Today, few, if any of us, have zero internet footprint. But an extensive online profile of personally identifiable information (PII) can be a security and privacy risk. It gives fraudsters and other nefarious actors plenty of ammunition to do you harm. Unfortunately, removing information is not always as simple as clicking a button. It requires a continuous process of discovery, removal and monitoring to prevent those risks from returning.

That’s why ESET is providing a few tips on how to make the process as fast and effective as possible. Read on to find out how best to minimize your digital shadow.

Key points of this article:

  • Use automated tools like Google’s “Results about you” dashboard to identify and request removal of results containing PII en masse.
  • Dedicated paid services will scan and remove listings across hundreds of data brokers simultaneously.
  • Always prioritize source removal: deleting data from the original website. Search engine de-indexing will only reduce visibility, not existence.
  • Proactively prevent future exposure by using masked email aliases and disabling contact syncing on all mobile applications.
  • Maintaining digital privacy requires a persistent approach based around regular audits.

Choose your path

The order in which you attempt the advice in this article will depend on context. Here’s what to do in three common scenarios:

1)      High urgency (stalking, doxxing, identity theft): First work through the Emergency Stop procedure below, then continue through the five-step guide.

2)      Proactive privacy cleanup: Working through the five-step protocol below, start with data brokers, then social media, then search removals, then prevention.

3)      Professional reputation cleanup: Do the full five-step audit category-by-category with ongoing monitoring.

For other scenarios, follow the guide as described below.

Taking emergency action

If you are being targeted by doxxers, stalkers, abusers, account takeover hackers, or fraudsters prioritize safety and speed. Follow these actions today before any deep cleanup:

  • Document evidence: Screenshots, URLs, timestamps, and where the information appears. Put information in a spreadsheet to make it easier to submit evidence. If stalking also happens in the real world, ask neighbors, friends and people you work with to record anything they witness.
  • Secure accounts: Change passwords on email and financial accounts, enable two-factor authentication (2FA) and remove recovery options you do not control.
  • Remove high-risk identifiers first: Phone number, home address, email, employer location, school, family member details. Consider using Google’s “Results about you” tool first.
  • Make social profiles private and remove contact and location details. Where possible, disable search engine indexing.
  • Start data broker removals immediately (people-search sites are common doxxing amplifiers). Consider a paid service to accelerate the process.
  • If you are in immediate danger, contact local emergency services and victim-support organizations in your country.

The 5-step protocol

For non-emergency situations, remove your personal information from the internet by following these steps in order:

1. Audit: Search your name, phone, email, and address in Google and Bing. Save URLs and screenshots.

2. Remove from search: Use personal information removal tools in Google/Bing.

3. Remove the source: Submit opt-out and deletion requests to data brokers and people-search sites, starting with the big aggregators.

4. Lock down social media: Remove contact details, restrict profile visibility, and delete old accounts. Toggle off data sharing in ad settings.

5. Verify and monitor: Re-check results after seven, 30, and 90 days and repeat removals when data reappears. Or use an automated tool to do this.

1) Audit your exposure

Your removal plan is only as good as your PII inventory. Run searches featuring multiple identifiers and variations.

What to search for

Use all of the below in your searches:

  • Your full name in quotes: "First Last"
  • Name plus location: First Last + city or region
  • Name plus employer or school
  • Phone number (with and without country code)
  • Email address
  • Home address (full and partial)
  • Usernames and handles (old and current)

Track results in a simple log

  • URL
  • Source type (data broker, social, forum, news, public record, directory)
  • Exposed data (address, phone, email, relatives, employer, photos)
  • Action taken (opt-out submitted, removal requested, account deleted)
  • Status (pending, removed, denied)
  • Follow-up date
  • Reference ID/case number (if you’ve submitted an opt out/request for removal)
  • Screenshot of your information online

2) Remove personal info from search engines

Search engines often show your personal information, but they are not the original source. Treat search removal as visibility reduction, then remove the source (3) to prevent reappearance.

