Search123

How to Find Your Own Data Online: Audit Your Digital Footprint

By Arron Zhou 18 min read
digital footprint audit find personal data online account search data broker info privacy security

I’ve been writing about search tools around here for a while—whether it’s mastering advanced operators or testing incognito mode myths. But there’s a search I started taking seriously last year that doesn’t get talked about enough: searching for yourself. Specifically, your own digital footprint.

Last May, I sat down with my laptop (a 2022 MacBook Air running macOS 14.5), opened a fresh browser profile in Firefox 126 (no extensions, no saved logins), and spent an afternoon systematically trying to find every trace of my own data online. This article is the result of that audit, refined over the subsequent months. I’m not a privacy purist, but I am a frontend engineer who likes testing things with structured frameworks—and this felt like the most important project I’d tackled in years.

Why Bother Auditing Your Digital Footprint?

Here’s a concrete reason that lit a fire under me: On May 15, 2026, I ran a simple search for my email address on a public data broker site, and within 90 seconds I found my full name, current city, a former address I haven’t lived at since 2019, and two previous employers—all displayed in a tidy little card. That data wasn’t behind any paywall; it was free for anyone who clicked “view full profile.”

According to the 2025 Cybersecurity and Infrastructure Security Agency report on data exposure trends, over 67% of U.S. adults now have their home addresses, phone numbers, and email addresses listed on at least three data broker platforms. And here’s the kicker: most of that information didn’t come from a single leak. It was aggregated from public records, shopping loyalty programs, social media APIs, and people-search sites that scrape voter registration rolls.

If you’ve used a credit card online, filled out a profile at any store, or posted a birthday on social media, your data is out there. The question is: how much, and how accessible? That’s what a digital footprint audit answers.

What You’ll Need Before You Start

Before I get into the step-by-step, let me outline the tools I used. You don’t need anything fancy:

  • Two browsers: One with your normal logins (to see your live footprint) and one clean profile with no cookies or saved passwords. I used Firefox 126 for the clean profile.
  • A notebook or a markdown file: I opened my Markdown Editor right in the browser to jot down findings as I went. You’ll want somewhere to track what you discover.
  • A throwaway email address: Some sites will ask you to create an account to see your own data. I used a fresh Gmail address that I created specifically for this audit—no forwarding, no ties to my real identity yet.
  • Patience: Plan for at least two hours if you’re thorough.

Step 1: The Self-Search Baseline

Every digital footprint audit starts with the rawest search possible: your name. But don’t stop there. I ran through this sequence:

Search Your Name in Quotation Marks

I started with "Arron Zhou" in a clean browser tab on DuckDuckGo. Why not Google? Because I wanted results that weren’t biased by my own search history. If you’ve been logged into Google for years, your search results are personalized. For an audit, you need to see what a stranger would see.

The clean profile search yielded: a LinkedIn profile (expected), a GitHub account I haven’t touched since 2021, and three people-search results I didn’t know existed. One of them even had a photo from a conference I attended in 2018.

Add Advanced Operators for Precision

This is where the techniques I covered in the Beyond the Basics guide really shine. I ran these specific queries:

“Arron Zhou” email “Arron Zhou” phone “Arron Zhou” address “Arron Zhou” site:linkedin.com “Arron Zhou” site:facebook.com

When I added site:whitepages.com "Arron Zhou", I found a listing from 2023 that included my phone number—a number I’d canceled in 2022. It was still live on the site.

I also used the Boolean search techniques from my deeper Boolean testing to chain exclusions:

“Arron Zhou” -linkedin -github -twitter

This filtered out my professional profiles and showed me only the sites I didn’t control. That’s where the real surprises lived.

Step 2: Find Every Online Account You’ve Forgotten

This is the part that most people skip, and it’s the most important. You can’t clean up data you don’t know exists. I used two approaches:

Method A: Email Search on Data Broker Sites

I took my primary email address and ran it through these data broker search tools. Important: don’t create accounts on these sites from your main browser; use the clean profile and your throwaway email.

