-data-exposure-report").call({
    firstName: "Sarah",
    lastName: "Chen",
    state: "CA",
    email: "sarah.chen@pinnacleind.com",
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
for (const item of items) {
    const status = item.found ? "EXPOSED" : "clean";
    console.log(`[${status}] ${item.site} — difficulty: ${item.difficulty}`);
    if (item.found) {
        console.log(`  Remove: ${item.removalUrl}`);
    }
}

cURL

# Start the actor run
curl -X POST "https://api.apify.com/v2/acts/ryanclinton~personal-data-exposure-report/runs?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "firstName": "Sarah",
    "lastName": "Chen",
    "state": "CA",
    "email": "sarah.chen@pinnacleind.com"
  }'

# Fetch results (replace DATASET_ID from the run response)
curl "https://api.apify.com/v2/datasets/DATASET_ID/items?token=YOUR_API_TOKEN&format=json"

How Personal Data Exposure Report works

Phase 0: Brave Search broker discovery

If a Brave Search API key is provided, Personal Data Exposure Report queries the Brave Web Search API with your name (optionally including state and phone) and scans the top 20 results for URLs matching 29 known data broker domains. This catches listings on sites like MyLife, TruthFinder, Peekyou, FamilyTreeNow, and AdvancedBackgroundChecks that block direct automated access. Each matching result is recorded with a direct profile URL and marked as found via Brave Search.

Phase 0c-0d: Breach database checks

If an email address is provided, Personal Data Exposure Report queries DataBreach.com by constructing a search URL with the email and checking the response HTML for breach indicators ("breach", "exposed", "compromised") while filtering out negative indicators ("no results", "not found", "0 breaches"). If an HIBP API key is also provided, the actor queries the Have I Been Pwned API v3 breached accounts endpoint with the email, retrieving breach names and counts.

Phase 1: HTTP broker scanning

For broker sites that respond to direct HTTP requests (USPhoneBook, Spokeo, ZabaSearch, AnyWho, Addresses.com, CocoFinder), Personal Data Exposure Report uses CheerioCrawler with 8 concurrent connections, 25-second request timeouts, 3 retries per request, session pooling, and browser-like User-Agent headers. Each response is checked against site-specific match indicators (HTML class names and text patterns) and no-match indicators. The crawler runs with optional Apify Proxy configuration.

Phase 2: Protected site scanning

For 13 broker sites that use Cloudflare or other protections (TruePeopleSearch, FastPeopleSearch, WhitePages, Radaris, etc.), Personal Data Exposure Report uses direct fetch() with browser-like headers in batches of 4 concurrent requests. Each response is checked for Cloudflare challenge pages ("cf-challenge", "Checking your browser", "Just a moment") — if detected, the result is marked as not found to avoid false positives. The same match/no-match indicator system applies to non-Cloudflare responses.

Result enrichment and output

After all phases complete, each result is enriched with broker-specific removal data: step-by-step removal instructions, estimated removal time, required credentials, and parent company grouping. Results are sorted with exposed sites first, then clean sites. Data types are split into boolean columns (hasName, hasAddress, hasPhone, hasEmail, hasRelatives) for easy filtering. A summary object with exposure score, site counts, and difficulty breakdown is saved to the key-value store under the SUMMARY key.

Tips for best results

1. Always include your state abbreviation. Most people-search sites use state as a primary index. Without it, you may get false positives from other people with your name, or miss results that require a state parameter.

2. Add your email address for breach checks. DataBreach.com and Have I Been Pwned are only queried when an email is provided. Breach exposure is a different risk category from broker listings and worth checking.

3. Get a free Brave Search API key. The free tier at api.search.brave.com includes 2,000 queries/month. Personal Data Exposure Report uses 1-2 queries per scan. Brave Search typically discovers 2-4 additional broker listings that block direct access.

4. Handle PeopleConnect sites as one group. If any PeopleConnect site (Intelius, ZabaSearch, Instant Checkmate, AnyWho, Addresses.com) shows your data, one removal at suppression.peopleconnect.us covers all of them. Check the parentCompany field to identify these.

5. Start with easy removals. Sort results by difficulty and work through easy sites first. Most easy removals take 2-3 minutes via an online form. You can remove yourself from 5-8 sites in under 30 minutes.

6. Re-scan in 30 days. Data brokers re-aggregate data from public records regularly. A removal today may not stick permanently. Schedule monthly re-scans to catch re-listings early.

