Exactis is a data aggregation company based in Palm Coast, Florida, that made headlines in 2018 when a security researcher discovered that its database of approximately 340 million records was left exposed on a publicly accessible server. If your information is in their database, here's how to get it removed.
What Is Exactis?
Exactis is a data broker that compiles and sells consumer and business data to marketers, advertisers, and other companies. Unlike people-search sites that let anyone look you up by name, Exactis primarily operates in the business-to-business space, providing data for marketing campaigns, lead generation, and audience targeting.
What makes Exactis particularly concerning is the depth of information it collects. The exposed database reportedly contained more than 400 data points per person, including phone numbers, email addresses, home addresses, interests, habits, the number and ages of children, religious affiliations, and even whether someone owns a dog or cat.
Why Exactis Matters
The 2018 breach exposed roughly 230 million consumer records and 110 million business contacts. Even if your data wasn't accessed by malicious actors during the breach, Exactis may still hold extensive personal information about you that it continues to sell to third parties.
What Information Does Exactis Have?
Exactis aggregates data from public records, commercial sources, surveys, and other data brokers. The types of information they may have on you include:
- Full name and aliases
- Home address and previous addresses
- Phone numbers (home, mobile, and work)
- Email addresses
- Age and date of birth
- Household income estimates
- Religious affiliation
- Interests and hobbies
- Pet ownership
- Number and ages of children
- Property information
- Smoking status and other lifestyle data
How to Opt Out of Exactis: Step-by-Step
Step 1: Locate the Exactis Privacy Page
Visit the Exactis website and navigate to their privacy policy page. Look for a section on consumer rights or data subject requests. The company is required to honor opt-out requests under various state privacy laws, including the California Consumer Privacy Act (CCPA) and similar legislation in other states.
Step 2: Submit a Data Deletion Request
Send an email to Exactis's privacy or compliance team requesting the deletion of your personal data. In your email, include:
- Your full legal name
- Your current mailing address
- Your email address
- A clear statement requesting deletion of all personal data associated with your identity
- Reference to the applicable privacy law in your state (such as CCPA, Virginia CDPA, or Colorado Privacy Act)
Step 3: Verify Your Identity
Exactis may ask you to verify your identity before processing your request. This is a standard practice to prevent unauthorized deletions. Be prepared to confirm your identity through a verification email or by providing additional details they can match against their records.
Step 4: Wait for Confirmation
Under most state privacy laws, data brokers have 30 to 45 days to process deletion requests. Keep a copy of your initial request and any confirmation emails you receive.
Step 5: Follow Up if Necessary
If you don't receive a response within 45 days, send a follow-up email referencing your original request. If the company still doesn't respond, you may file a complaint with your state's attorney general office.
California Residents: Use the Delete Act Platform
Starting in 2026, California residents can use the state's Delete Request and Opt-out Platform to request deletion from all registered data brokers, including Exactis, through a single submission. Starting August 1, 2026, data brokers must delete data within 90 days of receiving a request through this platform.
What to Do After Opting Out
Removing your data from Exactis is an important step, but it's just one piece of the puzzle. Your information likely exists across dozens or even hundreds of other data brokers. Here are additional steps to take:
- Opt out of other major data brokers like Acxiom, Epsilon, Oracle Data Cloud, and LexisNexis
- Set up ongoing monitoring to catch when your data reappears
- Check your information regularly because data brokers frequently refresh their databases from public records and commercial sources
Why Manual Opt-Outs Aren't Enough
The challenge with manually opting out of data brokers like Exactis is that your data can reappear. Data brokers constantly aggregate new data from public records, commercial transactions, and other sources. An opt-out you submitted six months ago may no longer be effective if your information was re-added from a different source.
This is why many privacy-conscious individuals turn to automated data removal services. PrivacyOn continuously monitors over 100 data broker sites on your behalf, submitting and re-submitting removal requests to ensure your personal information stays off these databases. With 24/7 monitoring and automated opt-outs, PrivacyOn handles the ongoing work of keeping your data private so you don't have to.
Frequently Asked Questions
Is Exactis still operating after the 2018 breach?
Yes, Exactis continues to operate as a data broker. The company faced regulatory scrutiny and lawsuits following the breach but remains active in the data aggregation industry.
How long does it take for Exactis to remove my data?
Under most state privacy laws, Exactis has 30 to 45 days to process your deletion request. However, processing times can vary depending on the volume of requests they receive.
Will my data stay removed permanently?
Not necessarily. Data brokers can re-acquire your information from public records and other sources. Regular monitoring and re-submission of opt-out requests is recommended to keep your data removed.
Can I opt out if I don't live in California?
Yes. While California has the strongest data broker regulations, many states now have privacy laws that give residents the right to request data deletion. Even in states without specific privacy laws, most data brokers will honor deletion requests as a matter of policy.