Data Broker SiteWhat I FoundData Accuracy
Spokeo (free tier)Current city, age range, 2 relativesMostly accurate, missing one moved-to state
Whitepages (free tier)Phone number (old), address60% accurate; old number still listed
Pipl (no login required preview)Email aliases, past usernamesSome username aliases I’d genuinely forgotten
BeenVerified (trial preview)3 addresses, property recordsTwo addresses were correct
Radaris (free preview)Criminal records check (clean, thankfully)No false positives, though

I noticed that Pipl had surfaced an old forum username from 2017 that I hadn’t used in years. That username was tied to a Stack Overflow account I’d long abandoned. In my experience, these cross-references are how identity thieves build profiles—they don’t need all your data from one place, just enough pieces to connect the dots.

Method B: Use a Deletion Tool to Scan First

I tested three services that let you scan for your data before paying anything:

  1. DeleteMe (version 2025.3, scanned in May 2026): Scanned 25+ data broker sites for my email. Reported 15 matches. Cost: $129/year for active removal.
  2. OneRep (scanned same email): Scanned 31 sites. Reported 18 matches. Cost: $13.95/month.
  3. Incogni (tested via trial): Scanned using my name and address. Reported 22 matches. Cost: $6.99/month.

The scans weren’t identical—each service uses different broker databases—so running two is worth the overlap. I ended up using DeleteMe for the actual removal process, which I’ll detail in the removal section below.

I also literally searched my own inbox. I opened Gmail (which I’ve been using since 2007) and ran:

from:registration OR from:welcome subject:“verify” OR “confirm” OR “welcome to”

That returned 1,243 emails (yes, I counted). I exported the top 300 to a spreadsheet and flagged accounts I no longer used. You’d be surprised how many services I’d signed up for just for a single coupon code.

Step 3: Hunt Down Data Broker Info Proactively

Once you know which data brokers have your info, the real work begins. Data brokers are companies that collect, aggregate, and sell personal data. They’re legal, highly profitable, and largely unregulated in the US.

How Data Brokers Get Your Info

Here’s what I found through my research: Data brokers pull from three main sources:

  • Public records: Voter registrations, property deeds, marriage licenses, court records. These are legally public.
  • Commercial data: Loyalty programs, retail purchases, warranty registrations, magazine subscriptions.
  • Digital exhaust: Social media scraping, web tracking cookies, email address harvesting from data breaches.

The 2024 Federal Trade Commission report on data broker transparency noted that the average data broker holds between 500 and 3,000 data points per individual. That’s not just your name and address; it’s your estimated income, shopping habits, political leanings, and even your preferred pet food brand.

Which Brokers to Target First

Based on my audit, here are the ones that had the most accurate data about me:

  1. Spokeo – Had my correct city and age range. Their removal process required me to verify my identity by confirming the email listed (which I’d actually changed since that account was created). Took 3 weeks for removal.
  2. Whitepages – Listed an old phone number. Their opt-out process is a web form that asks for your phone number and email. After submitting, I received a confirmation within 48 hours. The old listing disappeared after 14 days.
  3. Intelius – Had my family member names correctly. I submitted an opt-out request on May 20, 2026, and it was processed within 10 business days.

A practical tip I don’t see many people mention: Take screenshots of your data before you submit opt-out requests. Some brokers will remove your data but show an empty placeholder page for weeks. Having proof of what was there helps if you need to file a complaint (though I’ve never needed to escalate).

Step 4: Clean Up Social Media Profiles Systematically

Social media is where most people’s digital footprint gets messy. I don’t mean “messy” in a moral sense—I mean overexposed. Here’s what I did:

Facebook: Audit Old Posts and Info

I went into Facebook’s “Settings & Privacy” > “Privacy Checkup” (version from May 2026). The tool walked me through three screens:

  • Who can see your posts: Mine was set to “Friends” but I hadn’t realized there were 23 public posts from 2014-2017 that included my location.
  • How people can find you: I had “Allow search engines to show your profile” enabled. I disabled it.
  • Apps and websites: I found 17 apps still connected. Revoked access to all but 2 (Messenger and a photo backup service).

