How does GhostVault stop spam calls?

Americans received 52.5 billion robocalls in 2025, according to the YouMail Robocall Index. Spam callers source phone numbers primarily from data broker sites that aggregate and sell personal information. GhostVault removes your phone number, home address, and personal details from 500+ data broker and people-search sites — cutting off the supply chain that feeds spam callers. Most users report a significant reduction in spam calls within 30–60 days of removal.

Can GhostVault prevent identity theft?

Yes. The FTC received 1.1 million identity theft reports in 2024, with total consumer fraud losses hitting $12.5 billion — a 25% increase over the prior year (FTC Consumer Sentinel Network Data Book 2024). Identity thieves routinely use data broker sites to obtain personal details — full name, address, phone number, relatives, and employment history — before committing fraud. GhostVault removes this data from 500+ broker sites and monitors for reappearance, materially reducing the personal information available to bad actors.

How long does it take to remove my information?

GhostVault's scan delivers results instantly — no waiting period. Automated CCPA deletion requests are sent to data brokers immediately upon subscription. Under the California Consumer Privacy Act, brokers are legally required to process deletion requests within 45 days. In practice, most major brokers (Spokeo, Whitepages, BeenVerified) remove listings within 7–14 days. GhostVault monitors your listings continuously and re-submits removal requests whenever your data reappears.

Which data broker sites does GhostVault remove me from?

GhostVault targets 500+ data broker and people-search sites — more than double the coverage of most competitors. This includes all major brokers: Spokeo, Whitepages, BeenVerified, TruePeopleSearch, Intelius, Radaris, PeopleFinders, MyLife, FastPeopleSearch, Nuwber, PeopleLooker, and hundreds of smaller aggregators and resellers. The global data broker market was valued at approximately $277–$303 billion in 2024, according to multiple industry research firms including Grand View Research and ResearchAndMarkets, making comprehensive removal coverage essential.

Is the scan really free?

Yes. GhostVault's exposure scan is completely free — no credit card, no account required. The scan checks your name against 500+ data broker databases and returns a detailed report showing exactly which sites have your phone number, home address, relatives, and other personal information. Paid removal starts at $3.99/month, making GhostVault the most affordable full-coverage data removal service available in 2026.

How much does GhostVault cost?

GhostVault costs $3.99/month on a monthly plan, or $39/year ($3.25/month) on the annual plan. This makes it the lowest-priced comprehensive data removal service in the market — cheaper than Incogni ($6.49/month annual), OneRep ($8.33/month annual), DeleteMe ($10.75/month annual), and PrivacyDuck ($8.25/month annual). All plans include unlimited removal requests, continuous monitoring, and breach alerts.

What rights does the Delaware Personal Data Privacy Act (DPDPA) give residents?

The DPDPA gives Delaware residents the right to access their personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, the sale of personal data, and profiling for significant decisions. It took effect January 1, 2025 and has one of the lowest applicability thresholds of any state privacy law.

Delaware Data Privacy Law (DPDPA): What Delaware Residents Need to Know

Delaware's Personal Data Privacy Act (DPDPA) took effect January 1, 2025. It has one of the lowest applicability thresholds of any state privacy law — a deliberate choice given Delaware's small population. Here is what residents need to know.

What Is the Delaware Personal Data Privacy Act?

Governor John Carney signed the Delaware Personal Data Privacy Act on September 11, 2023. It became effective January 1, 2025, giving businesses roughly 15 months to comply. Delaware's law came later than most and shows it — it absorbed lessons from earlier state laws' gaps and edge cases.

The DPDPA applies to businesses that conduct business in Delaware or produce products or services targeted to Delaware residents, and during the prior calendar year either: controlled or processed personal data of at least 35,000 Delaware consumers, excluding data processed solely for completing a payment transaction; or controlled or processed personal data of at least 10,000 Delaware consumers and derived more than 20% of gross revenue from the sale of personal data.

These thresholds are calibrated to Delaware's population. With under one million residents, 35,000 consumers is roughly 3.5% of the state — proportionally similar to California's 100,000-consumer threshold against 40 million residents. The design covers a broad range of businesses processing Delaware consumer data, not just the largest national players.

Your Rights Under the DPDPA

Delaware residents have five privacy rights under the DPDPA:

Your 5 Rights Under the DPDPA

Right to Access: Confirm whether a controller is processing your personal data and obtain a copy of that data in a format you can use. Controllers must also disclose the categories of personal data processed and the purposes of processing.
Right to Correct: Request that a controller correct inaccuracies in your personal data, taking into account the nature of the data and the purposes for which it is processed.
Right to Delete: Request deletion of personal data provided by or obtained about you. Controllers must delete the data and direct processors to do the same. Exceptions apply for data needed to complete ongoing transactions or retained for legal compliance purposes.
Right to Data Portability: Obtain your personal data in a portable, readily usable format so you can transmit it to another controller.
Right to Opt Out: Opt out of the processing of your personal data for targeted advertising, the sale of personal data, and profiling in furtherance of decisions with legal or similarly significant effects. The DPDPA also requires controllers to honor universal opt-out signals.

Controllers must respond to authenticated consumer rights requests within 45 days, with an available extension of up to 45 additional days when reasonably necessary with proper advance notice to the consumer. Consumers may submit requests free of charge; however, businesses may charge a reasonable fee for excessive or repetitive requests. Retaliation for exercising rights is prohibited.

