Removal is not permanent. Broker records refresh, breach data resurfaces, search results shift, and household exposure drifts. Guardian exists because a one-time clean-up degrades from the day it completes.
Removal is measured, and it is incomplete
Independent testing is consistent on this. A 2025 PoPETs study measured the major automated removal services clearing an average of 48.2% of identified records in the first month — the majority were not removed. Consumer Reports' 2024 Data Defense study found manual opt-outs removed about 70% of people-search listings at four months, ahead of the best-performing automated service (68%) and well ahead of the weakest (27%). Two different methods, one conclusion: a single pass does not clear the surface, and what is cleared does not stay cleared. (Figures describe people-search removal specifically.)
Why cleared records come back
People-search platforms rebuild from upstream sources, so a removed profile is commonly re-listed within about 12 months. The broker market is not one database but a supply chain: the EDPB's 2026 Support Pool of Experts study on data brokers describes a fragmented market across eight categories, where a record can disappear from one broker and reappear — cloned or refreshed — from another. Removing a record is a point-in-time action against a surface that keeps moving. Why opt-outs bounce back →
The rational response is periodic review, not a bigger one-time push
This is the same logic information-security teams apply to any exposure: risk is not fixed after a single assessment, so the surface is re-checked on a cadence. The Eraser already includes a 90-day re-scrub for exactly this reason — it catches the first wave of reappearance. Guardian extends that cadence indefinitely: each cycle re-checks the surface, re-removes what has returned, and records how often it returns.
Haven't reduced your exposure yet?
Start with the Eraser. Guardian maintains a reduced surface — it does not replace the reduction.
Guardian is an analyst retainer, not a dashboard. Each cycle runs the same verified pipeline as our investigations, then acts and purges. You are not buying software; you are buying judgement applied on a schedule.
What a cycle does
Each review cycle follows the same sequence:
This inherits our standard investigation pipeline — Discovery, Cross-reference, Verification, Report — and adds three things a one-off audit does not: recurrence, action, and a purge after every cycle.
What we keep, and what we purge
Guardian keeps only what is strictly necessary to run the next cycle: a minimal encrypted monitoring profile, a pseudonymous service ledger, and keyed cryptographic fingerprints that let us detect whether a record has reappeared without keeping the record itself. Everything else — findings, screenshots, broker responses, working notes — is purged within 48 hours of each cycle's delivery, exactly as in our one-off work. Every cycle closes with a purge receipt: a content-free confirmation of what was purged and the categories retained. Full model: Data Purge Policy, Section 4.
This cycle: 11 candidate findings, 4 verified, 3 removals actioned, 0 findings retained after purge. The ledger holds status history and keyed fingerprints only.
One product, three intensities. Core maintains a reduced surface; Plus manages it actively; Executive adds protective-intelligence support for principals and their advisors.
| Guardian Core | Guardian PlusRecommended | Guardian Executive | |
|---|---|---|---|
| Price / year | €2,400 | €4,800 | from €9,600 |
| Positioning | Maintain | Manage | Protect + advise |
| Cycle cadence | Quarterly | Monthly | Monthly + event-driven |
| Broker / people-search re-scrub | Quarterly | Monthly | Monthly |
| Dark-web credential re-scan | Quarterly | Monthly | Monthly |
| Annual Mirror re-audit | ✓ | ✓ | ✓ |
| Advisory call | Quarterly | Quarterly | Quarterly + event |
| Written cycle summary | Quarterly | Monthly / bi-monthly | Monthly brief |
| Search-result drift check | — | Monthly | Monthly |
| Impersonation / lookalike checks | — | Monthly | Monthly |
| New-broker discovery review | — | Monthly | Monthly |
| Household / family review | — | Twice yearly | Quarterly or event-driven |
| Priority support | — | 24–48h acknowledgement | 12–24h triage |
| Pre-travel / event / media / transaction checks | — | — | Defined allowance |
| Custom threat-monitoring terms | — | — | Scoped at intake |
| Analyst-on-retainer hours | — | — | Defined annual allowance |
| Family-office / counsel / security coordination | — | — | Within defined hours |
Core is quarterly maintenance, not "continuous protection." Executive does not include a 24/7 promise — response windows are defined, not always-on.
Who each tier is for
Guardian Core €2,400/yr
Completed Eraser clients who want to keep a reduced surface from rebuilding.
Guardian Plus €4,800/yr · recommended
Executives, founders and public-facing professionals who want the surface actively managed month to month. Entry after the Eraser, or the Shield.
Guardian Executive from €9,600/yr
Principals, public figures, family offices, and the advisors and security teams responsible for them. Entry after the Shield or a Family Office engagement — the retained form of the Shield's protective-intelligence posture.
What Guardian does not do
No device forensics · no penetration testing · no account access · no buying data from brokers or forums · no storing leaked passwords · no suppression of legitimate journalism · no reputation manipulation · no 24/7 physical-security response · no continuous surveillance of family members · no removal guarantee where no lawful basis exists.
Coming from the Shield? Guardian Executive
The Shield is protective intelligence run as a project — the "active concern" stage. Guardian Executive keeps that same posture on retainer: the surface, the impersonation and event-driven checks, and analyst hours held open for you and your advisors. It is the ongoing form of the Shield, not a second Shield.
The Guardian retainer, in detail
A retainer, not a monitoring subscription
Monitoring tools send you alerts and leave the work to you. Guardian is the opposite: an analyst runs the agreed checks, verifies each candidate by hand, submits or escalates removals, and sends you a short written summary. The judgement — what matters, what to act on, what is noise — is the product. There is no dashboard to watch.
Why a one-time removal degrades
People-search platforms refresh from upstream data providers, so a cleared profile is commonly re-listed within about a year, and a record removed from one broker can reappear from another. A single pass is a point-in-time action against a surface that keeps moving — which is why a cadence, not a bigger one-time push, is the rational response. What the studies actually measured →
Guardian and the Eraser
The Eraser reduces the surface; Guardian keeps it reduced. Guardian is offered to every completed Eraser client and assumes the reduction is already done — it maintains a cleaned surface rather than clearing a fresh one. If you have not reduced your exposure yet, start with the Eraser.
Core, Plus or Executive?
Core suits someone who wants quarterly maintenance of a reduced surface. Plus (recommended) suits an executive or founder who wants the surface actively managed month to month, with search-drift and impersonation checks. Executive suits principals and public figures whose advisors and security teams need analyst support on retainer.
Guardian FAQs
No. Guardian is an analyst retainer. We check agreed exposure surfaces on a schedule, verify changes by hand, act where a removal route exists, and send concise written reports. There is no dashboard for you to watch.
Only the minimum needed to run the next check: a minimal encrypted monitoring profile. Findings, screenshots, broker profiles, breach excerpts and working notes are purged after each cycle.
Recurring checks need stable reference points — names, aliases, emails, phone numbers, relevant addresses, public handles, and agreed family or executive-context identifiers. Without them, every cycle would restart data collection from zero rather than resume from a known baseline.
No. We treat hashed and pseudonymised data as protected personal data. Guardian uses keyed cryptographic fingerprints for change detection; the plaintext identifiers stay encrypted and offline.
Yes. At the end of the retainer your monitoring profile is deleted or returned to you, unless a legal obligation or a matter you have authorised requires temporary retention. Erasure is available at any time on request.