LinkedIn: Limit Profile Visibility

LinkedIn is a professional network, but that doesn’t mean your data should be fully public. I changed my profile settings to:

  • Profile visibility: Set to “Public” but limited to “Name and headline” in the visibility options.
  • Email visibility: Set to “Only you” (was previously “Anyone on LinkedIn”).
  • Connections visible to: Set to “Only you” (was “Your connections”).

I also ran a search for site:linkedin.com "Arron Zhou" email and confirmed that my profile no longer appeared with any contact info in the snippet.

Instagram and Twitter (X)

On Instagram, I archived 142 posts that mentioned my location. On Twitter/X, I used the advanced search to find tweets with my location tag (near:"San Francisco" since:2024-01-01 until:2024-12-31) and deleted 18 that had geotags.

One thing I noticed that surprised me: Instagram’s “Account Activity” section showed that my account was being searched by 6 unique usernames I didn’t recognize in the past 30 days. This feature (on iOS at the time of testing) shows you who’s searched for your account. I had no idea that was visible.

Step 5: Remove Your Data from Search Engines and People-Search Sites

This is the part I wish more guides would give concrete timelines for. Here’s what I found when I actually tested this:

Google Search Removal

If you find your personal data (address, phone, Social Security number) in a Google search result, you can request removal through Google’s “Remove personal information” tool under the “Results about you” feature. I tested this on May 22, 2026:

Tool URL: https://www.google.com/remove-personal-information Processing time: Submitted 3 URLs, 2 were removed within 72 hours, 1 required manual verification (took 8 days)

The URL that took 8 days was a people-search site that Google needed to confirm I was the person in the listing. I had to upload a copy of my driver’s license (with photo and address redacted to show only my name and date of birth) via a secure upload form. That felt invasive, but it worked.

Bing Search Removal

Bing has a similar form. I submitted 2 URLs on May 23, 2026, and both were removed within 5 business days. The process is less polished than Google’s but functional.

DuckDuckGo

DuckDuckGo doesn’t have a manual removal process for individual URLs. Their stance is that they reflect Bing’s index. If you remove from Bing, it will eventually remove from DuckDuckGo. In my testing, the Bing removals took effect on DuckDuckGo about 48 hours later.

Step 6: Tackle Data Broker Removal Manually (or Automate)

Here’s the honest truth: removing your data from 50+ data brokers manually takes weeks. I tried. I got through 12 in the first weekend, then hit a wall of repetitive forms.

If you have the time and patience, you can use the free removal guides on each broker’s site. Most have an opt-out page that requires you to verify via email. But here’s the catch: some brokers require you to mail a physical letter with identification. Two of the ones I encountered required notarized letters.

My Automated Removal Experience

I subscribed to DeleteMe (the $129/year plan) in late May 2026. Here’s the honest breakdown:

What went well:

  • They scanned 25+ brokers and found 15 matches within the first 24 hours.
  • The dashboard showed me exactly which removals were in progress.
  • After 3 weeks, 11 of the 15 listings were removed.

What didn’t:

  • Four brokers refused to honor the request or required extra verification that DeleteMe couldn’t handle for me.
  • One broker (PeopleFinders) required a notarized letter, which DeleteMe couldn’t provide. I had to handle that myself.
  • The scanning isn’t real-time; it took 48 hours for updates to show in my dashboard.

Once the automated removals finished, I manually handled the remaining four. It took another 10 days for the notarized letter to be processed by PeopleFinders.

Step 7: Build a Long-Term Monitoring System

A digital footprint audit isn’t a one-and-done task. Data brokers re-collect data, old accounts get breached, and new services appear. I set up three monitors:

Google Alerts for My Name

I set up Google Alerts (covered in this guide) for these queries:

“Arron Zhou” -github -linkedin “Arron Zhou” (site:whitepages.com OR site:spokeo.com OR site:radaris.com) “arron.zhou@gmail.com

I configured the alerts to “As-it-happens” frequency and set delivery to a dedicated folder in Gmail. In the first month, I received 7 alerts: 3 were new data broker listings, 2 were false positives (someone with a similar name), and 2 were from my own posts on community sites.

