Details for Specific Products and Services
Domains and Related Services
Domain Whois Contact Information: We are required by ICANN and the Registries who issue domains to collect, process and retain certain personally identifiable information. This information is required to be kept current and may be accessible for you to review and update through your customer Account Panel. Customers are required to provide this information and agree to keep it current and allow it to be retained for a predefined period of time. This information may be shared with ICANN, registries, registry operators and/or data escrow agents.
ICANN requires that registrars must collect and retain the mandated Whois information, whether or not protected by a privacy service, for two (2) years after the domain expires and/or you are no longer the registrant. (Please note that other ccTLD registries may have a longer required retention period. You will need to confirm their retention policies.) These guidelines are considered contractually required and approved upon purchasing a domain.
Domains not governed by ICANN, such as ccTLDs, have individual data collection guidelines explained in their domain agreements. These may include the collection and retention of IP addresses and notices sent to you, among other things. Namecheap requires, when purchasing domains from us, that Whois standards as set by ICANN be collected for all domains. Thus, even for ccTLDs, you will be asked to provide the standardized Whois information. Collection of the unique registry information and the standardized Whois information is considered contractually required by you from the individual registries and/or Namecheap. Also note that certain ccTLDs mandate the public disclosure of registrant data. If you are an EEA resident and eligible to register such a domain, by registering the domain, you explicitly agree to the publication of your personal information. We recommend that you review ccTLD agreements purchasing one of these domains to review their contractual guidelines on data collected, processed, publicized and retained.
Changes due to GDPR. Due to the GDPR, ICANN has implemented a Temporary Specification that limits the information made available to the public, at least in the EEA. However, the model also proposes broader access to groups of individuals that may or may not have to substantiate a legal basis for each request. This means that a privacy service such as Withheld for Privacy is both relevant and still very necessary to protect you from unwanted and/or unknown disclosure.
Namecheap strongly believes in privacy, security, freedom and the equal treatment for all internet users. And we believe that your information should be protected both now and under the new model being considered. This is why we are providing all our customers with free privacy protection for life.
Namecheap has partnered with Withheld For Privacy to offer our customers privacy protection for all domains (unless specifically precluded by the registry.) You can find more details on this privacy service by visiting the Domain Privacy page.
Withheld For Privacy. Withheld For Privacy is an Iceland-based privacy service that allows you to protect your identity. Namecheap selected Withheld for Privacy as a partner because its consumer focused privacy-by-design principles match our standards for your privacy protection. Unlike other domain privacy services, Withheld For Privacy does not need nor does it receive your personal information. It protects your identity by providing you with anonymization services.
DNS. No personally identifiable information is collected or shared with our DNS third party provider for any of our DNS products.
Hosting and Related Services
Hosting. When you host with Namecheap, we interact with your data in two ways. First, we obtain certain data in order to allow you to use our hosting services and to provide ongoing support. This data includes things like your password, DNS zones and account activity so that we can help you with any issues related to your site. Due to the nature of hosting, log files may also collect IPs of those who visit your site without additional identifying information. Second, we store information related to your website, such as website content, SSL files, your email logs (if you have email integrated into your site), related databases, full account backups and anything else that you host on your site.
In both cases, you operate as the Controller and we operate as the Processor and our relationship is governed by our Data Processing Addendum. Where your site is collecting personally identifiable information, such as customer information or contact lists, it is your responsibility to ensure you are compliant with privacy laws such as GDPR and that you are obtaining required permissions.
Third Party Hosting Products. We offer several third party hosting products to help you manage your website. They include Cloudflare products, CodeGuard, Attracta and Softaculous. We only share data with these companies when you initiate a specific request with us.
Namecheap is proud to offer our customers the following excellent Services through our Apps Marketplace. Below you will find data and privacy details on Services that are globally available. Services that are North American based only are not listed.
|Product ||Data Collected by Namecheap ||Data Tracking by Namecheap ||Data Shared ||Data Controller / Processor Notes |
|Ghost ||No additional data collected. ||None. ||None. || |
|EasyWP ||No additional data collected. ||EasyWP uses Hotjar to track anonymized data. For details, including opt-out instructions see paragraph “Hotjar” below. ||None. || |
|Private Email* ||None. ||None. ||None. || |
|SSL ||Collection depends on type of certificate purchased. Basic certification collects personal email; all others collect and validate business information. ||None. ||Minimal SSL details are collected and sent to Sectigo. ||For SSLs, Sectigo operates as a Controller jointly with you. Namecheap is a Data Processor. See Data Handling Amendments to the SSL ToS. |
|Google Workspace / RelateLegal / Strikingly / Weebly ||None. ||None. ||None. ||For each of these products, the third party provider is the Data Controller and is wholly independent from Namecheap. Please review their data and privacy guidelines. |
|Business Card Maker ||Collection depends on user input for creating a business card. May include Personal Name. Personal or business address, email, phone number and social media account names for the purpose of creating the card. And Personal name and shipping address for purposes of delivery ||None. ||Data is shared with GDPR compliant subcontracted who are local printers || |
For Relate, please see the notes below for an explanation on what type of personal information may be collected, or not, and the relevant roles.
No additional data collected.
||None ||None || |
|Sitelock ||None ||None ||
Customer Name |
|Customer, as controller, is the party instructing Namecheap to process/share this information with Sectigo for the purposes of this product. Sectigo is a wholly separate entity. As between Customer and Sectigo, please visit https://www.sitelock.com/privacy-policy/ |
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
PrivateEmail: Linking your Google Email Account. When you link your Google email to your PrivateEmail account, Google will send and sync your contacts and calendar information to be stored within your PrivateEmail account. All other Google email account information, such as Google emails, are simply accessible through a special interface and reside with Google. When you link your Google Email Account to your PrivateEmail account, you are instructing us to access and process your data.
**Relate: Relate is a content distribution tool, controlled by you, that distributes across your designated social media accounts. We may involve processors to help do that and when we do, this is the information we share, which may or may not be personal information, depending upon whether it’s for a business or being used personally. In the course of that, you will direct them as a controller, as to which accounts you want them to distribute content. And, to do that, the product may need and require social media login profiles related solely to the account to which you want to distribute.