METHOD

How an Eraser Engagement Runs

June 2026  ·  14 min read

Privacy Insight Solutions OSINT & Executive Privacy Analysts

The Mirror maps your public exposure surface. The Lockdown investigates the credential layer. The Eraser removes — across people-search platforms, B2B data brokers, and sector-specific records identified during the foundation investigation that precedes every removal campaign.

This article walks through how an Eraser engagement runs from intake to the 90-day re-scrub: why the investigation foundation comes before a single opt-out is submitted, how two broker surfaces require different mechanics and different legal instruments, and why the timing of the re-scrub is anchored where it is. The service page is at /the-eraser; the firmwide framework is at /methodology. This article is the depth view between them.

A note on this article. Where this article describes mechanics, it draws on the investigation methodology and observations from the removal campaigns we run — not on any specific client engagement. Client data is cryptographically deleted within 48 hours of delivery acceptance and is off-limits to editorial use after that. This is the Data Purge Policy applied without exceptions.

Intake — what we need, and why

An Eraser engagement starts with four categories of information.

Identifiers. Full name including variants, previous names if applicable, primary email address or addresses, primary username. These are the anchors for the foundation investigation.

Jurisdiction. Where you currently live, where you have lived in the last ten years, and any other country where you hold citizenship, tax residency, or a registered role as a company director or trustee. Jurisdiction determines which broker ecosystems are in scope and which legal mechanisms apply. A Dutch resident and a UK resident face different removal campaigns — different platforms, different opt-out paths, different legal instruments, different supervisory authorities to escalate to if needed.

Professional and corporate context. Current and former employers, professional sectors, board positions or directorships. This intake category is specific to the Eraser. Professional context determines which B2B and sector-specific broker categories are likely to hold records. An executive with a history of board appointments in multiple jurisdictions faces a different scope than a private individual with no corporate registrations. The foundation investigation surfaces the actual presence; the intake establishes which areas to prioritise.

Scope agreement. The Eraser covers people-search platforms and B2B data brokers. It does not cover content suppression, URL de-indexing from search engines, or platform-specific content removal — social media posts, news articles, forum threads. Where clients need that work, it is scoped separately. Agreeing this boundary at intake prevents misaligned expectations six weeks into the engagement.

The engagement gate is the same as the Mirror and Lockdown: signed informed consent and identity verification. The consent authorises the firm to investigate and act on records associated with the client's own identifiers. It does not extend to family members, employers, or business associates.

Week 1 — the Mirror foundation: mapping before removal begins

The Mirror investigation runs first. Not simply because mapping before removing is good practice — though it is — but because the profile the Mirror produces determines the scope of the removal campaign that follows.

Geography surfaces which people-search platforms hold records and which opt-out paths apply. Professional history surfaces which B2B data categories are likely in scope. A marketing professional with a long LinkedIn history and roles at technology companies will appear in B2B sales intelligence platforms — Cognism (the strongest European-native B2B broker), ZoomInfo, Lusha, Apollo.io — in ways a hospitality industry employee will not. A company director with UK Companies House filings is findable through director-scraping platforms — 192.com, Endole, DueDil, Pomanda — that aggregate and resell public registry data. A professional active in the Netherlands will likely appear in Dutch-specific marketing data providers such as BoldData and Altares Dun & Bradstreet Benelux. The Mirror cannot identify every B2B record — some broker databases are not publicly queryable — but it establishes the profile that makes the removal campaign specific rather than generic.

The Mirror Report is delivered at the end of Week 1. This is the client's first concrete deliverable: the exposure surface documented before any removal has begun. It carries the same four-field format as a standalone Mirror engagement — what was found, where, risk classification, recommended action — plus the scope conclusion for the Eraser: which broker categories are in play, which jurisdictions are covered, which sector-specific surfaces need attention in the active removal phase.

Mirror investigation methodology is described in full at How a Mirror Investigation Runs.

Week 2 — the Lockdown foundation: the credential layer

The Lockdown investigation runs in Week 2. It covers the credential surface: breach corpora, stealer-log indexes, dark-forum references, corporate credential exposure. This matters for a removal campaign because credential exposure in breach databases does not appear on people-search opt-out lists and cannot be addressed through the same mechanisms. A password hash in a breach corpus requires a different response than a Whitepages listing — account hardening, targeted Art. 17 erasure requests to breach-data aggregators that republish compromised credentials.

The Lockdown Report is delivered at the end of Week 2. Second client deliverable, second touchpoint before active removal begins. It carries the two-axis scoring from the Lockdown methodology — confidence tier (High / Medium / Unverified) and risk state (Active / Latent / Superseded). Where credential findings require removal actions, those are integrated into the active removal phase that follows.

Delivering the two foundation reports sequentially — Mirror at end of Week 1, Lockdown at end of Week 2 — gives the client a substantive picture of their exposure before a single opt-out is submitted. By the time active removal begins in Week 3, both the client and the analyst team have a verified, scoped view of the surface they are working against.

