To delete your personal data, find the company’s privacy policy and locate its data deletion request form. Submit your name, email, and a written deletion request citing your state’s privacy law. Companies must respond within 45 days. For data broker removals, use services like DeleteMe or Incogni, or opt out from each broker manually.
Most companies know more about you than you think — your purchase history, location patterns, political leaning, health concerns, and income estimates. And most of them didn’t ask for your permission to collect it.
The good news: you have a legal right to ask them to delete it. This guide explains exactly how to use that right — which laws apply to you, how to submit a deletion request that actually works, what to do when companies say no, and which tools can handle the heavy lifting.
What Is the Right to Delete Personal Data?
The right to delete — sometimes called the “right to erasure” — lets you ask a company to remove the personal information they hold about you. This includes:
- Your name, email address, phone number, and home address
- Browsing history, search history, and location data
- Purchase records and behavioral profiles
- Data they’ve bought or received from third parties
This right doesn’t erase you from the internet entirely. But it gives you real control over what specific companies store and use.
Which Privacy Laws Apply to You
The US has no single federal privacy law that covers everyone. What applies to you depends on where you live.
California has the most comprehensive protections. The California Consumer Privacy Act (CCPA), updated by the California Privacy Rights Act (CPRA), gives residents the right to know what data is collected, the right to delete it, and the right to stop it from being sold.
Other states with active consumer privacy laws as of 2025 include Virginia, Colorado, Connecticut, Texas, Montana, Oregon, and Florida. Each has slightly different rules, but all include a version of the right to deletion.
What if your state doesn’t have a privacy law? You can still submit deletion requests. Many companies apply their California or state-specific policies to all US users, especially large platforms like Google and Meta. You may not have legal enforcement behind your request, but companies are often willing to comply anyway.
To check your state’s current status, the International Association of Privacy Professionals (IAPP) maintains an updated tracker at iapp.org.
Step-by-Step: How to Submit a Data Deletion Request
Step 1: Make a list of where your data lives
Start by identifying the companies that hold your data. These fall into a few categories:
- Apps and accounts you’ve used — Google, Meta, Amazon, Apple, your bank, your insurance company, your email provider
- Sites you’ve shopped at or signed up for
- Data brokers — companies that collect and sell your data without you ever interacting with them directly (more on this below)
You don’t need a complete list to start. Begin with the platforms you use most and where a breach would hurt you most.
Step 2: Find the company’s privacy policy or deletion form
Most large companies are legally required to provide a way to submit a deletion request. Look for:
- A “Privacy” or “Data Rights” page in the website footer
- A link to a “Data Request Form” or “Delete My Data” form
- A dedicated privacy portal (Google, Meta, and Apple all have these)
If you can’t find it, search: [company name] data deletion request or [company name] privacy request form.
Step 3: Write your deletion request
Whether you’re filling out a form or emailing a privacy team, include:
- Your full legal name
- The email address(es) associated with your account
- A clear statement: “I am requesting deletion of all personal data you hold about me under [applicable law — e.g., CCPA or your state’s privacy act].”
- What specific data do you want deleted, if you want to narrow it
Keep a copy of everything you send. Screenshot the form submission confirmation if there is one.
Step 4: Complete identity verification
Companies are required to verify your identity before deleting data — this stops someone else from deleting your records. Verification methods vary:
- Logging in to your account and submitting from there
- Clicking a confirmation link sent to your email
- Uploading a government-issued ID (some companies require this for non-account holders)
If a company asks for more information than seems reasonable, you can push back. They need enough to identify you — not a full background check.
Step 5: Track the request and follow up
Under CCPA and similar laws, companies have 45 days to respond. They can extend this by another 45 days (90 days total) if they notify you of the delay and explain why.
Keep a simple log:
| Company | Date Sent | Response Due | Response Received | Outcome |
|---|---|---|---|---|
| Jan 5 | Feb 19 | Feb 10 | Deleted | |
| Whitepages | Jan 5 | Feb 19 | — | Follow-up needed |
If you don’t hear back within 14 business days, send a follow-up. If you still get no response near the deadline, escalate.
The Part Most Guides Skip: Data Brokers
Data brokers are companies whose entire business model is collecting, buying, and selling personal information. You’ve never signed up with them. But they have files on you.
Common data brokers include Whitepages, Spokeo, BeenVerified, Acxiom, LexisNexis, and hundreds of smaller players. They pull data from public records, social media, purchase histories, and other brokers.
Why this matters: If you delete your data from Google but ignore data brokers, your home address, phone number, relatives’ names, and estimated income are still for sale.
How to opt out manually: Most brokers have an opt-out page, but they bury it. Search [broker name] opt out to find it. The process usually involves submitting your name and address, then confirming via email. It can take 2–4 weeks per broker.
The honest reality: Over 200 data brokers are operating in the US. Doing this manually across all of them would take weeks of your time. This is where paid tools become worth considering.