Google: What you can remove

  • Use Google’s Detailed Removal Request Form when your PII is being used maliciously (e.g. by doxxers). Include screenshots and relevant search queries to speed the process.
  • Use the “Results about you” dashboard to identify and request removal of results containing personal contact details. It means you only have to submit PII once and Google will continuously scan and notify you if a new listing appears. In the Google App, tap your profile icon > Results about you.
  • Even if Google removes a result, it’s still a good idea to remove the source page or listing to prevent future re-indexing.

Google Maps and Street View

  • If your home or sensitive location is visible, request blurring of Street View imagery and confirm it after processing.
  • Keep a record of the request and the final blurred view for evidence.

Other search engines

  • Repeat these removal steps for Bing and other engines if results persist after source removal (although you should prioritize source removal).
  • For Bing, use the Microsoft Report a Concern to Bing form, select "Exposed personal information" as the concern, and choose the relevant sub-category. You’ll need to provide the search query and search URL.

3) Remove the source 

Source removal (from websites, forums, directories and web archives) is the longest-lasting fix. When a source cannot be removed, aim to at least remove sensitive fields (address, phone, email) or suppress indexing.

Contact site owners and administrators

  • Find the contact method on the website via the privacy policy. Look for the contact details of the data protection officer (DPO) or privacy team in GDPR jurisdictions or relevant US states.
  • If a site has no contact info, use a WHOIS lookup tool.
  • Request deletion or anonymization (removal of address, phone, email) and include the exact URL. It may help to cite the law: e.g. “I am exercising my Right to Erasure under Article 17 of the UK GDPR" or "I am submitting a deletion request under the California Consumer Privacy Act".
  • Keep communications in writing and store confirmations.

Web archives and mirrors

If content persists in archives after source removal, submit archive removal requests where possible. You should expect delays and verify using multiple browsers and locations. Saying the archived page contains “private, sensitive PII that poses a safety/security risk” may accelerate the process.

4) Contact data brokers and people-search sites

For most people, data brokers and people-search sites are the main reason personal information stays visible. These sites aggregate and resell data. Removing listings reduces doxxing and fraud risk.

The DIY opt-out loop

1. Find your listing on the broker or people-search site.

2. Locate the broker and select opt-out or do-not-sell (selecting delete will remove the broker’s record of you and make it more likely your data will reappear).

3. Submit the request using a dedicated email address. (Consider using an aliased email, i.e. via iCloud Hide My Email, for maximum privacy).

4. Complete verification (email or SMS) if required.

5. Log the request and set a follow-up date.

6. Re-check after 30 to 90 days (re-listing is common) and repeat if necessary.

Start with the biggest people-search targets

  • Whitepages
  • Spokeo
  • BeenVerified
  • Intelius
  • Any broker that ranks on page 1 for your name, phone, or address queries

If you are a California resident

California offers a Delete Request and Opt-Out Platform (DROP) that lets residents submit simultaneous deletion requests to all data brokers registered in the state. Use DROP to scale opt-outs, then verify removals and re-check for reappearance.


If you are an EU resident

The EU has no system like California’s. But under the GDPR’s “right to erasure,” any company responding to a request for data deletion has one month to do so. Various private companies also exist which claim to offer an automated way to issue deletion requests in bulk.

Manual vs paid removal services

Decide which is the right option for you based on time, risk, and whether you need to carry out ongoing maintenance.

DIY is a strong fit if:

  • You can spend a few focused hours submitting opt-outs and following verification steps
  • You are on a budget
  • You can track requests and follow up on delayed or denied removals
  • Your exposure risk is moderate, and you can maintain a re-check cadence

A paid service may be worth it if:

  • You are removing data for multiple family members
  • Your information reappears frequently and you want recurring removals handled
  • You are high-risk and need continuous monitoring and broker coverage breadth

 Remember that you will need to trust the third-party service provider with your PII. Be sure to find a reputable, audited provider that encrypts your data.

5) Social media and account cleanup

Social media and old accounts are common sources of location, employer, family, and contact data. Lock down visibility, remove sensitive fields, and delete what you do not need.

Prioritize the following (in order):

1. Make profiles private or restrict who can view your content. If the profile picture is public by default, use a generic photo or photos capturing you from behind.

