How does GhostVault stop spam calls?

Americans received 52.5 billion robocalls in 2025, according to the YouMail Robocall Index. Spam callers source phone numbers primarily from data broker sites that aggregate and sell personal information. GhostVault removes your phone number, home address, and personal details from 500+ data broker and people-search sites — cutting off the supply chain that feeds spam callers. Most users report a significant reduction in spam calls within 30–60 days of removal.

Can GhostVault prevent identity theft?

Yes. The FTC received 1.1 million identity theft reports in 2024, with total consumer fraud losses hitting $12.5 billion — a 25% increase over the prior year (FTC Consumer Sentinel Network Data Book 2024). Identity thieves routinely use data broker sites to obtain personal details — full name, address, phone number, relatives, and employment history — before committing fraud. GhostVault removes this data from 500+ broker sites and monitors for reappearance, materially reducing the personal information available to bad actors.

How long does it take to remove my information?

GhostVault's scan delivers results instantly — no waiting period. Automated CCPA deletion requests are sent to data brokers immediately upon subscription. Under the California Consumer Privacy Act, brokers are legally required to process deletion requests within 45 days. In practice, most major brokers (Spokeo, Whitepages, BeenVerified) remove listings within 7–14 days. GhostVault monitors your listings continuously and re-submits removal requests whenever your data reappears.

Which data broker sites does GhostVault remove me from?

GhostVault targets 500+ data broker and people-search sites — more than double the coverage of most competitors. This includes all major brokers: Spokeo, Whitepages, BeenVerified, TruePeopleSearch, Intelius, Radaris, PeopleFinders, MyLife, FastPeopleSearch, Nuwber, PeopleLooker, and hundreds of smaller aggregators and resellers. The global data broker market was valued at approximately $277–$303 billion in 2024, according to multiple industry research firms including Grand View Research and ResearchAndMarkets, making comprehensive removal coverage essential.

Is the scan really free?

Yes. GhostVault's exposure scan is completely free — no credit card, no account required. The scan checks your name against 500+ data broker databases and returns a detailed report showing exactly which sites have your phone number, home address, relatives, and other personal information. Paid removal starts at $3.99/month, making GhostVault the most affordable full-coverage data removal service available in 2026.

How much does GhostVault cost?

GhostVault costs $3.99/month on a monthly plan, or $39/year ($3.25/month) on the annual plan. This makes it the lowest-priced comprehensive data removal service in the market — cheaper than Incogni ($6.49/month annual), OneRep ($8.33/month annual), DeleteMe ($10.75/month annual), and PrivacyDuck ($8.25/month annual). All plans include unlimited removal requests, continuous monitoring, and breach alerts.

What rights does the Oregon Consumer Privacy Act (OCPA) give residents?

The OCPA gives Oregon residents the right to access their personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, the sale of personal data, and profiling for significant decisions. Notably, Oregon extends some privacy protections to nonprofit organizations, making it broader than most other state laws.

Oregon Data Privacy Law (OCPA): What Oregon Residents Need to Know

The Oregon Consumer Privacy Act (OCPA) took effect on July 1, 2024. It covers more ground than most other state privacy laws in one specific way: it applies to nonprofit organizations, which every other comprehensive state privacy law exempts. Here is what Oregon residents need to know.

What Is the Oregon Consumer Privacy Act?

Governor Tina Kotek signed the Oregon Consumer Privacy Act on July 18, 2023. It became effective July 1, 2024 for most covered businesses, with a later deadline of July 1, 2025 for nonprofit organizations. Oregon was the ninth state to pass comprehensive consumer privacy legislation.

The OCPA applies to businesses and persons that conduct business in Oregon or produce products or services targeted to Oregon residents, and during a calendar year either: control or process personal data of 100,000 or more Oregon consumers, or control or process personal data of 25,000 or more Oregon consumers and derive more than 25% of annual gross revenue from the sale of personal data. There is no minimum revenue floor, meaning smaller businesses with large data processing volumes are covered.

The nonprofit coverage is what distinguishes the OCPA. Starting July 1, 2025, Oregon's privacy protections extend to consumers whose data is held by nonprofit organizations — advocacy groups, healthcare nonprofits, foundations — organizations that have operated outside commercial data privacy laws until now.

Your Rights Under the Oregon OCPA

Oregon residents have five enforceable privacy rights under the OCPA:

Your 5 Rights Under the Oregon OCPA

Right to Access: Confirm whether a controller is processing your personal data and obtain a list of the specific third parties to whom the controller has disclosed your personal data (a transparency requirement broader than most states).
Right to Correct: Correct inaccuracies in your personal data, accounting for the nature of the data and the purposes of processing.
Right to Delete: Request deletion of personal data provided by or obtained about you. Oregon's deletion right covers data the controller obtained from any source, not just data you directly provided.
Right to Data Portability: Obtain your personal data in a portable, readily usable format to transmit to another controller.
Right to Opt Out: Opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions with legal or similarly significant effects. Oregon also requires controllers to establish a process for honoring opt-out preference signals transmitted by browsers and devices.

