● Guardian · Protective Intelligence Retainer

Keep your personal exposure from rebuilding.

Guardian is an annual analyst retainer for people who have completed exposure-reduction work and want their digital attack surface kept under management over time. We re-check what returns, act on it, and brief you only when something changes.

01 The driftPrivacy

Removal is not permanent. Broker records refresh, breach data resurfaces, search results shift, and household exposure drifts. Guardian exists because a one-time clean-up degrades from the day it completes.

Removal is measured, and it is incomplete

Independent testing is consistent on this. A 2025 PoPETs study measured the major automated removal services clearing an average of 48.2% of identified records in the first month — the majority were not removed. Consumer Reports' 2024 Data Defense study found manual opt-outs removed about 70% of people-search listings at four months, ahead of the best-performing automated service (68%) and well ahead of the weakest (27%). Two different methods, one conclusion: a single pass does not clear the surface, and what is cleared does not stay cleared. (Figures describe people-search removal specifically.)

Why cleared records come back

People-search platforms rebuild from upstream sources, so a removed profile is commonly re-listed within about 12 months. The broker market is not one database but a supply chain: the EDPB's 2026 Support Pool of Experts study on data brokers describes a fragmented market across eight categories, where a record can disappear from one broker and reappear — cloned or refreshed — from another. Removing a record is a point-in-time action against a surface that keeps moving. Why opt-outs bounce back →

The rational response is periodic review, not a bigger one-time push

This is the same logic information-security teams apply to any exposure: risk is not fixed after a single assessment, so the surface is re-checked on a cadence. The Eraser already includes a 90-day re-scrub for exactly this reason — it catches the first wave of reappearance. Guardian extends that cadence indefinitely: each cycle re-checks the surface, re-removes what has returned, and records how often it returns.

Haven't reduced your exposure yet?

Start with the Eraser. Guardian maintains a reduced surface — it does not replace the reduction.

02 The cycleInsights

Guardian is an analyst retainer, not a dashboard. Each cycle runs the same verified pipeline as our investigations, then acts and purges. You are not buying software; you are buying judgement applied on a schedule.

What a cycle does

Each review cycle follows the same sequence:

1Load the monitoring profileThe minimal set of identifiers we hold to re-run your checks — the reference points every cycle resumes from.
2Re-run the agreed checksAcross the broker, credential, search and impersonation surfaces defined for your tier.
3Verify and classify by handEvery candidate is confirmed manually and classified — resurfaced, new, unchanged, or a false positive.
4Act where a route existsSubmit or escalate removals wherever a lawful removal path is available.
5Report — and brief you only when it mattersA concise written update every cycle; a direct call only when something material has changed.

This inherits our standard investigation pipeline — Discovery, Cross-reference, Verification, Report — and adds three things a one-off audit does not: recurrence, action, and a purge after every cycle.

What we keep, and what we purge

Guardian keeps only what is strictly necessary to run the next cycle: a minimal encrypted monitoring profile, a pseudonymous service ledger, and keyed cryptographic fingerprints that let us detect whether a record has reappeared without keeping the record itself. Everything else — findings, screenshots, broker responses, working notes — is purged within 48 hours of each cycle's delivery, exactly as in our one-off work. Every cycle closes with a purge receipt: a content-free confirmation of what was purged and the categories retained. Full model: Data Purge Policy, Section 4.

This cycle: 11 candidate findings, 4 verified, 3 removals actioned, 0 findings retained after purge. The ledger holds status history and keyed fingerprints only.

03 The tiersSolutions

One product, three intensities. Core maintains a reduced surface; Plus manages it actively; Executive adds protective-intelligence support for principals and their advisors.