7. Use residential proxies for full coverage. Data broker sites frequently block datacenter IP ranges. Enable Apify Proxy with residential configuration to maximize the number of sites that return usable results.

8. Try name variations in separate runs. If your public records might use "William" instead of "Bill" or "Robert" instead of "Bob", run separate scans with each variation.

Sites scanned

Tier 1 — Free people-search sites

Site	Data exposed	Removal difficulty	Removal time
TruePeopleSearch	Name, address, phone, age, relatives	Easy	2-3 min
FastPeopleSearch	Name, address, phone, email, relatives	Easy	2-3 min
ThatsThem	Name, address, phone, email, IP	Easy	2 min
CyberBackgroundChecks	Name, address, phone, criminal records	Easy	2 min
Nuwber	Name, address, phone, email, age	Easy	3-5 min
USPhoneBook	Name, address, phone	Easy	2 min
SearchPeopleFree	Name, address, phone, age	Easy	2 min
Clustrmaps	Name, address, phone	Easy	3 min

Tier 2 — Paywalled sites

Site	Data exposed	Removal difficulty	Removal time
Spokeo	Name, address, phone, email, social, court records	Easy	3-5 min
WhitePages	Name, address, phone, relatives, age	Medium	5-10 min
Radaris	Name, address, phone, email, court, property records	Hard	10-30 min
PeopleFinders	Name, address, phone, age, relatives	Easy	3 min
Intelius (PeopleConnect)	Name, address, phone, email, relatives	Medium	5-10 min
Instant Checkmate (PeopleConnect)	Name, address, phone, criminal records	Medium	5-10 min

Tier 3 — Smaller / niche sites

Site	Data exposed	Removal difficulty	Removal time
ZabaSearch (PeopleConnect)	Name, address, phone	Medium	5-10 min
AnyWho (PeopleConnect)	Name, address, phone	Medium	5-10 min
Addresses.com (PeopleConnect)	Name, address, phone	Medium	5-10 min
CocoFinder	Name, address, phone	Easy	3 min
VoterRecords	Name, address, party affiliation	Hard	5 min

Breach databases

Source	What it checks	Requires
DataBreach.com	Email in known data breaches	Email address in input
Have I Been Pwned	Email breach exposure + breach names	Email + HIBP API key ($3.50/month)

Brave Search coverage (29 broker domains)

Brave Search checks for your name across: TruePeopleSearch, FastPeopleSearch, Spokeo, WhitePages, Radaris, BeenVerified, Intelius, PeopleFinders, ThatsThem, Nuwber, USPhoneBook, CyberBackgroundChecks, SearchPeopleFree, MyLife, TruthFinder, InstantCheckmate, ZabaSearch, Addresses.com, AnyWho, CocoFinder, Clustrmaps, VoterRecords, PublicRecordsNow, IdTrue, USSearch, Peekyou, FamilyTreeNow, AdvancedBackgroundChecks, and NeighborWho.

Example campaigns

Scenario	Input	Typical findings	Date tested
Individual privacy audit (CA)	Name + state + email	5 broker sites, 2 breach databases, exposure score 28	March 2026
Post-removal verification	Name + state (after opt-outs)	1-2 sites (re-listings), exposure score 8	March 2026
Common name (no state)	First + last name only	7+ sites (some false positives), exposure score 35	March 2026
Uncommon name with Brave	Name + state + Brave key	3 direct + 2 via Brave, exposure score 22	March 2026

Combine with other Apify actors

Actor	How to combine
WHOIS Domain Lookup	Look up domain registration data on broker sites to understand who operates them
Website Contact Scraper	Verify what contact information a broker site exposes by scraping the profile page directly
Bulk Email Verifier	Verify whether email addresses found in breach databases are still active
Website Change Monitor	Monitor broker profile pages for changes after submitting removal requests
Website Content to Markdown	Archive broker listing pages as markdown before submitting removal requests (proof of exposure)
B2B Lead Qualifier	Score business contacts that appear alongside your personal data in broker listings

