Domains, Upgrades

Domains »Domain Registrations and Privacy

The information below pertains to domain registrations only. For more information, please see our Privacy Policy.

Table of Contents

Information We Collect and Why

When you register a domain, the Internet Corporation of Assigned Names and Numbers (“ICANN”) requires us to collect certain data:

  • An email address (separate from your WordPress.com account email, but you can use the same one)
  • Name
  • Address
  • Telephone number
  • And where available, an organization name and fax number (…who faxes things anymore?)
  • All of the above details, for an administrative contact for your domain and for a technical contact for your domain

To make things simpler, in most cases, we’ll use the registrant contact information for your administrative contact and technical contact as well. You can update this information at any time as described here. We’ll refer to the information associated with your domain registration as “domain registrant data.”


↑ Table of Contents ↑

How We Share Information

Please note that in some cases, how much of your domain registrant data is shared, and with whom, depends the policies of the respective registry or registrar of record, and whether your domain is registered with Privacy Protection.

Please see this page for instructions on how to determine the registrar(s) of record for any domains you currently have registered with WordPress.com, and read on to learn about Privacy Protection and how it affects how your data is shared.

With Vendors

We may share your domain registrant data with third-party vendors who need to know information about you in order to provide their services to us or to you, such as ICANN and third parties that enable us to provide our domain registrar services, like backend registrar service providers (which is why there are different registrars of record), registries, and data escrow service providers.

To Resolve Disputes

When someone has filed a URS or UDRP dispute, ICANN requires us to reveal your domain registrant data (even if you have enabled Privacy Protection), so that the dispute can be resolved by the respective dispute resolution service provider.

In WHOIS

ICANN requires your domain registrant data, as well as information about the domain registration, to be included in a directory of sorts, called WHOIS. Anyone who wants to learn more about a domain or the person/organization behind it, can look it up via WHOIS. You can learn more about WHOIS and how it came to be, but we’ll cover the details that we think might be especially important to you:

  • In some cases, due to the policies of the respective registry (like .id, .in, .jp, .mx, and .com.mx,), all of your domain registrant data may be available in WHOIS.
  • For most TLDs, if you do not register the domain with Privacy Protection, only your state/province, country, and organization name will be displayed in WHOIS. You can choose to keep these details out of WHOIS by using Privacy Protection.
  • If you’d like to display your domain registrant data in WHOIS, you can do so by disabling Privacy Protection as described here.

Via “Tiered Access”

Although only certain bits of information may be publicly available, ICANN requires registrars to provide certain people with access to your domain registrant data without due process, as long as they have a legitimate purpose for accessing it. ICANN and registrars may refer to this as “tiered access,” “layered access,” or “gated WHOIS.” For example, if you’ve registered a domain, law enforcement may be able to obtain the personal data associated with your domain registration without providing a subpoena.

These “tiered access” requests for your data will be reviewed on a case by case basis by your registrar of record. While we are as stringent as we can in reviewing and sharing these requests with you, some of this is out of our hands if we want to continue to offer domain registration services. But because we’re big proponents of privacy and transparency (and you don’t have to just take our word for it!), and this isn’t in line with our usual policies, we want to make this as clear as possible:

For domains where Automattic is the registrar of record, there is a way to ensure that your domain registrant data receives the same protection as the rest of your WordPress.com account information: registering your domain with Privacy Protection.


↑ Table of Contents ↑

Privacy Protection

All domains registered at WordPress.com come with Privacy Protection free of charge, but please note that Privacy Protection may not be available due to the policies of the respective registrar of record or registry.

Using Privacy Protection will ensure that none of your data is shown publicly in WHOIS, no matter your registrar of record. Instead, your information may be redacted, or the respective privacy proxy’s service’s name and information may appear in place of yours. Here are the names of the respective privacy proxy services, depending on your registrar of record:

If you have enabled Privacy Protection, if any parties request your domain registrant data via “tiered access,” they’ll get the respective privacy proxy service’s data. Third parties will only be able to obtain your underlying data from us by providing legal process, per our Legal Guidelines.

Currently, we provide Privacy Protection for free for all domains registered on WordPress.com, and we highly recommend that you take advantage of it. Please note that there are certain cases where Privacy Protection is enabled by default or not available at all, due to the registry’s policies:

  • For .ca domains, Privacy Protection is enabled by default with no additional fee if you register the domain as an individual (eg, Canadian citizen/resident). Privacy Protection is not available if you register the domain as a non-individual or organization.
  • For .fr domains, Privacy Protection is enabled by default with no additional fee for individual registrants. It is not available for organization registrants.
  • For .id, .in, .jp, .mx, and .com.mx, domains, Privacy Protection is not available.
  • For .uk domains, privacy is included by default by Nominet, the .uk registry. Please see their website for more information.

If you already have a domain registered on WordPress.com and want to add Privacy Protection:

  1. Go to the Domains page (My Sites → Manage → Domains).
  2. Click on the domain you wish to edit.
  3. Click on Contacts and Privacy.
  4. Click Privacy Protection and checkout for free.

If your domain name expires within the next 6 months, you will need to renew the domain registration in order to add Privacy Protection.

On the other hand, we understand that there may be reasons why you want to have your information publicly available in WHOIS. If that’s the case, you can choose to forego Privacy Protection.


↑ Table of Contents ↑

How and Why We Use Information

In addition to the purposes stated in our Privacy Policy, it’s worth calling out that we use your domain registrant data to verify ownership of a domain. When the information associated with your WordPress.com account differs from the contact information for your domain registration — for example, you can use a different email address in each place — we’ll consider domain registration contact information (AKA the administrative contact in the domain’s WHOIS records) to be the owner of the domain, with full authority to manage the domain.


↑ Table of Contents ↑

How Long We Keep Information

We keep your domain registrant data as long as your WordPress.com account is active, in case you’d like to register another domain. If you’re no longer interested in our services, you can follow these instructions to close your account.

Not quite what you're looking for?

Get Help