The problem with your data
You created it. Someone else owns it. That is the default.
When you sign up for a social media platform, a streaming service, a loyalty program, or a free app, you agree to terms of service that typically grant the company broad rights over the data you generate. Your posts, your photos, your location history, your purchase behavior, your political views, your health searches, your relationships โ all of it becomes an asset on their balance sheet.
This data is used to sell advertising, train AI models, sell to data brokers, share with business partners, hand to law enforcement, and in some cases sold when a company is acquired or goes bankrupt. The people whose data it actually is โ you โ are rarely informed and almost never compensated.
Custody means understanding what data exists about you, where it lives, who has access to it, and exercising your legal rights to control, correct, download, and delete it.
Your legal data rights
Laws in many jurisdictions give you rights over your personal data โ but you have to exercise them.
GDPR โ European Union
Strongest protectionThe General Data Protection Regulation gives EU residents the right to access their data, correct it, delete it (the "right to be forgotten"), restrict its processing, and port it to another service. Companies anywhere in the world must comply if they serve EU residents. Enforced with fines of up to 4% of global revenue.
CCPA โ California
U.S. strongest state lawThe California Consumer Privacy Act gives California residents the right to know what personal information is collected, the right to delete it, the right to opt out of its sale, and the right not to be discriminated against for exercising those rights. The strongest U.S. state privacy law.
U.S. federal law
Limited protectionThe United States has no comprehensive federal privacy law as of 2026. Sector-specific laws exist (HIPAA for health data, FERPA for education, COPPA for children's data) but there is no general right to access or delete your personal data under federal law unless you are in a state with its own law.
Other state laws
GrowingVirginia, Colorado, Connecticut, Texas, and several other U.S. states have passed comprehensive privacy laws modeled partly on CCPA. Check your state's Attorney General website to see what rights apply to you.
๐How to exercise your rights: most companies provide a privacy request form, usually found at the bottom of their website under "Privacy Policy" or "Do Not Sell My Data." If you are in the EU, companies are legally required to respond within 30 days. Document every request you send.
Download your data
Most major platforms let you download a copy of everything they have on you. Most people never do this.
Comprehensive
Download everything Google has collected: Gmail, Google Drive, Photos, Maps history, YouTube watch and search history, Chrome browsing data, location history, contacts, calendar, and more. Go to myaccount.google.com โ Data & Privacy โ Download your data. The file can be enormous.
Often surprising
Download your Facebook posts, messages, photos, ads you clicked, advertisers who have your contact list, your location history, your inferred interests, and more. Many people are shocked by the volume and detail. Settings โ Your Facebook Information โ Download Your Information.
Available
Download your tweets, DMs, likes, account information, and the demographic data Twitter has inferred about you. Settings โ Your Account โ Download an archive of your data.
Request required
TikTok collects extensive data including keystroke patterns, clipboard content, device information, and precise location. You can request your data through the app: Profile โ Settings โ Privacy โ Request your data. Data may take up to 30 days.
Amazon purchase and browsing history
Via privacy requestAmazon collects your full purchase history, browsing behavior, Alexa recordings (if applicable), and inferred preferences. Request your data at amazon.com/gp/privacycentral/dsar/preview.html. Alexa voice recordings can be reviewed and deleted separately in the Alexa app.
Apple data and privacy
Strong privacy postureApple collects significantly less data than other major tech companies and is more transparent about what it does collect. Request a copy at privacy.apple.com. Covers App Store activity, AppleCare, iCloud content, and device repair history. Apple's business model is selling hardware, not advertising.
Deleting accounts & data
Deactivating is not the same as deleting. Most platforms make deletion deliberately difficult.
When you "deactivate" an account, the data is typically retained. Platforms keep it in case you return, and often continue using it for advertising modeling even after deactivation. Permanent deletion โ where supported โ removes your public presence but does not always delete the underlying data from backups and partner systems. True deletion is often impossible to verify.
Directory of deletion links
Directory of direct links to account deletion pages for hundreds of services, rated by difficulty (Easy, Medium, Hard, Impossible). Saves significant time finding the right page. Shows which services make deletion difficult by design.
Find forgotten accounts
Scans your email inbox for account registration emails to show you every service you have ever signed up for. Useful for finding accounts you forgot you created. Review carefully before authorizing โ requires email access.
Send formal deletion requests
Your right under GDPR/CCPAUnder GDPR (EU) and CCPA (California), you have the legal right to request deletion of your personal data. Send a written request to the company's data privacy email (usually privacy@company.com). They must respond within 30 days (GDPR) or 45 days (CCPA) and confirm deletion or explain why they cannot comply.
What platform terms actually say
Terms of service are written by lawyers to protect the platform โ not you.
Nonprofit project that reads and grades the terms of service and privacy policies of major internet services so you don't have to. Grades services from A (good) to E (very bad) and highlights the most important clauses. One of the most useful tools for understanding what you actually agree to.
Common terms to watch for
Red flagsWatch for: "we may share your data with third parties," "we retain data after account deletion," "we may use your content to train AI models," "we may change these terms at any time without notice," and "by using this service you waive the right to class action lawsuits."
AI training on your content
Growing concernMany platforms have quietly updated their terms to allow using your posts, photos, messages, and other content to train AI models. Check whether your platforms have done this and whether there is an opt-out. Adobe, LinkedIn, Meta, and X have all faced backlash over such policies.
Your digital identity
Managing your online presence and protecting your reputation.
Search yourself regularly
Google your own name, phone number, and email address. Use image search on your profile photos. Know what is publicly visible about you so you can address it.
Lock down social media privacy settings
Review privacy settings on every platform. Who can see your posts? Your friends list? Your location? Your birthday? Default settings on most platforms are set to maximum data collection, not maximum privacy.
Use email aliases
Services like SimpleLogin and addy.io generate unique email aliases for each service you sign up for. If one gets sold or breached, you can delete that alias and trace who sold your address.
Opt out of people-finder sites
Sites like Spokeo, WhitePages, BeenVerified, and Intelius publish your address, phone, relatives, and more. Each has an opt-out process. Use JustDeleteMe to find the removal pages.
Limit what apps can see
Many apps request access to contacts, location, camera, and microphone that they do not need to function. Deny unnecessary permissions. A flashlight app does not need your contacts. A game does not need your location.
Regular digital hygiene
Once or twice a year: review app permissions, delete unused accounts, check data breach notifications, update passwords, and review what is publicly visible about you online. Treat it like changing your smoke alarm batteries.
Further reading
Essential
The Electronic Frontier Foundation's coverage of privacy law, surveillance, and digital rights. The most reliable ongoing source for understanding how your digital rights are being won, lost, and contested.
Policy & law
Washington D.C.-based nonprofit research center focused on privacy law and policy. Covers FTC enforcement, data broker regulation, facial recognition, and surveillance. Essential reading for understanding the legal landscape around personal data.
Consumer-focused
Consumer Reports covers privacy from a consumer protection angle โ product reviews that include privacy assessments, guides to privacy settings on major platforms, and coverage of data breaches. Accessible and practically focused.