Guardian CoreGuardian PlusRecommendedGuardian Executive
Price / year€2,400€4,800from €9,600
PositioningMaintainManageProtect + advise
Cycle cadenceQuarterlyMonthlyMonthly + event-driven
Broker / people-search re-scrubQuarterlyMonthlyMonthly
Dark-web credential re-scanQuarterlyMonthlyMonthly
Annual Mirror re-audit
Advisory callQuarterlyQuarterlyQuarterly + event
Written cycle summaryQuarterlyMonthly / bi-monthlyMonthly brief
Search-result drift checkMonthlyMonthly
Impersonation / lookalike checksMonthlyMonthly
New-broker discovery reviewMonthlyMonthly
Household / family reviewTwice yearlyQuarterly or event-driven
Priority support24–48h acknowledgement12–24h triage
Pre-travel / event / media / transaction checksDefined allowance
Custom threat-monitoring termsScoped at intake
Analyst-on-retainer hoursDefined annual allowance
Family-office / counsel / security coordinationWithin defined hours

Core is quarterly maintenance, not "continuous protection." Executive does not include a 24/7 promise — response windows are defined, not always-on.

Who each tier is for

Guardian Core €2,400/yr

Completed Eraser clients who want to keep a reduced surface from rebuilding.

Guardian Plus €4,800/yr · recommended

Executives, founders and public-facing professionals who want the surface actively managed month to month. Entry after the Eraser, or the Shield.

Guardian Executive from €9,600/yr

Principals, public figures, family offices, and the advisors and security teams responsible for them. Entry after the Shield or a Family Office engagement — the retained form of the Shield's protective-intelligence posture.

What Guardian does not do

No device forensics · no penetration testing · no account access · no buying data from brokers or forums · no storing leaked passwords · no suppression of legitimate journalism · no reputation manipulation · no 24/7 physical-security response · no continuous surveillance of family members · no removal guarantee where no lawful basis exists.

Coming from the Shield? Guardian Executive

The Shield is protective intelligence run as a project — the "active concern" stage. Guardian Executive keeps that same posture on retainer: the surface, the impersonation and event-driven checks, and analyst hours held open for you and your advisors. It is the ongoing form of the Shield, not a second Shield.

Detail & positioning

The Guardian retainer, in detail

A retainer, not a monitoring subscription

Monitoring tools send you alerts and leave the work to you. Guardian is the opposite: an analyst runs the agreed checks, verifies each candidate by hand, submits or escalates removals, and sends you a short written summary. The judgement — what matters, what to act on, what is noise — is the product. There is no dashboard to watch.

Why a one-time removal degrades

People-search platforms refresh from upstream data providers, so a cleared profile is commonly re-listed within about a year, and a record removed from one broker can reappear from another. A single pass is a point-in-time action against a surface that keeps moving — which is why a cadence, not a bigger one-time push, is the rational response. What the studies actually measured →

Guardian and the Eraser

The Eraser reduces the surface; Guardian keeps it reduced. Guardian is offered to every completed Eraser client and assumes the reduction is already done — it maintains a cleaned surface rather than clearing a fresh one. If you have not reduced your exposure yet, start with the Eraser.

Core, Plus or Executive?

Core suits someone who wants quarterly maintenance of a reduced surface. Plus (recommended) suits an executive or founder who wants the surface actively managed month to month, with search-drift and impersonation checks. Executive suits principals and public figures whose advisors and security teams need analyst support on retainer.

Questions

Guardian FAQs

No. Guardian is an analyst retainer. We check agreed exposure surfaces on a schedule, verify changes by hand, act where a removal route exists, and send concise written reports. There is no dashboard for you to watch.

Only the minimum needed to run the next check: a minimal encrypted monitoring profile. Findings, screenshots, broker profiles, breach excerpts and working notes are purged after each cycle.

Recurring checks need stable reference points — names, aliases, emails, phone numbers, relevant addresses, public handles, and agreed family or executive-context identifiers. Without them, every cycle would restart data collection from zero rather than resume from a known baseline.

No. We treat hashed and pseudonymised data as protected personal data. Guardian uses keyed cryptographic fingerprints for change detection; the plaintext identifiers stay encrypted and offline.

Yes. At the end of the retainer your monitoring profile is deleted or returned to you, unless a legal obligation or a matter you have authorised requires temporary retention. Erasure is available at any time on request.

Reduction is the project. Guardian is the maintenance.

An annual analyst retainer that keeps a reduced exposure surface under management — re-checking what returns, acting on it, and reporting only what matters.

Annual fee upfront on activation · offered to every completed Eraser client