Skip to main content

Automated data broker removal tool — close your accounts, erase your data.

Project description

Symaira EraseMe

Automated data broker removal tool — close your accounts, erase your data.

Beta — Core features are stable and tested. Some advanced features (web-form CAPTCHA solving, DPA auto-filing) require manual setup or are event-flagged only.

CI License Python

Symaira EraseMe terminal demo — init-profile, broker listing, plan creation, and campaign status

Symaira EraseMe helps you exercise your GDPR/CCPA right to erasure against data brokers. It provides:

  • A curated registry of 1,200+ data brokers with opt-out processes documented
  • CLI tools to plan, send, track, and triage removal requests
  • Skills for LLM-powered agents (Claude Code, OpenClaw, etc.)
  • Lifecycle management with deadline tracking, reminders, escalation, and re-scans
  • Automated registry maintenance via weekly scans of public state broker registries

Features

  • Curated broker registry with YAML-based definitions for 1,277 data brokers across the EU (121), UK (20), and US (1,138), including opt-out URLs, required account identifiers, contact methods (web forms, email), and verification keywords.
  • Event-sourced architecture with an append-only SQLite event store, state projections, and full audit trail for every removal request.
  • CLI automation with 30+ commands to plan removal campaigns, send opt-out requests in batches, track progress, monitor deadlines, and triage broker replies from the terminal.
  • Web-form automation via Playwright for brokers that only accept opt-outs through web forms, including form-filling, CAPTCHA detection, and screenshot capture.
  • Inbox triage via IMAP polling to fetch broker replies, classify them with an LLM (Claude), and generate jurisdiction-aware rebuttals for rejections.
  • Deadline tracking with automatic jurisdiction-aware deadline monitoring (GDPR: 30 days, CCPA: 45 days). The tick engine checks daily for overdue requests and triggers reminders with exponential backoff.
  • Escalation workflows that flag requests for DPA complaints after brokers miss the legal response window.
  • LLM agent skills as ready-made skill files for Claude Code, OpenClaw, and other LLM-powered coding agents. These skills let AI assistants work with the tool on your behalf.
  • Jurisdiction-aware workflows with support for GDPR (Europe), CCPA (California), CPRA, LGPD, and PIPEDA erasure rights, including jurisdiction-specific templates, timelines, and legal references.
  • Scheduler integration that generates cron, launchd, or systemd configurations to run the tick engine, inbox polling, and quarterly re-scans automatically.
  • Automated registry maintenance with a weekly GitHub Action that pulls fresh entries from official US state broker registries and opens a PR with the diff, plus a Monday link-check workflow that flags dead broker websites.
  • Dashboard and reports for campaign analytics, jurisdiction breakdowns, and GDPR-compliant record-keeping exports.

Install

End users (from PyPI):

pip install symeraseme

Optional extras:

pip install symeraseme[web]      # Playwright-based browser automation
pip install symeraseme[triage]   # LLM triage via Anthropic Claude

macOS users (via Homebrew):

brew tap danieljustus/symaira
brew install symeraseme

Developers (from source):

# Clone the repository
git clone https://github.com/danieljustus/Symaira-EraseMe.git
cd symaira-eraseme

# Install dependencies with uv
uv sync
uv pip install -e ".[dev,web,triage]"

# Configure your environment
cp .env.example .env
# Edit .env and add your ANTHROPIC_API_KEY

See .env.example for all supported environment variables.

Usage

Getting started

# Initialize your profile with personal details
symeraseme init-profile

# List all registered brokers, optionally filtered by jurisdiction or law
symeraseme brokers list --law GDPR

# Show details for a specific broker
symeraseme brokers show --name spokeo

Demo

$ symeraseme init-profile
✓ Profile saved to ~/.config/symeraseme/profile.json

$ symeraseme brokers list --law GDPR
┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┓
┃ Name         ┃ Website                     ┃ Jurisdiction  ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━┩
│ Spokeo       │ https://www.spokeo.com      │ CCPA          │
│ Intelius     │ https://www.intelius.com    │ CCPA          │
│ Acxiom (EU)  │ https://www.acxiom.com      │ GDPR          │
│ Schufa       │ https://www.schufa.de       │ GDPR          │
└──────────────┴─────────────────────────────┴───────────────┘