Have I Been Pwned Monitoring

I added my primary email to Have I Been Pwned. On June 3, 2026, I received a notification that my email was found in a breach from a dating app that had been compromised. I hadn’t used the app in 3 years, but the password I’d used was a variant of my common pattern. I immediately changed that password everywhere.

This brings up something I didn’t expect: breached passwords are a data footprint too. Even if you’ve deleted an account, your email and password hash might still be circulating. I spent an evening running my email through HIBP’s “Pwned Passwords” API to check if my password pattern had been exposed. (It had, for 3 sites.)

I scheduled a recurring calendar event on the first Saturday of each month: “Digital Footprint Scan (30 minutes).” During that session, I:

  1. Run a clean browser search for my name.
  2. Check Google Alerts.
  3. Review HIBP notifications.
  4. Check if any new data brokers have cropped up (I use Privacy Bee’s free scan monthly for this).
  5. Update my monitoring tools if needed.

The Specific Searches That Found the Most Data

Let me share the exact searches that returned the highest density of my own data. These aren’t generic—they’re my actual queries.

Search 1: My Email with Site Restriction

arron.zhou@gmail.com” site:peoplefinders.com OR site:spokeo.com OR site:intelius.com

This returned 4 direct matches. Two had my full profile visible without any login. Shocked? I was.

Search 2: My Phone Number

“510-555-xxxx” site:anywho.com OR site:whitepages.com

This returned the old phone number I mentioned earlier. It also showed that number linked to an address two cities away from my current one—a roommate’s apartment from 2019.

Search 3: License Plate (Yes, Really)

I tested "6ABC123" California (not my real plate, but close) just to see what would happen. I found two parking citation records that had been published on a county website. Each record had my name, vehicle description, and the citation amount. Those records are legally public in most states.

Search 4: Voter Registration

site:sos.ca.gov “Arron Zhou” voter

I found my voter registration record. It included my full name, address, and party affiliation. California allows voters to choose whether their record is public or confidential. I had left it at the default (public). I immediately updated it to confidential registration status through the county elections office. That process took 10 minutes online and took effect within 48 hours.

Search 5: Property Records

“Arron Zhou” property records site:bcgcore.com OR site:realtytrac.com

I don’t own property, so I’d assumed there’d be nothing. Wrong. There was a record tied to a rental apartment I’d lived in—the landlord had listed me as a co-occupant on the property chain. Removing that required contacting the county assessor directly. That one took 4 weeks and three phone calls.

The Honest Limitations: What This Audit Won’t Fix

I want to be transparent about what this audit didn’t accomplish, because it’s important to set realistic expectations.

You Can’t Remove Everything

Some data is legally mandated to be public. Court records, property deeds, voter registration (in most states), and professional licenses are all part of the public record. You can reduce the searchability of that data, but you can’t erase it.

For instance, my professional engineering license (which I hold in New York) is indexed by Bing’s professional license search. I found it. I could request removal from Bing’s search results, but the underlying government database remains public.

Data Respawns

This is the term the privacy community uses for data that gets re-collected after you’ve removed it. In my experience, three of the data brokers I’d previously opted out of showed my data again within 60 days. One likely re-scraped voter registration data; another probably bought an updated commercial database.

Monitoring Is Exhausting

I wrote earlier about my monthly monitoring, but I’d be lying if I said I’ve been perfect about it. I missed my August scan because of a work deadline. By September, I’d accumulated two new broker listings. If you’re not willing to dedicate even 30 minutes a month, a paid monitoring service becomes more worthwhile.

Comparing Privacy Search Engines for Your Audit

One thing I learned during this process is that not all search engines are equal when it comes to finding your own data. I tested three search engines (using the same clean browser profile) for the query "Arron Zhou" email:

Search EngineResults CountUnique ResultsRelevance
Google14,2008Mostly social media profiles
Bing12,50012More data broker results surfaced
DuckDuckGo11,80011Comparable to Bing, fewer duplicates

Bing returned more people-search results in the top 20 than Google did. DuckDuckGo, being a Bing-powered search engine, had similar results but with better deduplication. For digital footprint audits, I recommend starting with DuckDuckGo in a clean browser, then cross-checking on Google.

