How does GhostVault stop spam calls?

Americans received 52.5 billion robocalls in 2025, according to the YouMail Robocall Index. Spam callers source phone numbers primarily from data broker sites that aggregate and sell personal information. GhostVault removes your phone number, home address, and personal details from 500+ data broker and people-search sites — cutting off the supply chain that feeds spam callers. Most users report a significant reduction in spam calls within 30–60 days of removal.

Can GhostVault prevent identity theft?

Yes. The FTC received 1.1 million identity theft reports in 2024, with total consumer fraud losses hitting $12.5 billion — a 25% increase over the prior year (FTC Consumer Sentinel Network Data Book 2024). Identity thieves routinely use data broker sites to obtain personal details — full name, address, phone number, relatives, and employment history — before committing fraud. GhostVault removes this data from 500+ broker sites and monitors for reappearance, materially reducing the personal information available to bad actors.

How long does it take to remove my information?

GhostVault's scan delivers results instantly — no waiting period. Automated CCPA deletion requests are sent to data brokers immediately upon subscription. Under the California Consumer Privacy Act, brokers are legally required to process deletion requests within 45 days. In practice, most major brokers (Spokeo, Whitepages, BeenVerified) remove listings within 7–14 days. GhostVault monitors your listings continuously and re-submits removal requests whenever your data reappears.

Which data broker sites does GhostVault remove me from?

GhostVault targets 500+ data broker and people-search sites — more than double the coverage of most competitors. This includes all major brokers: Spokeo, Whitepages, BeenVerified, TruePeopleSearch, Intelius, Radaris, PeopleFinders, MyLife, FastPeopleSearch, Nuwber, PeopleLooker, and hundreds of smaller aggregators and resellers. The global data broker market was valued at approximately $277–$303 billion in 2024, according to multiple industry research firms including Grand View Research and ResearchAndMarkets, making comprehensive removal coverage essential.

Is the scan really free?

Yes. GhostVault's exposure scan is completely free — no credit card, no account required. The scan checks your name against 500+ data broker databases and returns a detailed report showing exactly which sites have your phone number, home address, relatives, and other personal information. Paid removal starts at $3.99/month, making GhostVault the most affordable full-coverage data removal service available in 2026.

How much does GhostVault cost?

GhostVault costs $3.99/month on a monthly plan, or $39/year ($3.25/month) on the annual plan. This makes it the lowest-priced comprehensive data removal service in the market — cheaper than Incogni ($6.49/month annual), OneRep ($8.33/month annual), DeleteMe ($10.75/month annual), and PrivacyDuck ($8.25/month annual). All plans include unlimited removal requests, continuous monitoring, and breach alerts.

Virginia Data Privacy Law (VCDPA): What Virginia Residents Need to Know

Virginia was the second state to pass a comprehensive consumer data privacy law. The Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023. If you live in Virginia, it gives you real rights over your personal information — including the ability to demand that data brokers delete what they have on you.

What Is the VCDPA?

The Virginia Consumer Data Protection Act was signed by Governor Glenn Youngkin on March 2, 2021, and took effect January 1, 2023. Its structure — consumer rights plus business obligations plus AG-only enforcement — became the template many other states copied.

The VCDPA applies to businesses that either (a) control or process personal data of at least 100,000 Virginia consumers per year, or (b) control or process personal data of at least 25,000 Virginia consumers and derive more than 50% of gross revenue from selling personal data. This means most large data brokers, people-search sites, and data aggregators operating in Virginia are covered.

Importantly, the law includes several categories of exemptions. Nonprofit organizations, higher education institutions, and businesses regulated under HIPAA, GLBA, or FERPA are largely exempt. But for the vast majority of commercial data brokers collecting and selling consumer profiles, the VCDPA applies.

Your Rights Under the VCDPA

The VCDPA gives Virginia residents five data rights, each enforceable against covered businesses operating in the Commonwealth:

Your 5 Rights Under the VCDPA

Right to Access: You can confirm whether a controller is processing your personal data and request a copy of that data in a portable format.
Right to Correct: You can request correction of inaccurate personal data a business holds about you.
Right to Delete: You can request deletion of personal data the business has collected or obtained about you.
Right to Data Portability: You can obtain your personal data in a format that is portable and readily usable so you can transfer it to another entity.
Right to Opt Out: You can opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

Businesses must respond to consumer rights requests within 45 days of receipt. They may extend this by an additional 45 days when reasonably necessary, but must notify you of the extension and the reason within the initial 45-day window. There is no fee for submitting requests, and businesses cannot retaliate against you for exercising your rights.

How the VCDPA Compares to California's CCPA

The VCDPA and California's CCPA cover similar ground but differ in a few practical ways that affect what you can actually demand and who enforces it.

Feature	CCPA (California)	VCDPA (Virginia)
Applicability threshold	$25M revenue OR 100K consumers OR 50% revenue from data sales	100K consumers OR 25K consumers if 50%+ revenue from data sales
Private right of action	Limited (data breaches only)	None — AG enforcement only
Right to correct	Yes (added by CPRA in 2023)	Yes (included from day one)
Opt-out of targeted advertising	Yes	Yes
Cure period for violations	None (eliminated Jan 2023)	30 days to cure
Max penalty per violation	$7,500 intentional violations	$7,500 per violation
Enforcement body	CPPA + AG	AG only
Response deadline	45 days (extendable 45)	45 days (extendable 45)

One practical difference: Virginia's law has no revenue-only threshold. Under CCPA, a business with $25M annual revenue is covered regardless of how much data it processes. Under the VCDPA, data volume and revenue source are what matter. In practice, this excludes some smaller businesses that CCPA would catch, but it covers virtually all large data brokers.

