Somewhere around step four of our checkout, a screen appears that asks you to sign a power of attorney. It is the moment where roughly one in nine people stop, reread, and email us before going further. That is the correct response. Signing things on the internet should make you pause.

So here, in advance, is what that document is, what it permits, and what it does not.

The document, in one sentence

What we ask you to sign is a limited power of attorney: a one-page authorisation appointing Nox Æterna as your agent for the single, narrow purpose of sending erasure requests under Article 17 of the UK GDPR and, for US customers, section 1798.105 of the California Consumer Privacy Act. The document names the statutes, names you, names us, and lists the brokers we are authorised to contact.

It is one page because it does one thing. A general power of attorney runs to five or six. Ours is short on purpose.

What it explicitly does not permit

This is the part most people want spelled out, so we spell it out on the document itself, in a bordered box, in plain English. The mandate does not authorise us to:

  • open accounts in your name, on any platform, anywhere
  • sign contracts or agreements other than the erasure requests themselves
  • access, view, or operate any financial account — bank, card, brokerage, crypto wallet
  • make any statement, claim, or representation on your behalf beyond "please delete this person's record under the cited statute"
  • respond to legal proceedings, accept service, or correspond with any party other than the listed data brokers and the regulators that oversee them

If a broker emails back with a follow-up question — about the spelling of a previous address, say, or a date of birth — we forward it to you. The authority is to request deletion, not to fill in your life story on demand.

A mandate that does one thing is a mandate that cannot be quietly stretched to do something else.

Why the brokers require it

Under both GDPR and CCPA, an erasure request must come from the data subject, or from someone the data subject has authorised in writing. A request without that proof is treated as a third-party submission and rejected on the spot. We know, because for the first two months of operation we tested sending unsigned letters. The rejection rate was ninety-four per cent.

Brokers are not being unreasonable about this. The rule exists to stop one neighbour from deleting another's record out of spite, and to stop stalkers from wiping their target's paper trail. A signed POA, with a verified identity behind it, closes that loophole. It is the difference between a letter the broker must action within thirty days and a letter their compliance team can bin without reading.

How we sign it

The signing happens through SignWell, an e-signature platform that complies with the UK Electronic Communications Act 2000 and the US ESIGN Act of 2000. Three things happen the moment you sign.

  1. The document is time-stamped to the second, in UTC.
  2. Your IP address is logged against the signature, as evidence of who signed and from where.
  3. A countersigned PDF copy is emailed to you within sixty seconds, and stored against your order on our side.

You will have the document in your inbox before you reach the next step of the checkout. We suggest filing it somewhere you can find it again. If a broker ever queries the authorisation, that PDF is what we forward — never your identity documents.

Revocation: one email, twenty-four hours

The mandate is revocable at any time, for any reason, without explanation. You email dpo@noxaeterna.com with the words "I revoke my authorisation" and the order number from your receipt. We acknowledge within one business hour and cease all in-flight requests within twenty-four hours. Letters already sent cannot be unsent, but no further letters go out under your name from that moment.

We will still finish reporting on the requests that were already in motion, because we owe you the PDF receipts you paid for. After that, the mandate is closed and the file is archived.

The legal frame

For UK customers, the document is governed by the laws of England and Wales and enforceable as a limited-scope agency under the Powers of Attorney Act 1971. For US customers it sits under the law of Delaware, where Nox Æterna Inc. is incorporated, and operates as a limited agency mandate recognised in every state we send requests into. In both jurisdictions the rule is the same: the agent may only act within the four corners of the written authority. Anything outside it is void.

The scope is narrow not as a favour to you, but because a broader scope would be a worse business for us to run. Our incentives and yours are, on this one document, the same.

If you would rather not sign it at all

You do not have to. Article 17 and section 1798.105 are rights you can exercise yourself, with no agent involved. The trade is roughly thirty hours of letter-writing, follow-up, and complaint-filing against the price of one signature.

If you would rather hand that work over, Nox Æterna handles all 150+ UK and US brokers in one £89 payment, signs in your name under the mandate above, and sends you the PDF proofs as each broker confirms. One page in. Your data, gone.