Tools That Automate Data Removal
Three well-known services handle data broker opt-outs on your behalf:
- DeleteMe — One of the longest-established services. Submits opt-out requests and sends you regular reports on what was removed.
- Incogni — Newer, competitive pricing, covers a wide range of brokers.
- OneRep — Focuses on people-search sites specifically.
Pricing typically ranges from $10–$25/month, depending on the tier, with annual plans costing less per month. Verify current pricing directly on their sites before subscribing — rates change.
What these tools don’t do: They can’t delete your data from platforms you have accounts with (like Google or Meta). They also can’t guarantee complete removal — some brokers re-add data after a few months, which is why ongoing monitoring matters.
Free alternative: The World Privacy Forum and Privacy Rights Clearinghouse publish free opt-out guides for major data brokers if you want to do this yourself without paying.
When Can Companies Refuse Your Deletion Request?
Companies are allowed to keep your data in specific situations. These aren’t loopholes — they’re written into the law.
Legally permitted reasons to refuse:
- Legal compliance — Banks, healthcare providers, and financial institutions must retain records for a set number of years under federal law (HIPAA, GLBA, etc.)
- Active legal proceedings — If your data is relevant to pending litigation, it can be held
- Fraud prevention and security — If your data is needed to detect or prevent fraud
- Completing a transaction — If you have an open order or active contract with the company.
- Free speech and research — Data used for journalism, academic research, or statistical purposes may be exempt
If a company refuses, it must tell you why. “We can’t do this” without explanation is not a valid response under CCPA.
What to Do When a Company Says No
If a company refuses without giving you a valid legal reason:
1. Ask for written clarification. Request that they explain exactly which exception applies and point to the specific legal provision.
2. File a complaint with your state attorney general. Every state with a privacy law has enforcement authority. Find your state AG at naag.org.
3. File a complaint with the FTC. Go to reportfraud.ftc.gov. The FTC doesn’t resolve individual complaints, but patterns of complaints trigger enforcement investigations.
4. In California specifically, you can also file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov.
Keep records of everything: Dates, names, email content, and reference numbers. If enforcement action proceeds, your documentation matters.
What About Your Rights on Specific Platforms?
Google: Visit myaccount.google.com/data-and-privacy. You can delete activity data, request account deletion, or download everything Google has on you first using Google Takeout.
Meta (Facebook/Instagram): Go to Settings → Your Facebook Information → Transfer or Download Your Information, then use the “Delete Account” option or submit a data request at facebook.com/help/contact/1276348046055949.
Apple: Visit privacy.apple.com to download your data or request deletion.
Your bank or insurer: Contact their privacy team directly. They are subject to federal financial privacy laws and will have a formal process, but deletion rights are more limited here due to regulatory retention requirements.
Global Privacy Control: A Faster Way to Signal Your Preferences
Global Privacy Control (GPC) is a browser setting that automatically tells every website you visit that you don’t want your data sold or shared. When a site receives a GPC signal, it must treat it as a formal opt-out under CCPA and similar laws.
You can enable GPC in browsers like Firefox and Brave, or through extensions like Privacy Badger. It doesn’t replace deletion requests, but it reduces future data collection automatically.
Conclusion
You have more control over your personal data than most people do. The legal framework is in place. The processes are documented. The tools exist.
The practical starting point: identify your five most-used platforms and your main email address. Submit deletion requests this week. Then decide whether to handle data brokers manually or use a paid removal service.
Privacy isn’t a one-time task. Data gets re-collected. Brokers re-add profiles. New services appear. Set a reminder to review your data footprint every six months.
FAQs
What is the right to delete my personal data?
The right to delete is a legal right in many US states that lets you ask companies to remove the personal information they hold about you — including your name, contact details, browsing history, and purchase records. The company must comply unless a specific legal exemption applies.
How long do companies have to delete my data?
Under CCPA and similar state laws, companies have 45 days to respond to your deletion request. They can extend this by 45 days (90 days total) if they notify you in writing and explain the delay.
How do I actually submit a deletion request?
Find the company’s privacy policy or data rights page (usually in the website footer). Fill out their deletion form or email their privacy team. Include your full name, the email address linked to your account, and a statement citing your applicable state privacy law. Keep records of everything you send.
Can companies refuse my deletion request?
Yes — but only for specific legal reasons: regulatory record-keeping requirements, active litigation, fraud prevention, or completing an open transaction. They must tell you which exception applies. A refusal without explanation is not legally valid under CCPA.
What should I do if a company refuses without a good reason?
Request written clarification of which legal exemption applies. Then file a complaint with your state attorney general, the FTC at reportfraud.ftc.gov, or — in California — the CPPA at cppa.ca.gov. Keep records of all communications to support any enforcement action.
What is a data broker, and why do they matter?
Data brokers are companies that collect and sell personal information without you ever interacting with them. They pull data from public records, social media, and other sources. Deleting your data from apps and platforms doesn’t affect what data brokers hold. You need to opt out of them separately.
