Privacy7 min read

How to Use California's DROP to Delete Yourself From Every Data Broker at Once

By Scott, Clearfront founder

DROP is a free California state platform that lets any California resident send a single deletion request to every registered data broker at once, more than 600 of them. You submit one verified request at privacy.ca.gov/drop, and from August 1, 2026 brokers are legally required to find your records and delete them, then keep deleting on a rolling basis. Here is who can use it, exactly what it does and does not cover, and how to file a request.

What is California's DROP?

DROP, the Delete Request and Opt-out Platform, is a free service run by the California Privacy Protection Agency under the 2023 Delete Act. It lets a California resident make one verified request that reaches every data broker registered in the state, instead of filling in hundreds of separate opt-out forms. It went live for consumers on January 1, 2026.

The scale is the point. Data brokers that do business in California must register with the state each year, and DROP forwards your single request to all of them, currently over 600. Before DROP, opting out meant tracking down each broker and completing its own form, then repeating the whole thing months later when your listing reappeared.

What does DROP actually do?

One request tells every registered broker to delete the personal information it holds on you and stop selling it. It is not a single sweep that finishes and forgets you: brokers have to return to DROP on a schedule and re-process, so listings that creep back get deleted again.

  • -Sends your deletion request to every data broker registered with California, currently more than 600
  • -Requires each broker to delete the personal information it holds on you, including the inferences it has drawn about you
  • -Tells brokers not to sell or share your data going forward
  • -Keeps working over time: brokers must come back to DROP and re-process on a fixed cycle, so re-added listings are caught

When do data brokers have to act?

You could start submitting requests on January 1, 2026, but the hard deadline for brokers is August 1, 2026. From that date, the state says data brokers must delete your data within 90 days, and must return to DROP at least once every 45 days to pick up new requests and delete again.

This is enforced, not voluntary. Under the Delete Act, a broker that fails to process valid deletion requests faces administrative fines that accrue for each request, for every day it stays out of compliance, a structure built to make ignoring you more expensive than complying. The California Privacy Protection Agency runs both the registry and the enforcement.

Who can use DROP, and what do you need?

DROP is for California residents only, and it is free. You verify your residency through California's digital identity system, then give brokers the basic details they need to match you to their records. You choose how much to share, and your information is only used to complete the request, not sold or reused.

  1. 1.Go to privacy.ca.gov/drop and start a request
  2. 2.Verify you are a California resident through the state's digital identity check
  3. 3.Enter the basic identifying details brokers need to find you, sharing as little or as much as you want
  4. 4.Submit once. The single request then applies to every registered broker.

What DROP does not cover

DROP is powerful but narrow. It only reaches companies that meet California's legal definition of a data broker and have registered. It does nothing about the many other places your information sits, and it cannot help you if you do not live in California.

  • -The original public records, property, court, and voter files that brokers scrape from in the first place
  • -Google and other search results showing your name, address, or phone number
  • -Breach dumps and leaked credentials already circulating
  • -Companies you deal with directly, like your bank or a retailer, which are not brokers
  • -Brokers that operate outside California or fail to register

What if you are not in California?

You cannot use DROP, but the same brokers hold your data too, and the manual route still works. Search your name on the big people-search sites and submit each opt-out, or use a paid removal service to automate it. Other states are moving the same way: Connecticut has expanded its data broker rules and is building its own version of DROP, so a national patchwork is forming.

The step-by-step opt-out pattern that works on most broker sites is in how to remove yourself from data broker sites, and the paid versus DIY tradeoff is covered in DeleteMe vs Incogni vs doing it yourself.

The step everyone skips: know what to delete

DROP is the biggest single lever Californians have ever had over data brokers, but it only reaches the brokers that register, and it works best when you already know what is exposed. Before you file, and after, it helps to see the actual footprint a broker request should target: the addresses, phone numbers, relatives, breached logins, and forgotten accounts tied to your name across public sources.

Clearfront scans that digital footprint in one sweep on your own machine, no cloud and no third party reading anything, and an AI security analyst reports what is publicly exposed and what to clear first. Install Clearfront free to see what your DROP request should aim at, or get the free removal guide to work through DROP and the sites it misses.

Frequently asked questions

Is California DROP free?
Yes. The California Privacy Protection Agency never charges to use DROP. You verify your residency through the state digital identity system and submit one request that applies to every registered data broker.
When do data brokers have to delete my data under DROP?
From August 1, 2026, registered brokers must delete your data within 90 days and return to DROP at least once every 45 days to process new requests and delete again. Consumer submissions opened on January 1, 2026.
Does DROP remove me from Google or public records?
No. DROP only reaches registered data brokers. Google results, government public records, and breach dumps each have a separate removal route and are not touched by a DROP request.
Can I use DROP if I do not live in California?
No. DROP is limited to California residents. Elsewhere you can still opt out of the same brokers manually, or use a paid removal service, and states like Connecticut are building their own equivalents.

I believe your personal data is yours to own and protect. I built Clearfront, a free, open-source tool for scanning and scrubbing your own digital footprint from public data, and I write here about OSINT, breach exposure, and personal privacy.

Scott

Clearfront founder