Who Owns the Companies That Delete Your Data?

In March 2024, Brian Krebs published the cleanest example of a structural conflict the privacy industry has ever produced. The CEO of Onerep — a service Mozilla bundled into Firefox to delete Firefox users' personal data from people-search sites — had founded dozens of people-search sites. One of them, Nuwber, was on Onerep's own removal list. The CEO admitted ownership of Nuwber but insisted there was "zero cross-over." Mozilla announced it was winding down the partnership the same week. ^[1]

Mozilla then kept selling Monitor Plus, powered by Onerep, for twenty more months. The service did not actually shut down until December 17, 2025. ^[2]

The data-deletion industry — DeleteMe, Incogni, Optery, OneRep, Aura, Norton's Reputation Defender, Kanary, Privacy Bee, and dozens of smaller players — sells one promise: pay us, and we will go to every data broker on the internet and tell them to forget you. It is a real service. It works, imperfectly. It is also an industry quietly consolidating into the same venture funds, conglomerates, and adtech-adjacent founders as the surveillance economy it claims to fight. This is who owns it.

The OneRep Problem: Selling the Antidote You Also Brew

OneRep's founder and CEO is Dimitri Shelest, originally from Minsk, Belarus. Krebs's investigation found Shelest's personal email associated with the registration of at least 179 domain names, including dozens of people-search sites targeting consumers in Argentina, Brazil, Canada, Denmark, France, Germany, Hong Kong, Israel, Italy, Japan, Latvia, and Mexico. Most were defunct. Nuwber.com was not. ^[1]

This matters because Onerep marketed itself to Mozilla, to Firefox users, and to subscribers paying roughly $100 a year as the company that would remove their information from sites like Nuwber. Shelest acknowledged keeping his Nuwber stake but said the two businesses had no operational overlap. ^[1]

Mozilla's public response was that "outside financial interests and activities of Onerep's CEO do not align with our values" and that it would "transition away" from the partnership. ^[3] The transition took roughly twenty months. In November 2025, Mozilla finally announced Monitor Plus would shut down on December 17, 2025, with prorated refunds to subscribers. The free Mozilla Monitor breach-alerts product continues. ^[2]

Onerep itself still operates, still sells subscriptions, and still appears on "best data removal service" comparison tables across the affiliate-marketing web.

DeleteMe: Founder-Run, VC-Backed, Buying Up Adjacent Tools

DeleteMe is the oldest player. It launched in 2011 and is operated by Abine, Inc., a Boston-based company co-founded by Rob Shavell, Andrew Sudbury, and Eugene Kuznetsov. Shavell still serves as CEO. ^[4]

Abine is venture-funded rather than private-equity owned. Crunchbase lists its institutional backers as Atlas Venture, General Catalyst, and PPP. ^[5] General Catalyst is a relevant name to remember — it also funded the joint venture that created Aura, another major identity-and-deletion service. The privacy-services VC pool is small.

In March 2026, DeleteMe acquired Block Party, the social-media privacy tool started by ex-Twitter engineer Tracy Chou. The acquisition turned DeleteMe from a pure broker-opt-out service into a platform absorbing adjacent privacy products. ^[4]

Incogni: A Surfshark Product Inside Nord Security

Incogni is the cheapest mainstream option ($7.99/month) and the most aggressively marketed. It is also not an independent company. Incogni was built inside Surfshark, the VPN provider, and launched as a separate brand in 2021–2022. ^[6]

Surfshark itself is no longer independent. In 2022, Surfshark completed a merger with Nord Security — the company behind NordVPN, NordPass, and NordLayer. The two brands operate under separate infrastructure but a single ownership structure. ^[7]

What that means in practice: when you buy Incogni, you are buying a product from the largest consumer VPN conglomerate in the world. Nord Security is privately held and does not publish a full investor list. The conglomerate's revenue model is subscription privacy services across VPN, password management, and now data deletion — a vertically integrated privacy stack. ^[8]

Optery: Adtech Veterans Building the Opt-Out

Optery was founded in 2020 in San Francisco by Lawrence Gentilello, Chen Atlas, and Dekel Barzilay. Gentilello is the CEO. His prior decade was spent at Oracle, BlueKai, and Accenture — three companies deep inside the consumer data and ad-targeting industries. Optery's origin story is that Gentilello was himself a victim of identity theft and pivoted from helping companies target consumers to helping consumers hide. ^[9]

Optery has raised roughly $6 million across two rounds. The 2023 seed round was led by Bayhouse Capital with participation from Y Combinator, Goodwater Capital, Global Founders Capital, Pioneer Fund, Soma Capital, and TRAC. ^[9] Optery claims coverage of 630+ data brokers — currently the largest claimed network of any service in the category — and is the one Mozilla reportedly considered as a OneRep replacement before deciding to wind Monitor Plus down entirely.