2. Remove phone number and email visibility.

3. Remove address, workplace, school, and family fields.

4. Disable contact syncing and address book uploads. Clear the cache by navigating to settings and deleting all uploaded contacts.

5. Delete or deactivate old accounts you no longer use. If you cant delete an old account, at least change the username to a random moniker.

6. Remove posts that reveal patterns (home exterior, commute routes, child school uniforms, travel routines). Consider using a “Background Blur” tool to prevent AI detecting your location via objects in the background of photos.

TikTok account privacy

  • Switch account to private where appropriate
  • Review who can message you, comment, stitch/duet, or find you via contacts
  • Disable discoverability via phone number and contacts
  • Disable Suggest Your Account to Others” by toggling off Contacts, Facebook Friends, People with mutual connections, and “People who open or send links to you”
  • Hide your location by going to Settings > Privacy > Location Services and setting TikTok to Never”
  • Stop TikTok tracking what other apps you use. Under Settings > Privacy, find “Ads Personalization” and turn off “Use of off-TikTok activity”
  • Prevent strangers linking your face to a post that might contain PII. Go to Settings > Privacy > Mentions and Tags. Set to “No one” or “People you follow”
  • Toggle off “Activity Status” so people can’t see exactly when you are online (this could be used to track your daily routines)
  • Minimize opportunities for social engineering by fraudsters by setting direct messages to “No one” or “Suggested Friends”

Public records and government databases

Public records vary by country and region. Some records cannot be removed, but many jurisdictions allow suppression or confidentiality programs for eligible people.

Common record sources

  • Property records and land registries
  • Voter registration rolls (where applicable)
  • Court records and filings
  • Business registries and trade licenses
  • Professional directories and licensing boards
  • Permission/application filings (e.g. planning permission)
  • Death records (which could be used by scammers to get your mother’s maiden name)
  • Marriage and divorce certificates

How to approach removal or suppression

1. Identify the jurisdiction and the exact record type. Voter rolls, property deeds and court filings are good places to start.

2. Search for confidentiality, protected address, or suppression programs (e.g. Anonymous Registration for voting in the UK, or US address confidentiality programs).

3. Submit a request using the official process and retain proof of submission. Requests may require a court order, a police report, or an attestation from a qualified professional.

4. If suppression is not possible, focus on breaking amplification paths (data brokers, Google, directories, social exposure).

Removing information following a data breach

If your data is leaked via a breach, assume it will be replicated into broker ecosystems and reused for scams.

Breach response priorities

  • Remove or suppress broker listings to reduce exposure.
  • Secure accounts: Change passwords to strong, unique credentials and switch on 2FA.
  • Monitor for fraud attempts and unauthorized account activity.
  • Re-check listings regularly because breach data can repopulate broker profiles.

AI and next-generation exposure

The proliferation of AI tools has amplified potential exposure of PII. There are two distinct problems: (A) Your data is on a site that AI systems can scrape, and (B) your data appears in AI outputs. Most cases are solved by source removal first.

Problem A: Your data is on websites that can be scraped

  • Delete the source page or account if you control it.
  • Request the site owner remove the content if you do not control it.
  • After removal, request deindexing in search engines when needed.

Problem B: your data appears in AI outputs

  • Use provider privacy request processes where available (e.g. a “remove my personal data from responses” form or similar).
  • Achieve long-term results by: Removing the source, reducing indexing, and reducing future publication.

Remember: Opt-outs may reduce future use but may not erase past training effects.

Verification and monitoring

Removal is not complete until you verify. Many listings reappear due to data refresh cycles and replication across brokers.

Verification protocol

  • Check results in private browsing, on a different device, and with a VPN.
  • Re-check in at least one alternate search engine.
  • Verify after typical processing windows (7 days, 30 days, 90 days).
  • Confirm that source pages are removed or anonymized, not just deindexed.
  • Use free broker scanning tools like Optery or Kanary to find deep-linked profiles.

Why information reappears

  • Another broker republishes the same dataset
  • Public record feeds update and re-populate profiles
  • Social profiles leak data and brokers re-crawl it
  • Apps and services reshare data via marketing ecosystems

Prevention: reducing future exposure

The best way to stay removed is to reduce new data creation and leakage.

