Domains » Domain Registrations and Privacy
The information below pertains to domain registrations only. For more information, please see our Privacy Policy.
Information We Collect and Why
When you register a domain, the Internet Corporation of Assigned Names and Numbers (“ICANN”) requires us to collect certain data:
- An email address (separate from your WordPress.com account email, but you can use the same one)
- Name
- Address
- Telephone number
- And where available, an organization name and fax number (…who faxes things anymore?)
- All of the above details, for an administrative contact for your domain and for a technical contact for your domain
Some registries may also require additional information to verify eligibility for registering the domain or to comply with their policies.
To make things simpler, in most cases, we’ll use the registrant contact information for your administrative contact and technical contact as well. You can update this information at any time as described here. We’ll refer to the information associated with your domain registration as “domain registrant data.”
How We Share Information
Please note that in some cases, how much of your domain registrant data is shared, and with whom, depends the policies of the respective registry or registrar of record, and whether your domain is registered with Privacy Protection.
Please see this page for instructions on how to determine the registrar(s) of record for any domains you currently have registered with WordPress.com, and read on to learn about Privacy Protection and how it affects how your data is shared.
With Vendors
We may share your domain registrant data with third-party vendors who need to know information about you in order to provide their services to us or to you, such as ICANN and third parties that enable us to provide our domain registrar services, like backend registrar service providers (which is why there are different registrars of record), registries, and data escrow service providers.
To Resolve Disputes
When someone has filed a URS or UDRP dispute, ICANN requires us to reveal your domain registrant data (even if you have enabled Privacy Protection), so that the dispute can be resolved by the respective dispute resolution service provider.
In WHOIS
ICANN requires your domain registrant data, as well as information about the domain registration, to be included in a directory of sorts, called WHOIS. Anyone who wants to learn more about a domain or the person/organization behind it, can look it up via WHOIS. You can learn more about WHOIS and how it came to be, but we’ll cover the details that we think might be especially important to you:
- In some cases, due to the policies of the respective registry (like .id, .in, .jp, .mx, and .com.mx,), all of your domain registrant data may be available in WHOIS.
- For most TLDs, if you do not register the domain with Privacy Protection, only your state/province, country, and organization name will be displayed in WHOIS. You can choose to keep these details out of WHOIS by using Privacy Protection.
- If you’d like to display your domain registrant data in WHOIS, you can do for some TLDs so by disabling Privacy Protection as described here.
Via “Tiered Access”
Although only certain bits of information may be publicly available, ICANN requires registrars to provide certain people with access to your domain registrant data without due process, as long as they have a legitimate purpose for accessing it. ICANN and registrars may refer to this as “tiered access,” “layered access,” or “gated WHOIS.” For example, if you’ve registered a domain, law enforcement may be able to obtain the personal data associated with your domain registration without providing a subpoena.
These “tiered access” requests for your data will be reviewed on a case by case basis by your registrar of record. While we are as stringent as we can in reviewing and sharing these requests with you, some of this is out of our hands if we want to continue to offer domain registration services. But because we’re big proponents of privacy and transparency (and you don’t have to just take our word for it!), and this isn’t in line with our usual policies, we want to make this as clear as possible:
For domains where Automattic is the registrar of record, there is a way to ensure that your domain registrant data receives the same protection as the rest of your WordPress.com account information: registering your domain with Privacy Protection.
Privacy Protection
All domains registered at WordPress.com come with Privacy Protection free of charge, but please note that Privacy Protection may not be available due to the policies of the respective registrar of record or registry.
Using Privacy Protection will ensure that none of your data is shown publicly in WHOIS, no matter your registrar of record. Instead, your information may be redacted, or the respective privacy service’s name and information may appear in place of yours. Here are the names of the respective privacy services, depending on your registrar of record:
- For domains where Automattic or Key-Systems is the registrar of record: Knock Knock WHOIS Not There, LLC (aren’t we clever?)
- For domains where Tucows is the registrar of record: Contact Privacy Inc.
- For domains where Wild West Domains is the registrar of record: Domains By Proxy, LLC
If you have enabled Privacy Protection, if any parties request your domain registrant data via “tiered access,” they’ll get the respective privacy service’s data. Third parties will only be able to obtain your underlying data from us by providing legal process, per our Legal Guidelines.
Currently, we provide Privacy Protection for free for all domains registered on WordPress.com, and we highly recommend that you take advantage of it. Please note that there are certain cases where Privacy Protection is enabled by default or not available at all, due to the registry’s policies:
- For .ca domains, privacy is enabled by default with no additional fee if you register the domain as an individual (eg, Canadian citizen/resident). Privacy is not available if you register the domain as a non-individual or organization.
- For .fr domains, privacy is enabled by default with no additional fee for individual registrants. It is not available for organization registrants.
- For .id, .in, .jp, .mx, and .com.mx, domains, privacy is not available.
- For .uk domains, privacy is enabled by default by Nominet, the .uk registry. Please see their website for more information.
If you already have a domain registered on WordPress.com and want to add Privacy Protection:
- Go to the Domains page (My Site(s) → Upgrades → Domains).
- Click on the domain you wish to edit.
- Click on Contacts and Privacy.
- Toggle the Privacy Protection option.
How and Why We Use Information
In addition to the purposes stated in our Privacy Policy, it’s worth calling out that we use your domain registrant data to verify ownership of a domain. When the information associated with your WordPress.com account differs from the contact information for your domain registration — for example, you can use a different email address in each place — we’ll consider domain registration contact information (AKA the administrative contact in the domain’s WHOIS records) to be the owner of the domain, with full authority to manage the domain.
How Long We Keep Information
We keep your domain registrant data as long as your WordPress.com account is active, in case you’d like to register another domain. If you’re no longer interested in our services, you can follow these instructions to close your account.