Delaware's Universal Opt-Out Requirement

Like California, Colorado, Connecticut, and New Jersey, Delaware's DPDPA requires covered businesses to honor universal opt-out mechanisms — including browser-based signals such as the Global Privacy Control (GPC). When a Delaware consumer uses a browser with GPC enabled, covered businesses must treat the GPC signal as a valid opt-out request for data sales and targeted advertising.

GPC lets you opt out at scale without navigating each site individually. With GPC enabled, the opt-out is automatically asserted on every covered site you visit. It is available in Firefox (Settings > Privacy and Security > Tell websites not to sell or share my data) and enabled by default in Brave.

How the DPDPA Compares to CCPA

Feature	CCPA (California)	DPDPA (Delaware)
Consumer threshold	100,000 consumers OR $25M revenue	35,000 consumers OR 10,000 if 20%+ data revenue (proportionally lower)
Universal opt-out (GPC)	Required	Required
Revenue threshold	$25M annual revenue (standalone basis)	No standalone revenue threshold
Private right of action	Limited (data breaches)	None — AG enforcement only
Cure period	None after Jan 2023	60 days to cure
Max penalty	$7,500 intentional violations	$10,000 per violation
Response deadline	45 days (extendable 45)	45 days (extendable 45)

What Data Brokers Must Do Under the DPDPA

Covered data controllers operating in Delaware must fulfill extensive obligations under the DPDPA:

Publish a clear and accessible privacy notice that explains the categories of personal data processed, the purposes of processing, consumer rights and how to exercise them, the categories of data disclosed to third parties, and whether personal data is sold or used for targeted advertising.
Honor universal opt-out signals (GPC and equivalents) as valid opt-out requests for data sales and targeted advertising. This requirement took effect with the law on January 1, 2025.
Obtain consent before processing sensitive data, including data concerning racial or ethnic origin, religious beliefs, mental or physical health conditions, sexual orientation, citizenship status, biometric data, precise geolocation, and data of individuals known to be under 18 (Delaware extends sensitive data protections to minors up to age 18, broader than most state laws).
Conduct data protection assessments for high-risk processing activities before initiating such processing. These assessments must be produced to the Delaware AG upon request.
Process deletion requests within 45 days, including instructing processors and subprocessors to delete the same personal data. Standard exceptions apply for legal compliance, ongoing transactions, and security purposes.
Provide a meaningful appeals process for denied consumer requests, with a required response within 60 days of the appeal.

Step-by-Step: How to Submit a DPDPA Deletion Request

1. Enable Global Privacy Control in your browser. Delaware businesses must honor GPC signals. Enable it in Firefox (Settings > Privacy and Security > Tell websites not to sell or share my data) or use Brave, which enables GPC by default. This automatically asserts your opt-out rights on covered sites.
2. Locate the data broker's privacy notice. Look in the site footer for "Privacy Policy," "Delaware Privacy Rights," or "Your Privacy Rights." The DPDPA requires this to be clearly accessible. Search "[company name] Delaware privacy request" if you cannot find it easily.
3. Submit your deletion request. Use the company's designated mechanism. State that you are a Delaware resident exercising your rights under the Delaware Personal Data Privacy Act. Request deletion of all personal data the company holds about you and opt out of data sales and targeted advertising.
4. Provide identity verification if requested. The company may request verification before processing. Respond promptly and note that companies cannot require you to create an account solely for this purpose.
5. Track the 45-day window. Document your submission date and any confirmation received. If the company extends the response period, they must notify you within the initial 45-day window.
6. Appeal or escalate if necessary. If your request is denied, use the appeals mechanism described in the denial notice. If the appeal fails, file a complaint with the Delaware Department of Justice at attorneygeneral.delaware.gov.

Delaware is a small state that hosts a disproportionate number of corporations, banks, and financial services firms — so it makes sense that its privacy law casts a wide net. The low consumer threshold, GPC compliance requirement, and $10,000 penalty give the law real reach. For more on how state privacy laws affect data broker removal, see our guide to California's CCPA or automate your data removal with GhostVault.

Remove Your Data From 500+ Brokers for $3.99/Month

GhostVault automates deletion requests as your authorized agent — regardless of which state you live in. We cover 500+ data broker sites simultaneously and monitor for re-listed profiles. Delaware residents benefit from CCPA and DPDPA coverage combined.

Frequently Asked Questions

What rights does the Delaware Personal Data Privacy Act give residents?

The DPDPA gives Delaware residents the right to access personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, data sales, and significant profiling. It took effect January 1, 2025 and has one of the lowest consumer thresholds of any state privacy law.

How does Delaware's DPDPA compare to California's CCPA?

The DPDPA covers businesses processing data of just 35,000 Delaware consumers — proportionally one of the broadest thresholds of any state law relative to state population. It requires GPC signal compliance, mandates data protection assessments, and carries penalties up to $10,000 per violation. There is no private right of action; the Delaware AG enforces the law.

Can Delaware residents use the DPDPA to remove themselves from data brokers?

Yes. Delaware residents can submit deletion requests to covered data brokers. Businesses must respond within 45 days, extendable by 45 more. Services like GhostVault automate this process across 500+ data brokers.

Why does Delaware's DPDPA have such a low applicability threshold?

Delaware has a small population (under 1 million residents), so the 35,000-consumer threshold represents roughly 3.5% of the state's population. Setting the threshold lower ensures that a wide range of businesses processing Delaware data are covered, making the law proportionally more comprehensive than laws with higher thresholds in larger states.