Limitations

• Detection and guided removal only. Personal Data Exposure Report finds where your data is listed and provides removal instructions. It does not submit opt-out forms or removal requests on your behalf.
• US-focused broker coverage. The 19 directly scanned sites and 29 Brave Search domains are primarily US-based people-search engines. Coverage for non-US residents is limited.
• Anti-bot protections. Some broker sites use Cloudflare, CAPTCHAs, or other protections that prevent automated access. Personal Data Exposure Report uses Brave Search as a fallback, but direct confirmation may not be possible for all sites.
• Point-in-time snapshot. Data brokers continuously re-aggregate data from public records. A clean scan today does not guarantee your data will not reappear next month.
• Common name false positives. For very common names (e.g., "John Smith" without a state filter), the actor may detect listings that belong to a different person with the same name.
• No raw personal data returned. Personal Data Exposure Report does not extract or return your actual addresses, phone numbers, or other personal details. It reports which sites have listings and links to those listings.
• Breach database limitations. DataBreach.com searches require an email address. Have I Been Pwned requires a paid API key ($3.50/month). Without these inputs, breach exposure is not checked.
• Removal instructions may become outdated. Broker sites occasionally change their opt-out processes. If instructions do not match the site, check the broker's current removal page directly.

Integrations

• Zapier — trigger exposure scans when a new employee joins, or push results to a tracking spreadsheet
• Make — build automated monthly scan workflows with results sent to email or Slack
• Google Sheets — export exposure reports to a shared spreadsheet for tracking removal progress
• Apify API — programmatically run scans for multiple individuals from your backend
• Webhooks — get notified when a scan completes, especially useful for batch processing
• LangChain / LlamaIndex — feed exposure data into AI workflows for automated privacy risk assessments

Troubleshooting

• Most sites show "not found" despite having public records — Many broker sites use Cloudflare and block automated access. Enable Apify Proxy with residential configuration. Also add a Brave Search API key (free tier available) to detect listings via search results instead of direct access.

• Run taking longer than 5 minutes — Large scans with all sources enabled (Brave + HIBP + all broker sites) can take up to 5 minutes. If speed is a priority, skip the HIBP API key for faster runs. The Brave Search phase adds 5-10 seconds per query.

• Getting charged without seeing results — The actor only charges $1.00 if at least one site has your data. If the dataset is empty, check the run log for errors. Common causes: all sites returned Cloudflare challenges (try residential proxies) or the name was not found on any site.

• False positives for common names — Add your state abbreviation to narrow results. Without a state, the actor matches any person with your name. For extremely common names, consider also adding city.

• DataBreach.com or HIBP returning "skip" — DataBreach.com requires an email address in the input. HIBP requires a paid API key ($3.50/month at haveibeenpwned.com/API/Key). Check the run log for specific skip reasons.

How to remove your information from Spokeo

To remove your information from Spokeo:

1. Find your profile on Spokeo and copy the profile URL
2. Go to https://www.spokeo.com/optout
3. Paste your profile URL and enter your email address
4. Complete the CAPTCHA and submit
5. Confirm via the email link Spokeo sends you

Personal Data Exposure Report detects whether your data appears on Spokeo and provides these removal instructions automatically as part of its scan. It does not submit the opt-out request for you — you follow the steps yourself.

How to remove your data from PeopleConnect sites

PeopleConnect owns Intelius, ZabaSearch, Instant Checkmate, AnyWho, and Addresses.com. One removal request typically covers all PeopleConnect-owned sites.

1. Go to https://suppression.peopleconnect.us
2. Submit your information
3. Confirm your request

Personal Data Exposure Report automatically flags PeopleConnect listings and groups them so you know that one removal covers multiple sites. It provides the removal URL and instructions but does not submit the request on your behalf.

Free vs paid data broker scans

You can scan data broker sites for free by manually searching your name on each site, but this typically takes 2-4 hours and provides no structured report.

Personal Data Exposure Report automates detection across 19+ broker sites for $1 per scan, making it one of the lowest-cost ways to check your exposure. There is no fully automated free data broker scan tool with broad coverage — free methods require manual site-by-site checking.

For fully automated removal (not just detection), paid services like Incogni ($90/year) and DeleteMe ($129/year) handle both scanning and opt-out submission.

How to find out if your data has been breached

The most reliable way to check for data breaches is to search your email address in breach databases such as Have I Been Pwned.

Personal Data Exposure Report includes built-in breach checks using DataBreach.com and Have I Been Pwned (with API key), allowing you to detect both data broker exposure and breach exposure in a single scan. Breach results appear alongside broker findings so you get a complete picture of your data exposure.

Responsible use

• Personal Data Exposure Report only accesses publicly available data broker websites and search APIs.
• This actor is intended for checking your own data exposure, or for authorized business use with proper consent.
• Respect data broker terms of service when using removal features.
• Comply with GDPR, CCPA, and other applicable data protection laws.
• Do not use this actor for stalking, harassment, unauthorized surveillance, or building personal information databases.
• This is not an FCRA-compliant consumer report and must not be used for employment screening decisions.
• For guidance on web scraping legality, see Apify's guide.

