Dispute Resolution & Reporting »Legal Guidelines
These guidelines are intended for those seeking information about a WordPress.com user, or looking to take action against a resource hosted on our network.
What Information Do We Have?
WordPress.com has certain information from users and commenters:
- First name, last name, and phone number (if a user elects to provide this information).
- The email address that is currently assigned to a site owner.
- The IP address from which a site was created.
- The date and time (UTC) at which a site was created.
- Physical address (if user has registered a custom domain through WordPress.com).
- The PayPal transaction information for any upgrades that are purchased for a site (this does not include credit card or bank account information, but may include country code or postal code).
- IP address and user-agent for a post or revision on a site.
- Email address and IP address for a comment posted on a site.
Before revealing any of this information to a party that is not the owner of the account, we require either a validly issued subpoena, warrant, or court order that specifically requests it. More information on our requirements for releasing private user information can be found below.
Data Retention Information
The length of time data is retained varies based on the type of information and actions of the user.
Requesting Private Information of WordPress.com Users
Safeguarding our users’ private information is a vital aspect of the trust our users place in our service to keep them safe, and in some cases, anonymous.
Automattic receives requests for information from government agencies/law enforcement as well as individuals or corporations involved in civil lawsuits.
To request information for a site hosted on WordPress.com, the site’s .wordpress.com URL (such as example.wordpress.com) must be specifically included in the request. To obtain information for a specific post or comment, the URL of that post or comment must be included in the request. We are unable to process overly broad or vague requests.
WordPress.com accounts can contain various information. This information is unverified and is provided at the user’s discretion.
If we receive information indicating that someone is using our services to engage in crime where we are the victim, we will not inspect a user’s private content ourselves. Instead, we may report the matter to law enforcement.
Requests from Government Agencies/Law Enforcement
It is our policy to turn over private user information only upon receipt of a valid subpoena, search warrant, or U.S. Court order that complies with the Federal Rules of Criminal Procedure, the Federal Rules of Civil Procedure, and/or California state law.
For legal requests from government agencies/law enforcement from outside of the United States, we ask that the request be served via a United States court or enforcement agency under the procedures of an applicable mutual legal assistance treaty or letter rogatory.
If these pieces of information are available, we can provide the first and last names, phone number, email address currently assigned to a site owner, the date/time stamped IP address from which a site was created, the physical address, and the PayPal transaction information to government agencies/law enforcement upon receipt of a valid subpoena.
We require a court order or a warrant before providing additional IP addresses or information relating to a specific post or a specific comment.
We require a warrant before disclosing content of user communications to government agencies/law enforcement. We also require a warrant before providing any non-public content information (such as private or draft post content, or pending comments).
Requests in Civil Cases
It is our policy to turn over private user information only upon receipt of either (1) a valid order from a U.S. court, or (2) a subpoena served as part of an existing lawsuit that complies with Rule 45 of the Federal Rules of Civil Procedure and/or the California Discovery Act. For legal requests from outside the United States, we ask that the request be served via a United States court or enforcement agency under the procedures of an applicable mutual legal assistance treaty or letter rogatory. Litigants should ensure that any such requests comply with the US SPEECH Act, 28 U.S.C. 4101 et seq.
Requests must identify the specific information (as listed above) sought. If a request is overly broad or seeks information not applicable to Automattic, we will provide the email address that is currently assigned to a site owner, the IP address from which a site was created, and the date and time (UTC) at which a site was created.
Any request for specific post or comment information must include the specific URL of each post or comment. We will not provide any content information in response to civil orders or subpoenas, pursuant to the E.C.P.A.
Please note that we charge an administrative fee of USD $125/hour for compliance with validly issued and served civil subpoenas. We will bill for and collect this fee prior to furnishing information in response to a subpoena.
Notification to WordPress.com Users and Transparency
We aim for total transparency with our users when requests or complaints affect their sites, accounts, or information. It is our policy to notify users and provide them with a copy of any civil or government legal process regarding their account or site (including requests for private information), unless we are prohibited by law or court order from doing so.
If a request for information is valid, we will preserve the necessary information before informing the user. Upon notification to the user, that user will be provided with either 7 days or the amount of time before the information is due, whichever is later, during which time the user may attempt to quash or legally challenge the request. If, prior to the deadline, we receive notice from user that he or she intends to challenge a request, no information will be delivered until that process concludes. We also review the information requests receive, and may lodge our own challenge to the scope or validity of legal process received, on behalf of a user, whether or not the user pursues his/her own legal challenge.
Preservation Requests for WordPress.com Sites
Requests for the preservation of information must originate from a law enforcement agency.
Our notification policy with regards to preservation requests is meant to protect user privacy and promote transparency, while also avoiding interference with legitimate investigations of criminal activity.
We notify users of preservation requests. When law enforcement requests that a preservation request remain confidential, we keep it confidential for 45 days, with the expectation that they will be serving a valid US subpoena or search warrant that includes the required certification (2705(b)) or court-ordered non-disclosure provision. If the certification or court order is obtained, we will keep the preservation request secret under the same conditions as the subpoena/warrant. If, after 45 days law enforcement has not served a subpoena or search warrant or has served one without the required certification or secrecy order, we inform the user of the request.
Enforcing Protection Orders Against WordPress.com Users
WordPress.com is not responsible for enforcing protection orders that apply to users on our service. If you represent a client with an active protection order that may apply to a WordPress.com site, please contact the appropriate court or law enforcement agency for assistance.
Who Is Liable for Sites Hosted on WordPress.com?
WordPress.com will respond only in compliance with US law and in reply to valid legal process as stated in our policies.
WordPress.com, as a United States-based internet service provider, is protected by the safe harbor provisions of §230(c) of the United States Communications Decency Act, which states that internet service providers cannot be held liable for the contents (including allegedly harassing, defamatory, inaccurate, or offensive content) posted to our service by our users.
WordPress.com does not and will not exercise editorial oversight on the millions of sites hosted on our service, nor are we considered the author, editor, or publisher of that content in any way.
Requests for Takedown of Copyrighted Content
WordPress.com complies with properly formatted notices sent in accordance with the Digital Millennium Copyright Act. More information about our DMCA process can be found here.
Requests for Takedown of Other Content
WordPress.com strongly believes in freedom of speech. We have a vast audience spread across many cultures, countries, and backgrounds with varying values and our service is designed to let users freely express any ideas and opinions without us censoring or endorsing them. We review and investigate all complaints that we receive. If we determine that reported content violates our Terms of Service, we will take action as appropriate. Regardless of whether or not we take action, we may forward a copy of the complaint to the site owner.
If we receive a complaint and are not in a position to make a determination (for example whether something is defamatory or not), we defer to the judgment of a court.
Serving Process on WordPress.com and Making Inquires
Any request for user information must include a valid email address for us to return the information or contact with questions. WordPress.com communicates only via email.
Legal process can be served by mail to:
132 Hawthorne St.
San Francisco, CA 94107
Attn: General Counsel
Where permitted, we also accept service via email to email@example.com.
General inquiries regarding our policies can be sent via email to firstname.lastname@example.org.