How does GhostVault stop spam calls?

Americans received 52.5 billion robocalls in 2025, according to the YouMail Robocall Index. Spam callers source phone numbers primarily from data broker sites that aggregate and sell personal information. GhostVault removes your phone number, home address, and personal details from 500+ data broker and people-search sites — cutting off the supply chain that feeds spam callers. Most users report a significant reduction in spam calls within 30–60 days of removal.

Can GhostVault prevent identity theft?

Yes. The FTC received 1.1 million identity theft reports in 2024, with total consumer fraud losses hitting $12.5 billion — a 25% increase over the prior year (FTC Consumer Sentinel Network Data Book 2024). Identity thieves routinely use data broker sites to obtain personal details — full name, address, phone number, relatives, and employment history — before committing fraud. GhostVault removes this data from 500+ broker sites and monitors for reappearance, materially reducing the personal information available to bad actors.

How long does it take to remove my information?

GhostVault's scan delivers results instantly — no waiting period. Automated CCPA deletion requests are sent to data brokers immediately upon subscription. Under the California Consumer Privacy Act, brokers are legally required to process deletion requests within 45 days. In practice, most major brokers (Spokeo, Whitepages, BeenVerified) remove listings within 7–14 days. GhostVault monitors your listings continuously and re-submits removal requests whenever your data reappears.

Which data broker sites does GhostVault remove me from?

GhostVault targets 500+ data broker and people-search sites — more than double the coverage of most competitors. This includes all major brokers: Spokeo, Whitepages, BeenVerified, TruePeopleSearch, Intelius, Radaris, PeopleFinders, MyLife, FastPeopleSearch, Nuwber, PeopleLooker, and hundreds of smaller aggregators and resellers. The global data broker market was valued at approximately $277–$303 billion in 2024, according to multiple industry research firms including Grand View Research and ResearchAndMarkets, making comprehensive removal coverage essential.

Is the scan really free?

Yes. GhostVault's exposure scan is completely free — no credit card, no account required. The scan checks your name against 500+ data broker databases and returns a detailed report showing exactly which sites have your phone number, home address, relatives, and other personal information. Paid removal starts at $3.99/month, making GhostVault the most affordable full-coverage data removal service available in 2026.

How much does GhostVault cost?

GhostVault costs $3.99/month on a monthly plan, or $39/year ($3.25/month) on the annual plan. This makes it the lowest-priced comprehensive data removal service in the market — cheaper than Incogni ($6.49/month annual), OneRep ($8.33/month annual), DeleteMe ($10.75/month annual), and PrivacyDuck ($8.25/month annual). All plans include unlimited removal requests, continuous monitoring, and breach alerts.

Colorado Data Privacy Law (CPA): What Colorado Residents Need to Know

The Colorado Privacy Act (CPA) took effect on July 1, 2023, giving Colorado residents rights over their personal data. One feature separates it from most other state laws: businesses must honor technical opt-out signals like the Global Privacy Control, which went into effect in 2024. Here is what you need to know.

What Is the Colorado Privacy Act?

Governor Jared Polis signed the Colorado Privacy Act on July 8, 2021. It became effective July 1, 2023 — the same day as Connecticut's CTDPA. Colorado was the third state to pass a comprehensive consumer data privacy law, after California and Virginia.

The CPA applies to businesses that conduct business in Colorado or produce products or services intentionally targeted to Colorado residents, and that either: control or process personal data of at least 100,000 Colorado consumers per calendar year, or control or process personal data of at least 25,000 Colorado consumers and derive revenue or receive a discount on the price of goods or services from the sale of personal data. Like Virginia's VCDPA, there is no standalone revenue threshold.

The law defines "sale" broadly — the exchange of personal data for monetary or other valuable consideration — so data brokers who trade consumer profiles for advertising credits or data-sharing arrangements are still covered. Laws that restrict "sale" to direct cash transactions miss this. Colorado's definition doesn't.

Your Rights Under the Colorado CPA

Colorado residents have five enforceable rights under the CPA:

Your 5 Rights Under the Colorado CPA

Right to Access: Confirm whether a controller is processing your personal data and obtain a copy of that data in a portable, readily usable format.
Right to Correct: Correct inaccuracies in your personal data, taking into account the nature of the data and the purposes of processing.
Right to Delete: Request deletion of personal data provided by or obtained about you, including data derived from that information.
Right to Data Portability: Obtain your personal data in a portable format so you can transmit it to another controller without hindrance.
Right to Opt Out: Opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions with significant effects. This includes the right to opt out via a universal opt-out mechanism such as the Global Privacy Control.

Businesses covered by the CPA must respond to consumer rights requests within 45 days, extendable by another 45 days with prior notice. Requests are free of charge up to twice per year; businesses may charge a reasonable fee for subsequent requests. They cannot retaliate against consumers for exercising their rights.

Colorado's Universal Opt-Out Requirement

The CPA's universal opt-out mechanism requirement is what sets it apart from most other state laws. Starting July 1, 2024, businesses must recognize and honor technical opt-out signals sent by consumers' browsers or devices.

