How does GhostVault stop spam calls?

Americans received 52.5 billion robocalls in 2025, according to the YouMail Robocall Index. Spam callers source phone numbers primarily from data broker sites that aggregate and sell personal information. GhostVault removes your phone number, home address, and personal details from 500+ data broker and people-search sites — cutting off the supply chain that feeds spam callers. Most users report a significant reduction in spam calls within 30–60 days of removal.

Can GhostVault prevent identity theft?

Yes. The FTC received 1.1 million identity theft reports in 2024, with total consumer fraud losses hitting $12.5 billion — a 25% increase over the prior year (FTC Consumer Sentinel Network Data Book 2024). Identity thieves routinely use data broker sites to obtain personal details — full name, address, phone number, relatives, and employment history — before committing fraud. GhostVault removes this data from 500+ broker sites and monitors for reappearance, materially reducing the personal information available to bad actors.

How long does it take to remove my information?

GhostVault's scan delivers results instantly — no waiting period. Automated CCPA deletion requests are sent to data brokers immediately upon subscription. Under the California Consumer Privacy Act, brokers are legally required to process deletion requests within 45 days. In practice, most major brokers (Spokeo, Whitepages, BeenVerified) remove listings within 7–14 days. GhostVault monitors your listings continuously and re-submits removal requests whenever your data reappears.

Which data broker sites does GhostVault remove me from?

GhostVault targets 500+ data broker and people-search sites — more than double the coverage of most competitors. This includes all major brokers: Spokeo, Whitepages, BeenVerified, TruePeopleSearch, Intelius, Radaris, PeopleFinders, MyLife, FastPeopleSearch, Nuwber, PeopleLooker, and hundreds of smaller aggregators and resellers. The global data broker market was valued at approximately $277–$303 billion in 2024, according to multiple industry research firms including Grand View Research and ResearchAndMarkets, making comprehensive removal coverage essential.

Is the scan really free?

Yes. GhostVault's exposure scan is completely free — no credit card, no account required. The scan checks your name against 500+ data broker databases and returns a detailed report showing exactly which sites have your phone number, home address, relatives, and other personal information. Paid removal starts at $3.99/month, making GhostVault the most affordable full-coverage data removal service available in 2026.

How much does GhostVault cost?

GhostVault costs $3.99/month on a monthly plan, or $39/year ($3.25/month) on the annual plan. This makes it the lowest-priced comprehensive data removal service in the market — cheaper than Incogni ($6.49/month annual), OneRep ($8.33/month annual), DeleteMe ($10.75/month annual), and PrivacyDuck ($8.25/month annual). All plans include unlimited removal requests, continuous monitoring, and breach alerts.

What rights does the New Jersey Data Privacy Act (NJDPA) give residents?

The NJDPA gives New Jersey residents the right to access their personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, the sale of personal data, and profiling for significant decisions. It took effect January 15, 2025 and is one of the country's most comprehensive state privacy laws.

New Jersey Data Privacy Law (NJDPA): What New Jersey Residents Need to Know

New Jersey's privacy law — the New Jersey Data Privacy Act (NJDPA) — took effect on January 15, 2025. If you are a New Jersey resident, this law gives you broad rights over your personal data and requires businesses — including data brokers — to honor deletion and opt-out requests.

What Is the New Jersey Data Privacy Act?

Governor Phil Murphy signed the New Jersey Data Privacy Act into law on January 16, 2024. After a one-year implementation period, it became effective January 15, 2025. New Jersey is among the most densely populated states in the nation, and its privacy law — combined with New Jersey's existing data broker registration requirements — covers personal data processing across the state through two separate regulatory frameworks.

The NJDPA applies to businesses that conduct business in New Jersey or produce products or services targeted to New Jersey residents, and during the prior calendar year either: controlled or processed personal data of 100,000 or more New Jersey consumers, excluding data processed solely for completing a payment transaction; or controlled or processed personal data of 25,000 or more New Jersey consumers and derived more than 25% of gross revenue from the sale of personal data. There is no revenue floor — businesses of any size that meet the data volume thresholds are covered.

New Jersey also has a separate data broker registration law, the Daniel's Law amendments (effective 2021), which specifically protects personal information of certain government and public safety employees. The NJDPA operates alongside this existing framework, adding a second layer of protection for New Jersey consumers.

Your Rights Under the NJDPA

New Jersey residents have five enforceable data rights under the NJDPA:

Your 5 Rights Under the NJDPA

Right to Access: Confirm whether a controller is processing your personal data and obtain a copy of that data in a portable format. This includes the right to know what categories of data are processed and the purposes for which they are used.
Right to Correct: Request that a controller correct inaccuracies in your personal data, taking into account the nature of the data and the purposes of the processing.
Right to Delete: Request deletion of personal data provided by or obtained about you. Controllers must comply and must direct their processors to comply with verified deletion requests.
Right to Data Portability: Obtain a portable, readily usable copy of your personal data so you can transfer it to another controller without hindrance.
Right to Opt Out: Opt out of the processing of your personal data for targeted advertising, the sale of personal data, and profiling in furtherance of decisions with legal or similarly significant effects. The NJDPA also requires businesses to honor universal opt-out signals like the Global Privacy Control.

Controllers must respond to authenticated consumer rights requests within 45 days, extendable by an additional 45 days when reasonably necessary with proper notice. Consumers may submit two requests per year at no charge; businesses may charge a reasonable fee for additional requests. Retaliation against consumers for exercising their rights is prohibited.

