How Removals Actually Work

The short version

You pay. We become your authorized privacy agent under CCPA §1798.135(c). We send a legally-valid removal request to every broker that has you in their database, attaching a signed authorization PDF (your TPA). Brokers have up to 45 days to honor the request. We rescan every 7 days and re-file for any broker that hasn’t actioned. You get an email every time a broker confirms.

Step 1 — We map you (within 60 seconds)

Right after checkout you complete a short profile: full name, current address, previous addresses, prior names, phone, date of birth. This is the identity packet brokers need to match you against their databases. Without it, removal requests often fail validation.

Step 2 — You sign the TPA

The Third-Party Authorization (TPA) is the legal document that authorizes GalaxyWarden to act on your behalf. CCPA §1798.140(i) requires this for any agent-filed request. Without a TPA most reputable brokers will (correctly) reject the request as unauthorized. We generate a signed PDF the moment you type your signature, store the hash for audit purposes, and attach the PDF to every outbound broker email.

Step 3 — We file (over the first 14 days)

Your removal scope is 130+ brokers directly, plus their affiliate networks (which roll up to roughly 700+ sites — one filing to PeopleConnect clears BeenVerified, Intelius, TruthFinder, InstantCheckmate and NeighborWho in one shot). We pace the filings to keep our domain reputation clean, which means most customers see all sends complete within 14 days, not 14 minutes.

Each outbound email sets Reply-To to a unique address on replies.galaxywarden.com so broker responses route to our inbound classifier, not your inbox. You get a Bcc’d copy of every send for transparency.

Step 4 — Brokers respond (or don’t)

CCPA gives brokers 45 days to honor a removal request. In practice:

• Most brokers auto-acknowledge within 24 hours and confirm removal within 7–30 days.
• Some brokers push back asking for the TPA to be re-supplied. Our system auto-replies with the TPA already on file.
• A few brokers require additional identity verification you must complete personally on their site (we forward those to you with instructions).
• A small minority don’t honor authorized-agent requests — we document these on the dashboard so you know which require self-service.

Step 5 — We rescan and re-file (every 7 days for 90 days)

Removal isn’t a one-shot transaction. Brokers re-ingest from public-record sources, and your data can re-appear days after a confirmed removal. Every 7 days we re-scan, and if you’ve been re-listed we re-file. This is included in the $19 — no separate fee, no subscription required to keep the 90-day window active.

After 90 days, continuous protection requires a Warden ($4.99/mo) or Warden Plus ($9.99/mo) subscription. Without one, your data may slowly re-accumulate as brokers re-ingest public records.

What “confirmed” means on your dashboard

The scanning dashboard shows three states per broker:

• Request sent · awaiting removal confirmation — we filed; the broker hasn’t replied yet (or replied with a generic acknowledgment).
• Our team is reviewing the broker’s reply — the broker responded with a non-standard request (e.g. asking for a notarized form). We’re handling it.
• Broker confirmed removal — the broker explicitly confirmed the data has been removed. This is the terminal positive state.

What we don’t cover

• Federal records: court filings, federal databases, news archives. CCPA doesn’t reach these.
• Foreign brokers without US presence: CCPA doesn’t reach them either.
• Brokers operating exclusively under B2B exemptions: some marketing data resellers serve only business buyers and are exempt from consumer-facing CCPA requests.
• Content you posted yourself on social media, forums, blogs, or your own websites. Removal requires you to take it down or use the platform’s own privacy tools.

Audit trail you keep forever

Every email we send is logged in your dashboard under Sent log. Each entry includes the recipient, subject, full body, reference token, and date sent. If a broker disputes your request, or you need to escalate to a state regulator (CA Attorney General, FTC), you have the receipts.