The primary such signal is the Global Privacy Control (GPC) — a browser-level setting that sends an automated "do not sell or share my data" signal to every website you visit. When a covered business receives a GPC signal, it must treat it as a valid opt-out request for targeted advertising and data sale — without requiring the consumer to navigate to a separate opt-out page or complete a form.

In practice, this means you can set your preference once and have it automatically applied across all covered businesses, instead of opting out company-by-company. Colorado's GPC compliance requirement matches California's, making it one of the stronger browser-level opt-out provisions of any state law.

How the CPA Compares to CCPA

Feature	CCPA (California)	CPA (Colorado)
Threshold	$25M revenue OR 100K consumers	100K consumers OR 25K if data-sale revenue
Universal opt-out (GPC)	Required	Required (as of July 2024)
Data protection assessments	Required for certain processing	Mandatory for high-risk processing
Private right of action	Limited (data breaches only)	None — AG enforcement only
Cure period	None after Jan 2023	60 days (until Jan 1, 2025), then discretionary
Max penalty	$7,500 intentional violations	$20,000 per violation
Response deadline	45 days (extendable 45)	45 days (extendable 45)

Colorado's maximum penalty of $20,000 per violation is higher than most comparable state laws, which cap violations at $7,500. The Colorado AG can bring enforcement actions and seek both civil penalties and injunctive relief.

What Data Brokers Must Do Under the CPA

Colorado's CPA imposes several obligations on data controllers, including data brokers:

Publish a transparent privacy notice describing the categories of personal data processed, the purposes of processing, the consumer rights available, how to exercise those rights, and the categories of data shared with third parties.
Honor opt-out requests for targeted advertising, data sales, and significant profiling — including universal opt-out signals (GPC) from browsers and devices as of July 1, 2024.
Obtain meaningful consent before processing sensitive data categories, including precise geolocation, racial or ethnic origin, mental or physical health conditions, biometric data, personal data of children, immigration status, and financial information.
Conduct data protection assessments for processing activities that present heightened risk, including targeted advertising, sale of personal data, and certain profiling activities.
Process deletion requests within 45 days of receiving a verified consumer request, including directing processors to delete the data as well.
Provide an appeals process if a consumer rights request is denied, with a response due within 45 days of the appeal submission.

Step-by-Step: How to Use the CPA to Delete Your Data

1. Enable Global Privacy Control in your browser. Firefox and Brave have built-in GPC support. For Chrome, you can install the GPC browser extension. Once enabled, covered Colorado businesses must honor this as a valid opt-out signal for data sales and targeted advertising.
2. Find the data broker's privacy notice. Navigate to the site's footer and look for a link labeled "Privacy Policy," "Your Privacy Rights," or "Do Not Sell My Personal Information." Colorado businesses are required to publish this notice prominently.
3. Submit a deletion request. Use the company's designated opt-out or deletion request mechanism — typically a web form or email address. State that you are a Colorado resident and request deletion of all personal data the company holds about you.
4. Verify your identity. The company may ask you to confirm your identity via email, a verification code, or a government ID check. Respond promptly to avoid delays in processing your request.
5. Monitor the 45-day response window. Keep a record of when you submitted your request. If you do not receive a response within 45 days, or if the company notifies you of an extension, track the extended deadline.
6. Appeal or escalate if necessary. If your request is denied, submit a formal appeal. If the appeal fails, file a complaint with the Colorado Attorney General at coag.gov. The AG has authority to seek civil penalties of up to $20,000 per violation.

The CPA's combination of universal opt-out requirements, high penalties, and mandatory data protection assessments puts Colorado among the more rigorous state privacy laws. For more on how these state laws affect data broker removal, see our guide to California's CCPA rights, or let GhostVault handle deletion requests automatically.

Remove Your Data From 500+ Brokers for $3.99/Month

GhostVault automates deletion requests as your authorized agent — regardless of which state you live in. We cover 500+ data broker sites simultaneously and continue monitoring to catch re-listed profiles. Start with a free scan today.

Frequently Asked Questions

What rights does the Colorado Privacy Act give residents?

The CPA gives Colorado residents the right to access their personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, the sale of personal data, and profiling used for significant decisions. It took effect July 1, 2023.

How does Colorado's CPA differ from California's CCPA?

The CPA required businesses to honor universal opt-out signals like the Global Privacy Control starting July 1, 2024. The CPA also mandates data protection impact assessments for high-risk processing and carries higher penalties ($20,000 per violation). There is no private right of action; only the Colorado AG can enforce the law.

Can Colorado residents use the CPA to remove themselves from data brokers?

Yes. Colorado residents can submit deletion requests to covered data brokers. Businesses must respond within 45 days, extendable by 45 more. Services like GhostVault automate this process, submitting requests to 500+ data brokers on your behalf.

What is the universal opt-out requirement in Colorado's CPA?

Starting July 1, 2024, Colorado businesses must honor technical opt-out signals such as the Global Privacy Control (GPC) — a browser setting that automatically tells websites you do not want your data sold or used for targeted advertising. This is one of the strongest browser-level opt-out requirements in any US state privacy law.