New Jersey's Universal Opt-Out Requirement

The NJDPA requires covered businesses to honor universal opt-out mechanisms— including browser-based signals such as the Global Privacy Control (GPC). When a New Jersey consumer uses a browser with GPC enabled and visits a covered business's website, that business must treat the GPC signal as a valid opt-out of data sales and targeted advertising.

This is a real practical advantage for New Jersey consumers. Rather than navigating to each data broker's website individually to find and complete a separate opt-out form, consumers who enable GPC in their browser automatically assert their opt-out rights on every covered site they visit. New Jersey joins California, Colorado, Connecticut, and Oregon in requiring this browser-signal compliance.

How the NJDPA Compares to CCPA

Feature	CCPA (California)	NJDPA (New Jersey)
Revenue threshold	$25M annual revenue OR 100K consumers	100K consumers OR 25K + 25% data sale revenue (no revenue floor)
Universal opt-out (GPC)	Required	Required
Data protection assessments	Required for certain processing	Required for high-risk processing
Private right of action	Limited (data breaches)	None — AG enforcement only
Max penalty (first violation)	$7,500 intentional violations	$10,000 per violation
Subsequent violations	Same rate	$20,000 per violation
Cure period	None after Jan 2023	30 days to cure
Response deadline	45 days (extendable 45)	45 days (extendable 45)

What Data Brokers Must Do Under the NJDPA

Covered controllers in New Jersey must fulfill these compliance obligations:

Publish a clear and accessible privacy notice that describes the categories of personal data collected, the purposes of processing, consumer rights and how to exercise them, how to opt out of data sales and targeted advertising, and the categories of data disclosed to third parties.
Honor universal opt-out signals (including GPC) as a valid opt-out of data sales and targeted advertising processing. This requirement was in effect from the law's January 15, 2025 effective date.
Obtain consent before processing sensitive data, including data on racial or ethnic origin, religious beliefs, mental or physical health, sexual orientation, citizenship status, biometric identifiers, precise geolocation, and data of individuals known to be under 13.
Conduct and document data protection assessments for high-risk processing activities, including targeted advertising, data sales, significant profiling, and certain processing of sensitive data categories.
Process deletion requests within 45 days and instruct processors to comply with deletion. Legitimate exceptions include data needed to complete a transaction, data required by law, or data necessary for security purposes.
Provide a meaningful appeals process if a consumer request is denied. The appeals response must be delivered within 45 days of receipt.

Step-by-Step: How to Use the NJDPA to Delete Your Data

1. Enable Global Privacy Control in your browser. New Jersey businesses must honor GPC signals. In Firefox: Settings > Privacy and Security > "Tell websites not to sell or share my data." In Brave: GPC is enabled by default. In Chrome: install the Privacy Badger or GPC extension.
2. Find the data broker's privacy notice. Navigate to the website footer and look for "Privacy Policy," "New Jersey Privacy Rights," or "Your Privacy Rights." The NJDPA requires this information to be clearly accessible.
3. Submit your deletion request. Use the company's designated request mechanism. State that you are a New Jersey resident exercising your rights under the New Jersey Data Privacy Act. Request deletion of all personal data the company holds about you, and opt out of data sales and targeted advertising.
4. Provide identity verification. Companies may verify your identity before processing. Provide the information requested, but companies cannot require you to create an account solely for this purpose.
5. Track your 45-day response window. Document when you submitted your request. If the company extends the response period, they must notify you within the initial 45 days and explain the reason.
6. Appeal or escalate if necessary. If your request is denied, use the appeals process described in the denial notice. If the appeal fails, file a complaint with the New Jersey Division of Consumer Affairs or the New Jersey Attorney General at njconsumeraffairs.gov.

The NJDPA is one of the more recent and more thorough state privacy laws in the country. Its combination of universal opt-out requirements, escalating penalties for repeat violations, and data protection assessment obligations gives New Jersey residents real leverage over data brokers. Combined with CCPA coverage through authorized agents, that makes deletion requests harder for brokers to ignore. Learn more about California's CCPA or start automated removal with GhostVault.

Remove Your Data From 500+ Brokers for $3.99/Month

GhostVault automates deletion requests as your authorized agent — regardless of which state you live in. We cover 500+ data broker sites simultaneously and keep monitoring for re-listed profiles. New Jersey residents get full CCPA and NJDPA coverage combined.

Frequently Asked Questions

What rights does the New Jersey Data Privacy Act give residents?

The NJDPA gives New Jersey residents the right to access personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, data sales, and significant profiling. It took effect January 15, 2025.

How does New Jersey's NJDPA compare to California's CCPA?

The NJDPA covers businesses processing data of 100,000 or more New Jersey consumers with no revenue floor. It requires GPC signal compliance, mandates data protection assessments, and carries penalties of $10,000 for first violations and $20,000 for subsequent violations. The New Jersey AG enforces the law; there is no private right of action.

Can New Jersey residents use the NJDPA to remove themselves from data brokers?

Yes. New Jersey residents can submit deletion requests to covered data brokers. Businesses must respond within 45 days, extendable by 45 more. Services like GhostVault automate this process across 500+ data brokers.

Does New Jersey's NJDPA require businesses to honor browser opt-out signals?

Yes. The NJDPA requires covered businesses to honor universal opt-out mechanisms, including browser-based signals like the Global Privacy Control (GPC). When a consumer uses a browser with GPC enabled, covered New Jersey businesses must treat this as a valid opt-out of data sales and targeted advertising.