Every domain on the internet is recorded in a public database called WHOIS. By default, that record contains the full name, postal address, phone number, and email address of whoever registered it. WHOIS privacy — sometimes branded as "domain privacy" or "private registration" — replaces those personal details with proxy contact information provided by your registrar. The domain still resolves and works exactly the same; only the public record changes.
Why ICANN requires WHOIS records in the first place
The WHOIS system was designed in the 1980s, when the internet was tiny and operated mostly by researchers who wanted to be reachable. ICANN, the body that governs top-level domains, still requires registrars to collect accurate contact details for every registration and to make them available in some form. The original intent — accountability for whoever owns a piece of internet real estate — is still defensible. The unintended consequence was a free, machine-readable database of personal contact information for hundreds of millions of people.
What WHOIS privacy actually hides
When privacy is enabled, the public WHOIS lookup shows the privacy provider's address and a forwarding email instead of yours. Legitimate inquiries (legal notices, abuse reports, transfer requests) are forwarded to your real email; everything else is filtered. Your real contact details are still held by the registrar — they have to be, by ICANN policy — but no third party can pull them with a simple lookup.
Who you are protecting yourself from
Three groups, in order of likelihood. First, spam: WHOIS scraping is the largest single source of domain-related email spam and cold outreach. Within hours of registering a domain you will start receiving "your domain is about to expire" scam emails and SEO pitches, often forever. Second, doxxing: an angry customer, a stalker, or a competitor can pull your home address from WHOIS in five seconds. Third, identity fraud: a name plus address plus phone number plus email is a starter kit for impersonation.
When you might not want WHOIS privacy
Trademark holders sometimes prefer a public WHOIS record to make enforcement easier. Government agencies and certain regulated industries (notably banking and pharmaceuticals in some jurisdictions) are required to publish real contact details. A small number of TLDs — .us, .uk, and a few others — explicitly do not allow privacy at the registry level; you must publish real contact info to register them at all.
GDPR has changed the rules in Europe
Since 2018, the EU's General Data Protection Regulation has forced ICANN to redact most personal data in WHOIS records for European registrants by default, even without paying for privacy. The public record for an EU-resident domain now typically shows only the country and a redacted contact email. Outside the EU, WHOIS privacy is still an opt-in feature you have to enable.
How OneClick handles WHOIS privacy
WHOIS privacy is free, on by default, for every domain we sell where the TLD allows it. We do not upsell it, downgrade it on lower plans, or quietly remove it at renewal. The handful of TLDs that disallow privacy at the registry level (notably .us, .uk and a few ccTLDs) display a clear notice during checkout so you can decide whether to register them under your own name or pick a different ending.
What to do if your details are already public
Open your registrar's dashboard and enable privacy on every domain you own. The new WHOIS record propagates within a few hours. Your old details may still be cached on third-party WHOIS history sites for months or years — most of those sites offer a redaction request form, but none of them are obliged to honour it. The realistic expectation is that anyone determined enough can dig your old record out of an archive. WHOIS privacy stops casual scraping, which is 99% of the problem.