$ symeraseme plan create --campaign initial --law GDPR --max 5
✓ Plan created: 5 brokers selected
  Campaign: initial

$ symeraseme plan status
Campaign: initial
┏━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┓
┃ Broker      ┃ Status      ┃ Deadline             ┃
┡━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━┩
│ Acxiom (EU) │ planned     │ —                    │
│ Schufa      │ planned     │ —                    │
│ Experian EU │ planned     │ —                    │
│ Equifax EU  │ planned     │ —                    │
│ Creditreform│ planned     │ —                    │
└─────────────┴─────────────┴──────────────────────┘

Planning and execution

# Create a removal plan for GDPR brokers (limit to 10)
symeraseme plan create --campaign initial --jurisdiction GDPR --max 10

# Review the plan before sending
symeraseme plan show --campaign initial

# Execute the plan in batches (respects rate limits, requires consent)
symeraseme plan execute --campaign initial --batch-size 5 --delay 30 --yes

# Check overall campaign progress
symeraseme plan status

# View deadline calendar and upcoming tick actions
symeraseme calendar --weeks 4

Inbox triage (requires [triage] extra)

# Poll your IMAP inbox for broker replies
symeraseme poll-inbox --username your@email.com

# Classify a broker reply via LLM
symeraseme classify-reply <request_id>

# Generate a jurisdiction-aware rebuttal for a rejection
symeraseme generate-rebuttal <request_id>

Web-form automation (requires [web] extra)

# Run a broker's web-form opt-out via Playwright
symeraseme run-web-form <broker_id>

# List manual fallback tasks for forms that couldn't be automated
symeraseme manual-tasks list

# Mark a manual task as completed
symeraseme manual-tasks complete <task_id>

Lifecycle and maintenance

# Run the tick engine (checks deadlines, reminders, escalations)
symeraseme plan tick --dry-run
symeraseme plan tick

# Generate scheduler configs (cron / launchd / systemd)
symeraseme generate-scheduler --output ./schedules

# Install schedules
symeraseme schedule install ./schedules

# Generate a dashboard report
symeraseme generate-dashboard

# Export campaign data for GDPR record-keeping
symeraseme export --format json --output campaign.json

Other commands

# Validate registry YAML files against the schema
symeraseme validate

# Show event history for a request
symeraseme events show <request_id>

# List all removal requests
symeraseme requests list --status pending

# Grant consent for destructive operations
symeraseme grant execute --ttl 3600

Run symeraseme --help for a full list of commands and options.

Architecture

Symaira EraseMe uses an event-sourced architecture built on SQLite:

┌─────────────┐     ┌──────────────┐     ┌─────────────┐
│   CLI /     │────▶│   Event      │────▶│  Request    │
│   Skills    │     │   Store      │     │  State      │
└─────────────┘     │  (SQLite)    │     │ (Projection)│
                    └──────────────┘     └─────────────┘
                           │
                    ┌──────┴──────┐
                    ▼             ▼
            ┌──────────┐   ┌──────────┐
            │  Tick    │   │  Reports │
            │  Engine  │   │ / Export │
            └──────────┘   └──────────┘
  • Event Store: Append-only log of all actions (planned, sent, ack, reminder, deadline reached, etc.)
  • State Projection: Rebuilds the current state of every request from events
  • Tick Engine: Daily scan for deadlines, reminders, and escalations
  • Triage: LLM-based classification of broker replies with jurisdiction-aware rebuttal generation

Registry maintenance

The broker registry is kept fresh by two scheduled GitHub Actions:

  • registry-scanner (Sundays, 00:00 UTC) — fetches the latest data-broker registries published by US states (e.g. California, Vermont, Oregon, Texas), normalizes the records into YAML entries, and opens a pull request for any additions or changes.
  • registry-link-check (Mondays, 06:00 UTC) — issues a HEAD request to every broker's website field and reports unreachable URLs so dead entries can be retired or corrected.

You can also run the sync manually:

uv run python scripts/registry_sync.py

Development

Setup

uv sync --all-extras
uv pip install -e ".[dev,web,triage]"
pre-commit install

The pre-commit hooks include:

  • Detect private keys — checks for hardcoded private keys

CI additionally runs TruffleHog for comprehensive secrets scanning on every pull request.