High-impact prevention actions

  • Use masked emails (temporary or alternative email addresses) for signups where available
  • Consider using MySudo or Hushed for burner phone numbers
  • Consider using services like Privacy.com or Revolut to create a unique virtual credit card for every merchant
  • Avoid publishing phone numbers publicly unless required
  • Disable contact syncing and address-book uploads in apps that do not need them
  • Delete old accounts and minimize public profiles
  • Schedule regular audits of your name, phone, and email

Maintenance cadence

  • Every three months: Re-run the PII inventory searches and review top results
  • Every six to 12 months: Re-check major brokers and renew opt-outs where required.
  • Check immediately if you receive a breach notification.

Copy and paste templates

Template 1: data broker follow-up

Subject: Follow-up on deletion request (personal data)

Hello,
On [DATE], I submitted a request to delete or suppress my personal data from your services. Please confirm the status of my request and the expected completion date.

My listing details:
- Name: [FULL NAME]
- Location: [CITY/STATE]
- URL of listing: [URL]

Thank you,
[FULL NAME]

Template 2: website removal request

Subject: Request to remove personal information from your website

Hello,
Your page at [URL] contains my personal information, including [LIST WHAT]. I am requesting removal of this information or anonymization (removing address, phone, email) as soon as possible.

If you need verification, I can confirm identity via [METHOD].

Thank you,
[FULL NAME]

Worried about identity theft or data misuse?

If your personal information has already been exposed online, removal alone may not be enough.

ESET HOME Security Ultimate includes Identity Protection that continuously monitors for signs of identity misuse and alerts you early - when fast action matters most.

Don’t wait until fraud happens. Protect your identity proactively.

Home Security Ultimate banner

 

Expert tips

“Personal data remaining online isn’t just a privacy issue but actually a potential risk multiplier. Even small pieces of information like a phone number or an old address can be enough to bypass some security checks or make scams feel convincingly personal so it’s important to reduce what is available. This is why we need to be really careful about what information we give away legitimately and question if it is needed in the first place.

Tools such as Google removals can help reduce sites locating and using your data, but they do not remove the data on the site itself which is why deleting it at the source is more effective. Digital privacy doesn’t have to be about disappearing from the internet altogether, it is about shrinking your attack surface so cybercriminals have less information to work with and fewer ways to attack with.”

-          Jake Moore, Global Security Advisor

An ongoing commitment

Reclaiming your digital privacy in today’s always-on, digital-first world is not a “one and done” job. It’s an ongoing commitment, which must focus on high-risk data brokers, locking down social media footprints, and using modern tools like masked aliases and suppression platforms. It’s virtually impossible to achieve a “zero footprint”. But through proactive auditing and prevention it is possible to minimize your digital shadow. And ensure that your PII remains out of the public eye.

Frequently asked questions

Can you completely delete yourself from the internet?

In most cases, you can dramatically reduce exposure, but complete deletion is rarely possible because public records, reposts, and archives exist. Aim for risk reduction and ongoing control.

How do I remove my information from Google?

Use Google’s “Results about you” dashboard to request removal. Alternatively, click the three vertical dots (or the “About this result” icon) next to the search result in question and select Remove result.

If Google removes a search result, is the data gone from the internet?

No. Google only removes the link from its search index. The original website still hosts the data. You must remove the source to ensure it doesn’t appear in other search engines or AI training sets.

How do I opt out of data brokers for free?

Use broker opt-out pages directly. Start with the brokers that rank for your name and the largest people-search targets, then expand coverage using broker registries.

How long does removal take?

Processing times vary by platform and jurisdiction. Some broker removals can take days to weeks. Plan to verify after seven, 30, and 90 days and repeat where necessary.

Is it better to “delete” or “suppress” my data with brokers?

Suppression is often better, because if you delete your data, a broker may re-scrape and re-list you during the next automated cycle.

How do I stop AI models like ChatGPT or Gemini from displaying my PII?

Submit a formal request through the provider’s privacy portal. This will block your PII from being shown to other users.

Why does my information keep reappearing after I remove it?

Usually because a new public record was filed, or because a smaller broker obtained a dataset from a larger one that you haven’t opted out of yet.