A Private Life,
Restored.
Your personal data is scattered across data brokers, AI training sets, and dark-web dumps — without your consent. Enter your details once; Aletheos scans all three surfaces in parallel, deploys forensic honey tokens for early-warning detection, and produces court-ready evidence bundles with SHA-256 chain-of-custody.
Global detection. Local reporting. Absolute discretion.
Your Personal Data Is Exposed Right Now
Every day, your name, email, phone number, passwords, and financial details are bought, sold, leaked, and memorised by AI systems — all without your knowledge.
Major breaches at LinkedIn, Equifax, and T-Mobile have exposed billions of credentials. If your email has ever been in a breach, attackers are using your passwords right now to access your bank, email, and social media accounts.
Over 4,000 data brokers legally sell your name, address, phone number, date of birth, and family connections to anyone who pays. Spokeo, BeenVerified, Radaris — they all have your file, and they profit every time someone looks you up.
ChatGPT, Gemini, Grok, and 20+ other AI systems were trained on data scraped from the internet — including your personal information. They can recall your name, email, and employer when prompted. No one asked your permission.
Exposed PII fuels credential stuffing, SIM swap attacks, synthetic identity fraud, and tax fraud. Once your data is out there, attackers follow a predictable kill chain — and most people have no idea it's happening to them.
One Form. Four Products. Zero Friction.
You enter your identity once. Aletheos fires AI Model Scanner, Web Data Removal, Shadow IT Scan, and Data Deletion in parallel — then deploys salted honey tokens for future breach detection. Every finding is triaged server-side for Bulk Data Rule compliance before it reaches you.
Scanner
Find out if your personal data is stored inside ChatGPT, Google Gemini, Grok, or 20+ other AI systems — then automatically submit GDPR Article 17 erasure requests to every one.
- 26 global AI models scanned (text, image, voice)
- PII memorisation detection
- Automated GDPR Article 17 erasure requests
- Machine unlearning verification (MIA test)
Removal
Your personal profile is listed on 25+ data broker websites right now. We scan every one, automatically submit opt-out and erasure requests, and deliver legal evidence of each completed removal.
- 25+ data broker opt-out automation
- Automated GDPR & CCPA erasure requests
- PDF evidence package for legal proof
- Re-scan to confirm removal
Scan
Discover every unauthorised SaaS tool connected to your company domain — apps your IT team may not know about that are quietly collecting your work data and personal information.
- Full domain SaaS footprint discovery
- Unsanctioned app identification
- Data exposure risk classification
- Exportable findings report
Deletion
Submit formal GDPR Article 17 erasure requests directly to any platform's Data Protection Officer — Google, Spotify, Facebook, and more. They are legally required to respond within 30 days.
- Legally-binding deletion letters to any platform
- Direct submission to Data Protection Officers
- 30-day regulatory response tracking
- Verified deletion certificates
Three Steps. Then Forget About It.
Sign up and tell us what to protect — your email, phone, name, or any personal information you want monitored. No technical knowledge needed.
Our Sentinel-Mesh engine runs AI Model Scanner, Web Data Removal, and Shadow IT Scan simultaneously across 25+ web sources and 26 AI models. Threats are classified, and removals begin immediately.
Removal requests are filed, erasure is verified, and you receive proof. Our 24/7 monitoring continues scanning — if your data reappears anywhere, we catch it and remove it again.
Built Inside the Law, Not Around It
Every Aletheos action is anchored to a published statute. We operate under OSINT-only collection, human-in-the-loop approval for every legal report (CCPA ADMT-compliant), and append-only evidence vaults with cryptographic chain of custody. Here is the full legal framework we satisfy.
OSINT collection is restricted to publicly-accessible data with no authentication bypass. Van Buren v. United States (2021) "gates-up-or-down" test satisfied. Good-faith security research posture per DOJ 2022 policy.
Honey tokens capture metadata only (DNS callback, access timestamp) — never communication content. Owner-consent exception applies. No Wiretap Act exposure.
Threat indicators exported in STIX 2.1 bundles for DHS/CISA channels. Civil-liability safe harbor engaged. Customer-initiated sharing only.
Server-side jurisdiction triage blocks evidence touching CN, RU, KP, IR, CU, VE before export. 28 CFR Part 202 compliant. You cannot accidentally breach it.