Aura: The WndrCo / General Catalyst Roll-Up

Aura is not a deletion service in the original Abine or Optery sense — it is an identity-theft-protection platform that includes data broker removal as one feature among many (credit monitoring, VPN, password manager, antivirus, parental controls). It is also one of the most acquisition-heavy entities in the space.

Aura's parent is Aura Sub, LLC. The company was formed by merging Intersections Inc. (the operator of Identity Guard) with a joint venture composed of iSubscribed, WndrCo, and General Catalyst. WndrCo is the holding company founded by former DreamWorks executive Jeffrey Katzenberg and ex-Dropbox CFO Sujay Jaswa; Jaswa chairs Aura's board. Hari Ravichandran is CEO. ^[10]

Aura subsequently acquired Pango — a privacy company owning Hotspot Shield VPN, Robokiller, and Identity Defense — bringing all of those products under one roof. ^[11] The Aura portfolio illustrates the consolidation trend: identity-protection products that started as independents are being assembled into vertically integrated suites.

Reputation Defender: Inside Gen Digital, the Privacy Conglomerate

Norton LifeLock acquired Reputation Defender in 2021. ^[12] A year later, Norton LifeLock merged with Avast to form Gen Digital, the public company (NASDAQ: GEN) that now owns Norton, Avast, AVG, Avira, CCleaner, LifeLock, ReputationDefender, MoneyLion, and GOBankingRates. ^[13]

Gen Digital sells "automatic data broker removal" as a feature of LifeLock Core, Advanced, and Total plans, scanning broker sites and submitting opt-out requests every 90 days. ^[12] The same parent company also operates CCleaner — software that was famously compromised in a 2017 supply-chain attack — and Avast, whose subsidiary Jumpshot was caught in 2020 selling browsing data from 100 million users to third parties before being shut down under regulatory pressure.

None of that disqualifies Gen Digital's current deletion product from working. It does mean the same conglomerate selling you data removal has a corporate history of monetizing browsing data through other arms.

Kanary: The Independent

Kanary was founded in 2019 in Chicago, received a Y Combinator grant, launched in 2020, and went through Mozilla's accelerator in 2021. The company raised a small seed round in 2022 and has stayed small and independent. ^[14] Its founder, Andrea Hoffman, has pitched Kanary as specifically built for people facing harassment, doxxing, and digital stalking — a narrower target than the mass-market services.

Kanary is the rare case of a deletion company with no major VC owner, no conglomerate parent, and no parallel adtech business. That also makes it the smallest of the named services.

Privacy Bee, PrivacyDuck, and the Long Tail

Privacy Bee, based in Florida and run by CEO Harry Maugans, is a hybrid removal service that adds breach monitoring and identity protection to broker opt-outs. ^[15] It is privately held with limited public ownership disclosure.

PrivacyDuck was founded in 2013 by William McAdam, who previously led the Executive Privacy product at Reputation.com — the predecessor to today's ReputationDefender. PrivacyDuck's public-facing presence has gone dark; its San Francisco location is listed as closed. ^[16] The trajectory — independent privacy startup founded by a Reputation.com veteran, eventually subsumed or shuttered while Reputation.com's lineage continued under Gen Digital — is a small picture of the consolidation pattern.

The Structural Pattern

Five things stand out across the industry:

1. The Same Investors Sit on Multiple Sides

General Catalyst funded both Abine (DeleteMe) and the joint venture that became Aura. Y Combinator backed both Optery and Kanary. The list of funds active in privacy is short, and the same funds are also active in adtech, identity verification, and consumer-data SaaS. There is no firewall between "privacy capital" and "surveillance capital." It is the same capital.

2. Consolidation Is Erasing Independent Brands

Incogni is a Surfshark product, Surfshark is a Nord Security product. Reputation Defender is a Gen Digital product, Gen Digital is the merged Norton-Avast public company. Aura absorbed Pango (Hotspot Shield, Robokiller, Identity Defense). DeleteMe absorbed Block Party. Independent founder-run deletion services are now a small fraction of the market.

3. Founders Frequently Come from the Industries They Now Oppose

Optery's CEO came from Oracle, BlueKai, and Accenture — three of the largest data and ad-targeting operations on earth. PrivacyDuck's founder built Reputation.com's premium tier before launching a competitor. The talent moves between sides of the same trade. That is not inherently bad — but it means "the company protecting you was built by the people who used to profile you" is the rule, not the exception.