Run tests

uv run pytest --verbose --tb=short

Lint and type-check

uv run ruff check src/symeraseme/
uv run ruff format --check src/symeraseme/
uv run mypy src/symeraseme/

All three checks run in CI on every push and pull request to the main branch.

Project structure

src/symeraseme/
  cli/           — Typer CLI application
  core/          — Event store, projections, tick engine, templating, scheduler
  registry/      — Broker loader, schema validation
  services/      — CLI command handlers
  adapters/      — Web (Playwright), Triage (Claude), Email (SMTP/IMAP)
registry/
  brokers/       — YAML broker definitions (eu/, uk/, us/)
  laws/          — Jinja2 legal templates (GDPR, CCPA, rebuttals)
  schemas/       — JSON Schema for broker validation
skills/          — LLM agent skill files (Claude Code, OpenClaw)
examples/        — Integration examples for Claude Code, OpenClaw, cron

Security

  • Identity profile encryption: Profiles are encrypted with AES-256-GCM and authenticated with the header as AAD. Files written since v0.1.2 use header version: 2; earlier files used version: 1. A legacy no-AAD fallback exists for version: 0 files only — any tampered ciphertext on version 1+ fails closed with InvalidTag.
  • Database encryption: When SYMERASEME_ENCRYPT_DB=1 is set, the SQLite database is encrypted at rest using AES-256-GCM with a key derived from your identity master key. Databases created before v0.2.0 used a fixed PBKDF2 salt (V1 format); newer databases use a per-file random salt (V2 format). On open, any V1 database is automatically re-encrypted to V2 transparently — no manual migration is required. On open, the database is decrypted to a temporary file with restrictive permissions (0o600). The temp file is placed in a memory-backed directory where the platform supports it (Linux: /dev/shm; macOS: /tmp RAM disk; Windows: OS temp directory on disk). On normal exit, SIGTERM, or context close, the temp file is re-encrypted and removed. A SIGKILL (e.g., kill -9, OOM killer, or system crash) may leave the decrypted temp file behind. On Linux and macOS the temp file resides in memory and is lost on reboot; on Windows it may persist on disk. If this is a concern for your threat model, consider running Symaira EraseMe on a single-user system or using full-disk encryption.
  • Consent tokens: Consent tokens passed via --consent or the SYMERASEME_CONSENT environment variable are visible in process listings (ps aux), shell history, and crash dumps. On shared systems or CI runners, prefer --consent-file or SYMERASEME_CONSENT_FILE to read the token from a file with 0o600 permissions. The file is read once and the token is consumed (consume_token) after verification. Pipe-based input is supported: echo $TOKEN | symeraseme plan execute --consent-file /dev/stdin.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

symeraseme-0.2.0.tar.gz (415.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

symeraseme-0.2.0-py3-none-any.whl (138.8 kB view details)

Uploaded Python 3

File details

Details for the file symeraseme-0.2.0.tar.gz.

File metadata

  • Download URL: symeraseme-0.2.0.tar.gz
  • Upload date:
  • Size: 415.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for symeraseme-0.2.0.tar.gz
Algorithm Hash digest
SHA256 067f6541d157f2fbe77db08cf0efec5cba1fe338a67def1441ab0b1b719b46b2
MD5 3dc9ee949b7e4f905e329a6ef52bfe65
BLAKE2b-256 c09254cb24291e043ae892628d488a480a6abf52123da1578eb9421646bc8d11

See more details on using hashes here.

Provenance

The following attestation bundles were made for symeraseme-0.2.0.tar.gz:

Publisher: publish.yml on danieljustus/symaira-eraseme

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file symeraseme-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: symeraseme-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 138.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for symeraseme-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 556d979fa006eb121fe36e3d3ddb30ff0776e400792b159b70f5446a726d60ba
MD5 62813c3cab0018f66bdcdb5ac079caca
BLAKE2b-256 3fdc1ce60ed99dbfeb417ebfb7eb562d2585732b344083a1746c4abc002dfccc

See more details on using hashes here.

Provenance

The following attestation bundles were made for symeraseme-0.2.0-py3-none-any.whl:

Publisher: publish.yml on danieljustus/symaira-eraseme

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page