All posts
Privacy GuidesPublished Updated

What Is a Data Broker? How Your Personal Information Is Sold

A data broker collects personal information from public, commercial, and online sources, then packages or sells it without a direct customer relationship.

DRDominik Rapacki
6 minutes read

A data broker is a business that collects personal information about people from public records, websites, apps, retailers, and other companies, then packages, shares, or sells that information. You usually do not have a direct relationship with the broker. A single profile can connect your name, addresses, phone numbers, browsing activity, purchases, interests, and inferred characteristics.

Data brokers are not all people-search websites. Some support advertising, identity verification, fraud prevention, risk analysis, or market research. The privacy problem is the same: information gathered in separate places can become one detailed profile that is difficult to trace, correct, or delete.

Source note: Updated July 12, 2026 using the California Data Broker Registry, California's consumer data-broker guide, the FTC data-broker report, and the California Attorney General's CCPA guidance. Rights and exemptions vary by jurisdiction and circumstance.

What does a data broker actually do?

The broker's core job is aggregation. It matches fragments from many sources to the same person or household, cleans and organizes those records, and turns them into searchable profiles, audience segments, verification products, or lists for customers.

The California legal definition focuses on businesses that knowingly collect and sell personal information about consumers with whom they do not have a direct relationship. Other jurisdictions use different definitions and exemptions, so data broker is both an industry description and a legal category whose exact boundary depends on the law.

Broker typeTypical productCommon data
People-searchPublic profile or background lookupNames, addresses, phone numbers, relatives
MarketingAudience lists and ad targetingPurchases, interests, browsing signals, demographics
Risk and identityFraud prevention or identity verificationIdentity attributes, device and transaction signals
Business intelligenceResearch, enrichment, or lead dataProfessional details, company roles, contact information

Common types of data brokers

Where do data brokers get your information?

Brokers can acquire data from government and public records, commercial transactions, websites and apps, surveys, warranty registrations, retailers, advertising systems, and other brokers. The FTC found that layers of brokers often exchange data with each other, making the original source hard for a consumer to identify.

  • Public records such as property ownership, professional licenses, court records, and voter files where available.
  • Commercial data from purchases, loyalty programs, subscriptions, surveys, and warranty registrations.
  • Online and device signals such as browsing activity, cookies, advertising identifiers, app use, and approximate or precise location where collected lawfully.
  • Other brokers, which can enrich, resell, or repackage records that have already moved through several companies.

What information can a data broker have about you?

The exact record varies by broker. California's consumer guidance lists identifiers such as email addresses and phone numbers, precise geolocation, browsing history, shopping habits, interests, health-related information, and Social Security numbers among the categories brokers may collect or sell.

A broker may also infer facts rather than observe them directly. Purchase patterns, location, household details, and browsing behavior can be used to predict interests, financial status, health concerns, political views, or family circumstances. An inference can be wrong while still affecting how a person is categorized.

Who buys data broker information?

Customers can include advertisers, retailers, recruiters, political campaigns, landlords, debt collectors, identity-verification providers, and fraud-prevention teams. Some uses are routine business functions. Others create privacy or security risks, especially when detailed contact, household, or location data becomes easy to search.

A people-search profile can also be viewed by individuals as well as businesses. That accessibility can help reconnect people, but it can also make phone numbers, past addresses, relatives, and age ranges easier for scammers, stalkers, or harassers to use.

Why are data brokers a privacy risk?

Aggregation changes the risk. A phone number alone may look harmless; paired with a home address, relatives, age, and interests, it becomes more useful for targeted scams, unwanted calls, impersonation, or harassment. See how exposed data contributes to spam calls and what to do if you are concerned about doxxing.

Accuracy is another problem. Records can be outdated, merged with another person, or based on a weak inference. Consumers may not know which company created the record, which downstream buyers received it, or how to correct every copy.

How can you find data brokers holding your information?

Start with your name, phone number, email address, and current or former city in a private browser window. Check major people-search sites and use a maintained data broker opt-out list. Our opt-out guide hub organizes manual instructions for individual sites.

Government registries can reveal companies that are less visible in ordinary search results. California publishes a data broker registry with submitted details about data categories, recipients, contacts, and consumer request processes. Registration does not mean every broker has your record, and an unlisted company is not automatically outside every data-broker definition.

How do you remove your information from data brokers?

Manual removal means identifying each broker, finding its privacy or suppression page, locating your record, submitting the requested identifiers, and completing email or identity verification. Save confirmation messages and recheck later because data can reappear after a broker receives a new source file.

  1. Search for exposed profiles and record the exact URLs.
  2. Use the broker's official privacy, opt-out, or suppression form.
  3. Provide only the information needed to match the correct record and complete verification.
  4. Keep evidence of submission, then verify that the listing is no longer public.
  5. Repeat checks periodically and submit a new request if the data returns.

For a broader process, follow the guide to remove yourself from data brokers. If home exposure is the immediate concern, prioritize the steps for removing your address from the internet.

Do privacy laws let you opt out?

Your rights depend on where you live, which business holds the data, why it is processed, and whether an exemption applies. California law gives covered consumers rights that can include knowing, deleting, correcting, limiting certain uses, and opting out of sale or sharing. Public-record and sector-specific exemptions can limit what is removed.

California residents can submit a request through the state-run Delete Request and Opt-out Platform (DROP). The California registry says brokers must begin processing DROP deletion requests on August 1, 2026. Elsewhere, use the broker's own request process and the privacy rights available in your jurisdiction.

Manual opt-outs or a removal service?

Manual opt-outs cost time but give you direct control and can work well when only a few visible profiles matter. A removal service is useful when you want broader discovery, repeated requests, and monitoring across many brokers. Neither approach erases lawful public records or guarantees that information will never return.

You can start with a free exposure scan to understand the scope, then review the data removal service comparison or our guide to the best data removal services before deciding whether automation is worth paying for.

Frequently asked questions

Are data brokers legal?

Data brokerage is legal in many contexts, but brokers must follow applicable privacy, consumer-protection, sector, and registration laws. What a broker may collect, sell, retain, or delete depends on the jurisdiction and the type of data.

Is a people-search site a data broker?

Many people-search sites fit common data-broker descriptions because they collect information from sources other than the person and make profiles available to customers or the public. The precise legal classification depends on the law and any exemptions.

Do data brokers know my Social Security number?

Some brokers may process Social Security numbers or portions of them, while many public people-search listings do not show them. Never assume every broker has the same fields, and do not send highly sensitive identifiers unless an official, secure request process clearly requires them.

Can I ask every data broker to delete me?

You can submit requests, but whether deletion is legally required depends on your location, the broker, the data source, and exemptions. A broker may also need enough information to match you to the correct record.

Why does personal information come back after removal?

Brokers refresh databases from public, commercial, and partner sources. A new or slightly different record may not match the identifiers used in the first opt-out. Periodic monitoring helps catch reappearing profiles.

Does deleting broker data remove public records?

Usually not. Removing a broker's copy does not erase the original court, property, licensing, or other public record. The goal is to reduce aggregation and easy discovery, not rewrite the source record.

Continue reading

Related privacy guides

Start Protecting Your Privacy

Join thousands of users who have already removed their data from 1,500+ brokers. Take control of your privacy today.

Ready to get started? Create your account and begin data removal in minutes.