Lockdown investigation methodology is described in full at How a Lockdown Investigation Runs.

Weeks 3–5 — active removal: two surfaces, two mechanics

Foundation complete. Scope set. Active removal begins in Week 3 and runs through Week 5. The work divides across two surfaces that require fundamentally different approaches.

People-search platforms are publicly indexed — searchable by name and returnable in ordinary search results. Their opt-out portals accept removal requests, issue confirmation emails, and process the removal against the public-facing database. The mechanics are straightforward in principle; in practice, each platform has its own portal, its own verification step, and its own confirmation timeline. Automated bulk submissions are not used. People-search platforms have become effective at filtering them — the signal pattern of bulk submissions triggers platform-side suppression of the request itself. Every opt-out is submitted manually, per platform, per client.

The method of submission — portal form, email, or formal letter — is chosen per case. A platform whose opt-out portal consistently fails to confirm gets a direct email to the listed data protection contact. A platform that requires a written request citing a specific legal basis gets a formal letter with Article 17 or Article 21 referenced by name and the statutory response deadline noted. What is most effective varies by platform and by jurisdiction; the foundation mapping gives the analyst team enough context to choose the right route.

B2B data brokers are not publicly queryable. Their records feed sales intelligence pipelines, marketing lists, and identity-risk scoring sold to organisations. A person cannot find their own record on Acxiom or LexisNexis Risk Solutions by searching their name; the record exists but is not surfaced through any public interface.

Removal from B2B brokers runs through statutory rights. In the EU and UK, the primary instruments are GDPR Article 17 (right to erasure), Article 21 (right to object to processing, including direct marketing — where the objection covers direct marketing, the controller has no legitimate-interest override), and Article 12(3), which requires a response within one month of a valid erasure request. For US-applicable platforms and clients with California residency, CCPA and Delete Act routes are submitted in parallel where both apply.

Sector-specific routes within the B2B surface:

  • B2B professional data platforms — Cognism, ZoomInfo, Lusha, Apollo.io — each operates a dedicated privacy portal for erasure requests. GDPR Article 17 and Article 21 are cited where the platform operates in the EU or UK.
  • Dutch marketing data — BoldData, Altares Dun & Bradstreet Benelux — addressed via direct Art. 17/21 requests through the platform privacy contact or DPO channel.
  • German consumer credit and financial data — SCHUFA, CRIF (which absorbed the Bürgel and Infoscore Consumer Data operations), and Riverty (payment and debt-management records) — require a layered approach. Core credit scoring data held by SCHUFA and CRIF is processed under a legitimate interest basis that Article 17 erasure frequently cannot override; the bureaus will cite statutory data-retention grounds. The Eraser targets the marketing-specific processing layer: an Article 21 objection to direct marketing suppresses the marketing use of the data even where the underlying credit record cannot be erased. An Article 15 Selbstauskunft — available free once annually — is filed first to establish what the bureau holds, then the Article 21 objection is submitted against the marketing-processing flags specifically. Deutsche Post Direkt (postal marketing data) and Acxiom Germany (consumer segmentation profiles) are addressed via direct Art. 17/21 GDPR requests.
  • UK director and corporate data — 192.com removal goes through a form-based submission process; voter roll data suppression in the underlying electoral register requires a separate application to the relevant local council. Endole, DueDil, and Pomanda each have their own removal paths. Where a client's home address was used as a company registered office and appears in Companies House filings, a separate application is made under the 2023 Economic Crime and Corporate Transparency Act provisions to suppress that address from the public register.
  • UK commercial aggregators — Experian Business, Equifax UK — UK GDPR Art. 17 requests submitted directly.

National marketing opt-out registries — the Robinsonliste in Germany, the Postfilter in the Netherlands, the Mail Preference Service in the UK — are registered where applicable. These suppress new marketing data entries rather than removing existing records; they are most useful as a brake on future accumulation rather than a removal mechanism for what already exists.

A monthly progress report is sent throughout the active removal phase: confirmed removals, pending cases, any newly surfaced entries, next actions.

If your data is already on these platforms and you need it removed rather than mapped, that is what the Eraser is built to do.

Talk to an Analyst

Weeks 6–8 — verification and escalation: the statutory window

GDPR Article 12(3) gives data controllers one month to respond to a valid erasure or objection request, extendable to three months for complex cases. Weeks 6 through 8 align with the statutory window closing on the first removal requests submitted in Week 3. Three outcomes per target:

Confirmed removed. The platform no longer returns results for the client's identifiers, a confirmation email has been received, or a follow-up Article 15 access request shows no remaining record. Documented with evidence.

Re-targeted. The platform has responded or the window has closed, but the record persists. The analyst resubmits with an escalated legal basis — a formal letter citing the specific provision, the deadline that has now lapsed, and the supervisory authority to which a complaint will be filed if the request is not actioned within a defined window.