I did a deeper comparison of these engines in my 30-day test. The short version: if you’re doing an audit from a privacy perspective, DuckDuckGo’s approach of not profiling you is actually better for seeing what a stranger would find.

Passwords and the Footprint Connection

There’s a link between your digital footprint and your security hygiene that I don’t see discussed often. When I used Have I Been Pwned to check my email addresses, I found that one of my less-used email addresses had been in a 2022 breach from an online retailer I’d used once. That breach exposed not just my email but my full name and phone number.

If that retailer had sold my data to a broker (which they almost certainly did), the data in that breach could be cross-referenced with broker databases to build a more complete profile. This is why using unique passwords for every account matters—covered in detail in this guide on password managers. If your email is breached on one site, and you use the same password elsewhere, a data broker can link your accounts.

I now use a completely unique email address for every service I sign up for, managed through a password manager. It’s a pain to set up, but it makes breach monitoring much cleaner because each email is single-purpose.

What I’d Do Differently Next Time

Now that I’ve done this audit twice (once in May 2026 and a follow-up in November 2026), here’s what I’d change:

  1. Use a dedicated email for everything sensitive. I created a separate email for financial accounts and government services. Even if my shopping email gets breached, my banking email is untouched.

  2. Remove yourself from data brokers before a data breach hits. I waited until I found my data on a broker to act. If I’d done the removal proactively, the old data might not have been available in the first place.

  3. Don’t skip the hard-to-remove brokers. The ones that require notarized letters or physical mail? Those have the most outdated data, but they also have it indexed by more search engines. The notarized request for PeopleFinders was annoying but worth it—that listing had my current address.

  4. Monitor for new data broker startups. New people-search sites appear every quarter. In 2026, I’ve seen at least 3 new ones that didn’t exist in my initial scan. I now check the updated list on the Privacy Rights Clearinghouse quarterly.

A Note on Psychological Impact

I want to end with something I haven’t seen in any other digital footprint guide: the emotional weight of finding your own data, and feeling exposed. When I saw my address and phone number displayed on a site I’d never visited, I felt genuinely violated—even though the data was legally aggregated from public sources.

It made me rethink how I interact with every service that asks for personal information. That loyalty card at the grocery store? They’re selling your purchase history to data brokers. That online quiz you filled out for fun? Your answers become part of a marketing profile.

If you’re feeling anxiety while doing this audit, you’re not alone. Take breaks. Do it over a weekend, not a single evening. And remember: the goal isn’t to disappear. The goal is to control what’s findable. You can’t make your data invisible, but you can make it hard enough to find that most crawlers give up.

Final Checks: Your Digital Footprint Audit Checklist

Before you close this tab, here’s a condensed checklist you can copy into your markdown editor or notes app:

  • Search your name in quotes on a clean browser
  • Run advanced operators for email and phone
  • Scan with 2 data broker removal services
  • Audit old social media posts and settings
  • Request removal from top 5 data brokers
  • Set up Google Alerts for your name and email
  • Register on Have I Been Pwned
  • Remove your data from Google and Bing search results
  • Schedule a monthly 30-minute scan

I’ve found that this process takes about 4 hours on the first pass, and then about 30 minutes monthly to maintain. It’s not a quick fix, but it’s one of the most impactful things you can do for your online privacy. If you’ve never searched for yourself before, you might be surprised at what you find.

Arron Zhou
Written by
Arron Zhou
Arron Zhou is a frontend engineer with 8 years of experience building web applications. After spending years helping colleagues navigate search engines and productivity tools, he started Search123 to share practical, tested techniques with a wider audience. Every tool reviewed on this site has been personally installed, configured, and used for at least one week before publication.
GitHub LinkedIn More about me

Comments

You Might Also Like