Mandatory cybersecurity audits (Jan 2026) — structure is audit-ready today. ADMT opt-out (Jan 2027): every legal report requires human approval via our Verify & File workflow. You're never automated into a filing.
30-day notification SLA supported (CA, CO, FL, ME, WA, NY). Incident ledger tracks discovery timestamp distinct from occurrence, matching statutory "awareness" trigger.
Lawful basis: Art. 6(1)(f) legitimate interest (Recital 49 explicitly names threat intelligence). Art. 32 controls: AES-256 at rest, TLS 1.3 in transit, MFA. Art. 33 72-hour notification playbook.
Our Mistral-7B-Instruct classifier is a high-risk AI system. Articles 15 & 29 cybersecurity baselines met; adversarial testing and data-poisoning protection in place for Aug 2026 enforcement.
Every report ships with a Forensic Metadata Block: engine ID, confidence score, SHA-256 report hash, reviewer ID, generation timestamp. Reproducible and admissible by design.
B2B tier delivers 24-hour early warning + 72-hour incident report, mapped to essential/important entity categorisation and executive-accountability structure.
Secure-by-default architecture, coordinated vulnerability disclosure, SBOM for every release, automated patch delivery. Vulnerability reporting path live from Sep 11, 2026.
No unauthorised access, no data interference, no device misuse. All our operations are passive observation of public sources or customer-owned infrastructure.
Architecture ready for harmonised cross-border evidence requests. Jurisdiction-aware evidence vault means a French hit produces a French-language Article 33 draft automatically.
We never bypass authentication. Every source is publicly accessible or owned by you.
Honey token raw tags are never persisted. Only salted SHA-256 hashes live in the database.
No AI decision is filed autonomously. Every legal report requires human approval — bypassing CCPA ADMT 2027 restrictions by design.
Evidence records are never mutated, only appended. SHA-256 report hashes prove no tampering after approval.
Why People Trust Aletheos
We're not another privacy app that sends you alerts and leaves you to figure it out. We take action — automatically, legally, and with proof.
Every removal request carries the force of EU law. Vendors must comply within 30 days or face fines up to 4% of global revenue. We enforce your rights — not just request them.
We never store the personal data we scan for. Credentials are encrypted. Scan results are yours. We are the tool — not another data collector.
Every scan, every removal, every verification generates a timestamped certificate. If you ever need to prove you took action to protect your identity, the evidence is ready.
Subscribe and forget. Our autonomous engine runs 24/7, scanning for new exposures across the dark web, data brokers, and AI models. You only hear from us when something needs your attention.
We don't just delete and hope for the best. After every removal, our verification engine re-probes the source to confirm your data is actually gone. If it's not, we try again.
Simple Pricing. Complete Protection.
Start free. Upgrade when you're ready. Every paid plan includes 24/7 autonomous monitoring and verified erasure.
Building for your organisation? Talk to us about Enterprise →
- 3 one-time scans
- See where your data is exposed
- Results partially masked
- No removals — see the threat first
- Full unmasked results
- Monthly dark web monitoring
- 10 data broker removals
- 4 AI model scans
- Basic threat report
- Email support
- 24/7 continuous monitoring
- All 25+ data broker removals
- 26 AI model scanning
- MITRE threat classification
- Verified erasure certificates
- Monthly re-scans
- Priority support
- Everything in Standard
- Machine unlearning (AI weight removal)
- Identity theft action plans
- Real-time webhook alerts
- Weekly re-scans
- MIA verification (proof of forgetting)
- Dedicated support
- Everything in Full Coverage
- SSO (SAML 2.0) — on roadmap
- Dedicated customer success manager
- Custom DPA and Standard Contractual Clauses available
- Volume API pricing
- Priority access to AI Model Unlearning, Hard Strike gradient surgery, Data Lake, Enterprise OSINT, Internal DLP
- SLA available
Prices shown in CAD. Stripe charges in CAD; non-Canadian cards may be converted by your issuer. Annual plan discount is earned upon completion of the 12-month term — cancellation before 12 months forfeits the discount. Taxes (HST, if applicable) added at checkout.
Take Back Control
Your passwords are on the dark web. Your name is on data broker sites. Your face is in AI training data. You didn't consent to any of it. Aletheos finds it all, removes it all, and proves it's gone — automatically.