4. Affiliate Marketing Distorts Recommendations

Almost every "best data removal service" comparison article on the internet is monetized through affiliate links. Optery pays a commission. Incogni pays a commission. DeleteMe pays a commission. The handful of services that pay the highest commissions tend to appear first across hundreds of independently published reviews. Reviewers disclose this — but the structural bias points in the same direction. (This site discloses its own affiliate relationships on individual service-review pages.)

5. The Most Damaging Conflict — OneRep — Took 20 Months to Unwind

Even after public, well-reported evidence that Onerep's CEO had founded the kind of sites Onerep claimed to remove, Mozilla — the closest thing the open web has to a mission-driven champion of user privacy — kept selling the product for almost two years. The replacement service was not another deletion vendor with a better track record. It was Mozilla discontinuing the paid tier entirely. That is a useful data point about how easily this industry inspires confidence.

The Public Alternative: California's DROP

On January 1, 2026, California's Privacy Protection Agency launched the Delete Request and Opt-Out Platform (DROP). It is free, government-operated, and authenticated through the state's identity gateway or Login.gov. A California resident submits one request; every data broker registered with the state (over 500 of them) is required to retrieve that request, delete the consumer's data, and stop selling or sharing it. ^[17]

The enforcement schedule:

• January 1, 2026 — Platform opens to California consumers.
• August 1, 2026 — Brokers must begin retrieving DROP deletion requests at least every 45 days and finalize determinations within 90 days.
• Brokers who fail to act face penalties of $200 per request per day. ^[17]

DROP only covers brokers registered in California — but California's broker registry is the most comprehensive in the country, and any data broker doing meaningful US business has reason to register. For California residents, DROP makes the case for paying a private deletion service substantially weaker for the registered-broker portion of the problem. People-search sites and the unregistered long tail still require the paid services (or manual opt-outs).

The adtech trade group Network Advertising Initiative has called authorized-agent providers — the private services that submit opt-outs in bulk — "snake oil," arguing they extract money for requests consumers could file themselves. The Electronic Privacy Information Center pushed back, noting that the criticism comes from an industry that has spent years making opt-out pages hard to find and re-listing deleted profiles within weeks. ^[18]

What to Do With Any of This

Related Reading

• How Data Brokers Build Your Profile: 10,000 Data Points Deep
• Data Brokers: Your Life for Sale
• BackgroundAlert: The People Search Site California Just Shut Down
• Data Removal Services Comparison: Which One Actually Works?
• Delete Yourself from the Internet (Advanced Guide)

References

1. Krebs, Brian. "CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms." KrebsOnSecurity, March 14, 2024. krebsonsecurity.com
2. Krebs, Brian. "Mozilla Says It's Finally Done With Two-Faced Onerep." KrebsOnSecurity, November 2025. krebsonsecurity.com
3. Krebs, Brian. "Mozilla Drops Onerep After CEO Admits to Running People-Search Networks." KrebsOnSecurity, March 21, 2024. krebsonsecurity.com
4. JoinDeleteMe. "About Us." Abine, Inc. joindeleteme.com
5. Crunchbase. "Abine — Company Profile & Funding." crunchbase.com
6. Incogni. "About Us." incogni.com
7. Surfshark. "Surfshark and Nord Security are getting aboard to secure people's digital lives." surfshark.com
8. Wikipedia. "Surfshark B.V." en.wikipedia.org
9. TechCrunch. "Optery using its new funding to evolve from data broker opt-outs to personal info platform." May 8, 2023. techcrunch.com
10. Aura. "Who owns Aura?" Aura Help Center. help.aura.com
11. PRNewswire / Aura. "Aura Acquires Digital Privacy and Security Company Pango." prnewswire.com
12. Norton / LifeLock. "Automatic Data Broker Removal." lifelock.norton.com
13. Wikipedia. "Gen Digital." en.wikipedia.org
14. Kanary. Company site. kanary.com
15. Business RadioX. "Harry Maugans, Privacy Bee." businessradiox.com
16. LinkedIn. "William McAdam — Founder & President, PrivacyDuck.com." linkedin.com
17. California Privacy Protection Agency. "Delete Request and Opt-Out Platform (DROP)." privacy.ca.gov
18. Electronic Privacy Information Center. "Don't Believe Data Brokers Saying Data Deletion Is Snake Oil." epic.org