Domains, Upgrades

Domains »Domain Registrations and Privacy

Please note that the information below pertains to domain registrations only. For more information, please see our Privacy Policy.

Information We Collect and Why

When you register a domain, the Internet Corporation of Assigned Names and Numbers (“ICANN”) requires us to collect certain data:

  • An additional email address (although it could be the same as the one you use for you WordPress.com account)
  • Your name
  • Your address
  • Your telephone number
  • And where available, your organization name and your fax number (…who faxes things anymore?)
  • All of the above details, for an administrative contact for your domain and for a technical contact for your domain

To make things simpler, in most cases, we’ll use the registrant contact information that you provide as part of your domain registration process for your administrative contact and technical contact as well. You can update this information at any time as described here. We’ll refer to the information associated with your domain registration as “domain registrant data.”

↑ Table of Contents ↑

How We Share Information

Please note that in some cases, how much of your domain registrant data is shared, and with whom, depends on your registrar of record and whether your domain is registered with Privacy Protection. Please see this page to determine the registrar(s) of record for any domains you currently have registered with WordPress.com, and read on to learn about Privacy Protection and how it affects how your data is shared.

With Vendors

We may share your domain registrant data with third party vendors who need to know information about you in order to provide their services to us or to you, such as ICANN and third parties that enable us to provide our domain registrar services, like backend registrar service providers (which is why there are different registrars of record), registries, and data escrow service providers.

To Resolve Disputes

When someone has filed a URS or UDRP dispute, ICANN requires us to reveal your domain registrant data (even if you have enabled Privacy Protection), so that the dispute can be resolved by the respective dispute resolution service provider.

In WHOIS

ICANN requires your domain registrant data, as well as information about the domain registration, to be included in a directory of sorts, called WHOIS. Anyone who wants to learn more about a domain or the person/organization behind it, can look it up via WHOIS. You can learn more about WHOIS and how it came to be, but we’ll cover the details that we think might be especially important to you.

Because each registrar has their own policies for handling data, different information may be publicly available in the WHOIS directory, depending on the registrar of record for the domain you currently have registered with WordPress.com. If you do not register the domain with Privacy Protection:

  • For domains where Automattic or Tucows is the registrar of recordYour state/province, country, and organization name will be displayed in WHOIS.
  • For domains where Wild West Domains is the registrar of record and the registrant is covered by the GDPRYour state/province, country, and organization name will be displayed in WHOIS.
  • For domains where Wild West Domains is the registrar of record and the registrant is not covered by the GDPR: All of your domain registrant data will be displayed in WHOIS.

Via “Tiered Access”

Although in some cases as outlined above, only certain bits of information will be publicly available to everyone, ICANN requires all registrars to provide certain people with access to your domain registrant data without due process, as long as they have a legitimate purpose for accessing it. ICANN and registrars may refer to this as “tiered access,” “layered access,” or “gated WHOIS.” For example, if you’ve registered a domain, law enforcement may be able to obtain the personal data associated with your domain registration without providing a subpoena.

These “tiered access” requests for your data will be reviewed on a case by case basis by your registrar of record. While we’ll be as stringent as we can in reviewing and sharing these requests with you, some of this is out of our hands if we want to continue to offer domain registration services. But because we’re big proponents of privacy and transparency (and you don’t have to just take our word for it!), and this isn’t in line with our usual policies, we want to make this as clear as possible:

For domains where Automattic or Tucows is the registrar of record, there is a way to ensure that your domain registrant data receives the same protection as the rest of your WordPress.com account information: registering your domain with Privacy Protection.

↑ Table of Contents ↑

Privacy Protection

Please note that in some cases, Privacy Protection is not available, due to the policies of the respective registrar of record or registry. 

Using Privacy Protection will ensure that none of your data is shown publicly in WHOIS, no matter your registrar of record. Instead, the respective privacy proxy’s service’s name and information will appear in place of yours. Here are the names of the respective privacy proxy services, depending on your registrar of record:

  • For domains where Automattic is the registrar of record: Knock Knock WHOIS Not There, LLC (aren’t we clever?)
  • For domains where Tucows is the registrar of record: Contact Privacy Inc.
  • For domains where Wild West Domains is the registrar of record and the registrant is not covered by the GDPR: Domains By Proxy, LLC
  • For domains where Wild West Domains is the registrar of record and the registrant is covered by the GDPR: Wild West Domains does not currently allow registrants covered by the GDPR to use their privacy proxy service.

If you have enabled Privacy Protection, if any parties request your domain registrant data via “tiered access,” they’ll get the respective privacy proxy service’s data. Third parties will only be able to obtain your underlying data by providing legal process, per our Legal Guidelines.

Currently, all WordPress.com plans include the option to register a custom domain, and we include Privacy Protection for that domain by default. We highly recommend that you take advantage of it. Please note that there are certain cases where Privacy Protection is enabled by default or not available at all, due to the registry’s policies:

  • For .ca domains, Privacy Protection is enabled by default with no additional fee if you register the domain as an individual (eg, Canadian citizen/resident). Privacy Protection is not available if you register the domain as a non-individual or organization.
  • For .fr domains, Privacy Protection is enabled by default with no additional fee for individual registrants. It is not available for organization registrants.
  • For .in domains, Privacy Protection is not available.
  • For .uk domains, privacy is included by default by Nominet, the .uk registry. Please see their website for more information.

If you already have a domain registered on WordPress.com and want to add Privacy Protection:

  1. Go to the Domains page.
  2. Click on the domain you wish to edit.
  3. Click on Contacts and Privacy.
  4. Click Privacy Protection.
  5. Finally click Purchase Private Registration, select your payment method, and enter your payment information.

Note: If your domain name expires within the next 6 months, you will also need to renew the domain registration in order to add Privacy Protection.

On the other hand, we understand that there may be reasons why you want to have your information publicly available in WHOIS. If that’s the case, you can choose to forego Privacy Protection.

↑ Table of Contents ↑

How and Why We Use Information

In addition to the purposes stated in our domain registration agreement and Privacy Policy, it’s worth calling out that we use your domain registrant data to verify ownership of a domain. When the information associated with your WordPress.com account differs from the contact information for your domain registration — for example, you can use a different email address in each place — we’ll consider domain registration contact information (AKA the administrative contact in the domain’s WHOIS records) to be the owner of the domain, with full authority to manage the domain.

↑ Table of Contents ↑

How Long We Keep Information

How long we keep the information associated with the domain you currently have registered with WordPress.com depends on your registrar of record:

  • For domains where Automattic or Tucows is the registrar of record: We keep your domain registration data for seven years past the expiration/cancellation of your domain registration.
  • For domains where Wild West Domains is the registrar of record: We keep your domain registration data for two years past the expiration/cancellation of your domain registration.

Not quite what you're looking for?

Get Help