Oregon's access right goes further than most state laws on one point: businesses must disclose the specific third parties that received your data — not just broad categories. In practice, this means you can find out which other companies may have a copy.

How the OCPA Compares to CCPA

Feature	CCPA (California)	OCPA (Oregon)
Nonprofit coverage	Exempt	Covered (as of July 1, 2025)
Third-party disclosure transparency	Categories of third parties	Specific third parties named
Revenue threshold	$25M annual revenue OR 100K consumers	100K consumers OR 25K + 25% data sale revenue (no revenue floor)
Private right of action	Limited (data breaches)	None — AG enforcement only
Max penalty	$7,500 intentional violations	$25,000 per violation
Cure period	None after Jan 2023	30 days to cure
Response deadline	45 days (extendable 45)	45 days (extendable 45)

Oregon's maximum penalty of $25,000 per violation is the highest of any state privacy law, above Colorado's $20,000 and California's $7,500. The Oregon AG can investigate violations and seek injunctive relief in addition to civil penalties.

What Data Brokers Must Do Under the OCPA

Covered controllers and processors under Oregon's OCPA have extensive obligations:

Publish a detailed privacy notice that includes the categories of personal data processed, the purposes of processing, the specific third parties to whom data has been disclosed, and detailed instructions for submitting consumer rights requests. Oregon's notice requirements are among the most detailed of any state law.
Honor universal opt-out signals. Oregon requires controllers to establish a process to honor opt-out preference signals transmitted via browser or device settings, similar to GPC compliance requirements in California and Colorado.
Obtain consent before processing sensitive data, including data concerning racial or ethnic origin, religious beliefs, mental health, sexual orientation, transgender or non-binary status, citizenship, biometric data, precise geolocation, and data of children under 13.
Conduct data protection assessments for processing activities presenting heightened risk, including targeted advertising, data sales, and significant profiling activities.
Process consumer rights requests within 45 days, with a possible 45-day extension. Deletion requests must be honored for all personal data the controller obtained about the consumer, not just data the consumer provided.
Provide a meaningful appeals mechanism for denied requests, with a response required within 45 days of the appeal.

Step-by-Step: How to Submit an OCPA Deletion Request

1. Enable Global Privacy Control in your browser. Oregon requires covered businesses to honor opt-out signals. Using GPC in your browser (available natively in Firefox and Brave) will automatically trigger opt-out treatment for targeted advertising and data sales on covered sites.
2. Locate the data broker's privacy notice. Look in the site footer for a link to the privacy policy or "Oregon Privacy Rights." OCPA requires detailed privacy notices that include instructions for submitting rights requests and a list of specific third parties who have received your data.
3. Submit your deletion request. Use the company's designated mechanism. Identify yourself as an Oregon resident and request deletion of all personal data the company holds about you — whether obtained from you directly or from third-party sources. Oregon's deletion right covers all obtained data.
4. Request the list of third parties. As part of your access request, you can ask for the names of specific third parties to whom the controller has disclosed your personal data. This is unique to Oregon and can help you identify additional brokers to contact.
5. Respond to identity verification and track the 45-day window. Provide requested verification information promptly. Document your submission date and monitor for a response. Note any extension notices.
6. Appeal denials and escalate if necessary. If your request is denied, use the controller's appeals process. If the appeal is denied, file a complaint with the Oregon Department of Justice at doj.state.or.us. The Oregon AG can seek penalties up to $25,000 per violation.

Nonprofit coverage, specific third-party disclosure, broad deletion scope, and $25,000 maximum penalties put the Oregon OCPA among the stronger state privacy laws for consumers. For more on how state laws affect data broker removal, see our guide to California's CCPA, or let GhostVault automate your data removal.

Remove Your Data From 500+ Brokers for $3.99/Month

GhostVault automates deletion requests as your authorized agent — covering 500+ data broker sites simultaneously, regardless of which state you live in. Oregon residents benefit from our CCPA and OCPA coverage combined.

Frequently Asked Questions

What rights does the Oregon Consumer Privacy Act give residents?

The OCPA gives Oregon residents the right to access personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of targeted advertising, data sales, and significant profiling. Oregon also extends some protections to nonprofit organizations starting July 1, 2025.

How does Oregon's OCPA compare to California's CCPA?

Oregon's OCPA is broader in several ways: it covers nonprofits (unique among state laws), requires disclosure of specific third parties who received your data (not just categories), has no revenue floor, and carries higher penalties of $25,000 per violation. The Oregon AG enforces the law; there is no private right of action.

Can Oregon residents use the OCPA to remove themselves from data brokers?

Yes. Oregon residents can submit deletion requests to covered data brokers. The deletion right covers all personal data obtained about you, not just data you provided. Businesses must respond within 45 days. GhostVault automates this process across 500+ brokers.

Does Oregon's OCPA apply to nonprofit organizations?

Yes — beginning July 1, 2025, Oregon's OCPA extends to nonprofits that process personal data of 100,000 or more Oregon consumers annually. This makes Oregon unique among US state privacy laws, most of which entirely exempt nonprofit organizations.