Disclosed are techniques for determining opt-out compliance to prevent user data exploitation. In an aspect, a user device scans an email account of a user of the user device to identify a list of commercial email domains from which the email account has received one or more emails, transmits an opt-out request to a commercial email domain on the list of commercial email domains, receives an opt-out response from the commercial entity, wherein the opt-out response comprises an email or a webform containing natural language text indicating a response to the opt-out request, applies a machine learning model to the opt-out response to classify, based on the natural language text indicating the response to the opt-out request, a type of the opt-out response as one of a plurality of types of opt-out responses, and displays a notification indicating the type of the opt-out response determined by the machine learning model.