Trust without taking our word

Independent attestation

Anyone can claim a 99% removal rate. We publish the methodology, the live numbers, and (when ready) the signed third-party audit so you can check our work.

What we attest to

Submission completeness
We submit a removal request to every applicable broker for a paid subscriber within 14 calendar days of their mandate signing. Measured as: (requests with status != queued) / (applicable brokers) per profile, rolling 30-day window.
Verified removal rate
Of brokers that returned a definitive disposition (not "no response"), the percentage that confirmed removal. Verified through inbound-mail classification and a post-removal scan (90-day window).
Evidence retention
Every state transition writes an immutable request_events row. Screenshots and broker replies are stored in a private bucket with SHA-256 content addressing. Customers can download a per-removal PDF certificate at any time.
PII handling
Customer PII (name, address, phone, email, date of birth) is processed only to submit and verify opt-outs. We never sell, rent, lease, or share it with third parties. Dates of birth are encrypted at rest.
Pause / cancel respected
When a subscriber pauses or cancels, the provisioning and recheck workers stop creating new requests against their profiles within one tick (max 5 minutes). Measured by querying optout_requests created_at > subscriptions.paused_at.

The complete, machine-readable claims list: /audit-kit/claims-list.md

Live metrics (verifiable right now)

Every claim above is backed by a number from our production database, served without authentication so anyone — including auditors and journalists — can verify it for themselves.

GET /api/public/audit-metrics.json

Cached for one hour. Returns success rate, median time-to-submission, % of paused subscriptions, sample sizes, and the timestamps used.

Audit reports

First audit underway

We have engaged an independent firm to attest to the claims above for the period ending Q3 2026. The signed report and the firm's methodology will appear here as soon as they are finalised — we will not pre-announce a date we cannot guarantee.

Want to follow the process? Subscribe to security updates.

Methodology

We measure each claim against production data using the queries documented in the audit kit. The auditor reproduces those queries against a frozen snapshot of our database during the attestation period and compares the result to the published metric.

RFP template — what we asked audit firms to commit to.
Claims list — canonical claims with the SQL each metric is defined by.
Pre-audit checklist — what we prepared so the attestation could begin.

The audit firm

Once engaged, the firm's name and credentials will appear here along with the signed scope document. We are evaluating firms with prior SOC-2 / ISAE 3000 attestation experience and direct exposure to data-broker / GDPR compliance work.

Ready to disappear from the brokers?

Run a free exposure scan and see how many brokers hold your data. No card required.

Start free scan