What Data Brokers Must Do Under the VCDPA

Under the VCDPA, data controllers — including data brokers — have a set of mandatory obligations that go beyond simply responding to consumer requests:

Publish a privacy notice: Controllers must provide a clear and accessible privacy notice that describes the categories of personal data processed, the purposes for processing, the categories of data shared with third parties, and how consumers can exercise their rights.
Limit data collection: Controllers may only collect personal data that is adequate, relevant, and reasonably necessary for the disclosed purposes of processing. They cannot use data collected for one purpose in a materially different way without additional notice and consent.
Implement data security: Controllers must implement reasonable administrative, technical, and physical security measures to protect personal data from unauthorized access, acquisition, or disclosure.
Conduct data protection assessments: For processing that presents heightened risk — such as targeted advertising, sale of data, or profiling — controllers must conduct and document data protection assessments.
Process deletion requests: Upon receiving a verified deletion request, controllers must delete the consumer's personal data and direct their processors to do the same. Certain exceptions apply, such as data needed to complete a transaction, data protected by legal hold, or data retained for security purposes.
Provide an appeal mechanism: If a controller refuses to act on a consumer request, they must provide a clear and conspicuous method for the consumer to appeal that refusal.

Step-by-Step: How to Submit a VCDPA Deletion Request

If you are a Virginia resident and want to submit a deletion request to a data broker, the process follows these steps:

1. Find the data broker's privacy notice. Every VCDPA-covered business must publish a privacy notice, typically linked in the website footer as "Privacy Policy" or "Your Privacy Rights." This document tells you what data they hold and how to submit rights requests.
2. Locate the consumer rights request process. Look for a web form, email address, or toll-free number designated for privacy requests. The privacy notice is required to describe this mechanism clearly. Search for "[site name] delete my data" or "opt out" if you cannot find it easily.
3. Submit your deletion request. Provide your full name, email address, mailing address, and confirmation that you are a Virginia resident. Be as specific as possible — include any identifiers the broker may have used, such as usernames, phone numbers, or addresses associated with your profile.
4. Verify your identity if requested. The VCDPA allows businesses to require identity verification before processing a request. This is typically done via email confirmation, a government-issued ID comparison, or a verification code. Provide what is requested, but be aware that businesses cannot require you to create an account solely to submit a rights request.
5. Wait for the 45-day response window. The business has 45 days from receipt of a verified request to respond. They may extend this to 90 days total if they notify you within the initial 45-day window and explain why more time is needed.
6. Appeal if your request is denied. If the business denies your request, they must provide instructions for appealing the decision. If the appeal is denied, you can file a complaint with the Virginia Attorney General at ag.virginia.gov.

The Practical Reality: Why Manual Requests Are Tedious

Virginia's law gives you real leverage. The problem is scale. The data broker industry includes hundreds of companies — people-search sites, background check services, marketing aggregators, identity verification providers — each with their own opt-out process. Some use web forms. Some require emailed requests. Some ask for ID verification. Some have buried their opt-out links five clicks deep. Even if you spend a full weekend on deletion requests, you will probably miss dozens of brokers.

Data brokers also regularly re-acquire information from public records and other brokers. Remove your profile today and it can reappear in weeks or months as the broker re-ingests from its sources. Staying off these sites long-term requires ongoing monitoring and recurring deletion requests.

That's what authorized agent services like GhostVault handle. Instead of submitting individual requests yourself, you authorize GhostVault to do it across 500+ data brokers at once, and we keep re-submitting as profiles reappear. For more on how CCPA and similar state laws work for authorized agents, see our guide to California CCPA rights.

Virginia VCDPA at a Glance

Key Dates

Signed: March 2, 2021
Effective: January 1, 2023

Applicability

100K+ Virginia consumers, OR
25K+ consumers + 50%+ data sale revenue

Your Rights

Access, Correct, Delete, Portability, Opt-Out

Enforcement

Virginia AG only
Up to $7,500 per violation
30-day cure period

Remove Your Data From 500+ Brokers for $3.99/Month

GhostVault automates deletion requests as your authorized agent — covering 500+ data broker sites simultaneously, regardless of which state you live in. Start with a free scan to see what information is exposed about you right now.

Frequently Asked Questions

What rights does the VCDPA give Virginia residents?

The VCDPA gives Virginia residents the right to access their personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of the sale of their data for targeted advertising and certain profiling. It took effect January 1, 2023.

How does the VCDPA differ from California's CCPA?

The VCDPA applies to businesses that control or process data of at least 100,000 Virginia consumers annually, or at least 25,000 consumers if more than 50% of revenue comes from selling data. Unlike CCPA, there is no revenue-only threshold and no private right of action — only the Virginia Attorney General can enforce it.

Can Virginia residents use the VCDPA to remove themselves from data brokers?

Yes. Virginia residents can submit deletion requests to data brokers under the VCDPA. Businesses must respond within 45 days. Services like GhostVault automate this process, sending deletion requests to 500+ data brokers on your behalf.

What happens if a Virginia resident's deletion request is denied?

If a business denies your deletion request, you can appeal the decision within a reasonable time. If the appeal is denied, you may submit a complaint to the Virginia Attorney General's office, which is the sole enforcement body under the VCDPA.