Escalated. The statutory window has passed without a valid response, or the platform has refused erasure without a legally sound basis. A formal complaint is filed with the relevant supervisory authority: the Autoriteit Persoonsgegevens (AP) in the Netherlands, the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI) in Germany, or the Information Commissioner's Office (ICO) in the UK. Escalation is proportionate — supervisory authority complaints are filed where the legal position is clear and the platform's refusal is unjustified, not as a default response to every slow reply.

Two deliverables at the end of Weeks 6–8:

Final Removal Verification — documented site by site: what is gone, what remains suppressed at the broker level (record hidden from public display where full database erasure was not achievable), what is under supervisory authority review.

Digital Hygiene Plan — personalised protocols for reducing re-accumulation: which platforms to keep private, which registration patterns create new B2B data entries, how to monitor for re-emergence, professional-data hygiene if the client's role puts them back into B2B data pipelines.

The 90-day re-scrub: why the anchor matters

The re-scrub runs 90 days from the end of Week 5 — from the close of the active removal phase, not from the end of the engagement.

The anchor is operational. By the end of Week 5, every opt-out and erasure request has been submitted. Weeks 6–8 deal with the statutory response window on those submissions. By Day 90 from Week 5, the escalation phase is complete and people-search platforms have completed at least one full refresh cycle against their upstream sources. This is the right moment to check what has resurfaced: opt-outs submitted, escalations resolved, platforms refreshed.

People-search platforms do not hold a static database. They pull continuously from upstream source aggregators — marketing lists, public registries, third-party data licensors — and a cleared record re-lists when the platform refreshes from those sources. The re-scrub re-checks every platform from the original list and resubmits any opt-outs that did not hold. It also catches entries that appeared on platforms not in the original scope since the engagement began.

Anchoring to end of service delivery instead — 90 days from end of Week 8 — would mean checking while statutory responses on escalated cases are still live, and would push the check into the window where ongoing monitoring is the right instrument. That is Guardian territory. The current anchor is where it is because it is the right operational moment.

The re-scrub is included in the engagement price. Anything resurfaced is resubmitted. The re-scrub report documents what was found and what was re-actioned.

What we don't do — and why

No automated submissions. People-search platforms and B2B broker portals actively filter automated opt-out requests. Manual submissions navigate platform-specific portal failures, follow confirmation loops, and leave an auditable trail. Automated tools produce confirmations that require manual follow-up and are treated by platforms as high-volume noise.

No guarantee of 100% removal. Brokers re-populate from upstream sources. New brokers emerge. The 90-day re-scrub addresses one refresh cycle; new accumulation after that is ongoing. Any service guaranteeing permanent complete removal is misrepresenting how the data broker industry functions.

No content suppression or reputation management. De-indexing specific URLs from search results, suppressing negative rankings, removing social posts or news articles — these are distinct disciplines with different mechanisms and timelines. They are outside Eraser scope. Where a client needs this work, it is scoped separately.

No data purchase. We do not buy records from brokers, lead-generation platforms, or breach markets.

No core credit-file erasure. Credit bureaus — SCHUFA, CRIF, and equivalents — process scoring data under a legitimate interest basis that Article 17 erasure generally cannot override for the core scoring function. The Eraser targets the marketing-processing layer at these entities, not the credit record itself.

No retention beyond engagement close. All client data is cryptographically deleted within 48 hours of the engagement closing.

When the Eraser is the wrong tool

You need a guide, not an executor. If the objective is understanding what to remove and how to do it yourself, the Presence Reduction Brief is the right fit — a bespoke removal guide and GDPR/CCPA request pack built from Mirror findings, for the client to execute. The Eraser runs the campaign; the Brief provides the map and instruments for self-execution.

There is an active threat in progress. Ongoing targeted harassment, doxxing already live, suspected device compromise. The Shield handles active-threat mitigation. Running an Eraser campaign while a threat actor is actively republishing data addresses the downstream broker layer without stopping the source. The Shield is the right entry point; the Eraser can follow once the active threat is contained.

You are already on the Guardian retainer. The Guardian's quarterly re-scrub covers ongoing re-emergence. Where broker re-listing is the concern during a Guardian engagement, escalate within that retainer before commissioning a new Eraser.

Exposure is limited in scope. If the goal is understanding exposure rather than executing removal, The Mirror at €595 is the right starting point. The Mirror fee is credited in full against the Eraser if you proceed within 30 days of Mirror delivery.

Closing

The Eraser has a defined end. The re-scrub runs 90 days from the close of the active removal phase. What has resurfaced is removed again. The engagement closes with a documented state: what's gone, what's under supervisory authority review, what the re-scrub found.

The boundary is deliberate. An engagement without a close point depends on ongoing accumulation to justify its continuation. The Eraser is designed to finish — with a verified removal state at the end of the re-scrub and a Digital Hygiene Plan that reduces what comes next. What accumulates after the engagement closes is Guardian territory. They are different instruments for different points in the cycle.

Sources

Primary legislation

Supervisory authority guidance

Sister articles and service context

Share this briefing

If this was useful, sharing it helps others protect themselves. It also helps keep the intelligence briefings free.