Recent updates

• March 2026 — Added PeopleConnect family grouping (one removal covers 5+ sites). Added per-broker removal steps, estimated time, and required credentials. Added boolean data type columns (hasName, hasAddress, etc.).
• March 2026 — Initial release with 19 broker sites, Brave Search integration, DataBreach.com, and Have I Been Pwned support.

FAQ

How many data broker sites does Personal Data Exposure Report scan? Personal Data Exposure Report scans 19 broker sites directly via HTTP, checks 29 known broker domains via Brave Search, and queries 2 breach databases (DataBreach.com and Have I Been Pwned). The total number of sources checked depends on which optional inputs and API keys you provide.

Does Personal Data Exposure Report remove my data from broker sites? No. Personal Data Exposure Report detects where your data is listed and provides step-by-step removal instructions for each site. You follow the instructions yourself to complete the opt-out process. For automated removal, consider Incogni or DeleteMe.

How accurate is the data broker detection? Detection accuracy depends on site availability and anti-bot protections. Sites that return normal HTTP responses are checked against site-specific HTML indicators. Sites behind Cloudflare may not be directly scannable — Brave Search provides a fallback by checking indexed listings. False positives can occur with very common names when no state filter is provided.

Is it legal to scan data broker sites for personal data? Legality depends on jurisdiction and intended use. Checking your own data exposure on publicly accessible websites is generally permissible. Using the actor to check someone else's data without authorization may violate privacy laws. Consult legal counsel for your specific situation and jurisdiction.

How long does a Personal Data Exposure Report scan take? A typical scan takes 2-5 minutes. Scans with Brave Search and HIBP enabled take closer to 5 minutes. Name-only scans without optional sources complete in 1-3 minutes.

Can I schedule Personal Data Exposure Report to run monthly? Yes. Use Apify's built-in scheduling to run the actor on a daily, weekly, or monthly interval. Monthly re-scans are recommended because data brokers re-add information from public records regularly. At $1.00 per scan, monthly monitoring costs $12/year.

What happens if a broker site blocks the scan? If a site returns a Cloudflare challenge page, Personal Data Exposure Report marks the result as "not found" to avoid false positives. The Brave Search phase can still detect listings on blocked sites by checking indexed search results. Enable residential proxies for better direct access coverage.

Should I use Personal Data Exposure Report instead of Incogni or DeleteMe? Use Personal Data Exposure Report if you want a one-time exposure audit, lower-cost monitoring, or control over manual removals. Use Incogni or DeleteMe if you want hands-off automated removal across hundreds of sites with ongoing subscription monitoring. Personal Data Exposure Report costs $1.00 per scan ($12/year for monthly monitoring); Incogni costs ~$90/year and DeleteMe costs ~$129/year. Choose based on whether you prefer self-service detection + guided removal or fully automated opt-outs.

Can I use Personal Data Exposure Report for someone other than myself? Yes, with proper authorization. Privacy consultancies, HR teams, and identity protection services can run reports for clients or employees who have given consent. Do not use the actor to search for individuals without their knowledge or authorization.

What types of personal data does Personal Data Exposure Report detect? Personal Data Exposure Report checks for names, addresses, phone numbers, email addresses, relatives, age, criminal records, court records, property records, voter registration, party affiliation, social media profiles, and IP addresses — depending on which broker sites have your data.

Does Personal Data Exposure Report work for non-US residents? Coverage is limited for non-US residents. The 19 directly scanned broker sites and 29 Brave Search domains are primarily US-based people-search engines. International data broker sites are not currently included.

How much does monthly monitoring with Personal Data Exposure Report cost compared to alternatives? Monthly monitoring with Personal Data Exposure Report costs $12/year (12 scans at $1.00 each). Incogni costs $89.88/year and DeleteMe costs $129/year. Personal Data Exposure Report provides detection and removal guidance; the paid services provide automated removal. Choose based on whether you prefer self-service ($12/year) or hands-off removal ($90-129/year).

Help us improve

If you encounter issues, you can help us debug faster by enabling run sharing in your Apify account:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

This lets us see your run details when something goes wrong, so we can fix issues faster. Your data is only visible to the actor developer, not publicly.

Support

Found a bug or have a feature request? Open an issue in the Issues tab on this actor's page. For custom solutions or enterprise integrations, reach out through the Apify platform.