Knowledge BaseNewsSupport
DreamHost
Back to Legal Overview

Nonpublic Registration Data Requests

Last Updated:

July 10, 2025

Requesting Access to Nonpublic Domain Registration Data

DreamHost is committed to balancing privacy obligations with lawful access. We process requests for nonpublic domain registration data in accordance with ICANN’s Registration Data Policy (RDP) and applicable data protection laws. Access to redacted registration data is restricted to protect registrant privacy, but may be granted in limited circumstances where a legitimate interest and legal basis are demonstrated.

Before You Request Access

Before submitting a request for nonpublic data, you must first exhaust all applicable less intrusive alternatives:

  • Registrant Contact: Attempt to contact the registrant using the anonymized email address or web contact form provided in the domain’s WHOIS or RDAP output. DreamHost may, in its sole discretion, also forward a single request for contact to the owner of an account under which a domain name is registered.
  • Abuse Reporting: If your inquiry involves domain abuse, such as phishing, spam, malware, or alleged intellectual property infringement, submit an abuse report to our designated Abuse Team.
  • Dispute Resolution: For domain name disputes involving intellectual property, follow ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP).
  • Legal Process: For law enforcement, or other legal orders or requests directed to DreamHost, serve a valid subpoena, warrant, or court order.

Who May Request Access

DreamHost will only consider requests submitted by individuals or entities who can demonstrate a legitimate interest and legal basis, this may include:

  • Law enforcement or regulatory agencies;
  • Legal representatives pursuing actionable claims; or
  • Other parties with documented and verifiable lawful authority and purpose.

How to Submit a Request

Requests must be submitted via email to:

RDRS@DreamHost.com

Your request must include the following:

  • Full legal name and organization (if applicable)
  • Contact details (email address, phone number, and postal address)
  • Domain name(s) associated with the request
  • Specific data requested (e.g., registrant name or email address)
  • Purpose and legal basis (e.g., GDPR Article 6(1)(f), regulatory inquiry, pending litigation, etc)
  • Nature of the request (e.g., the domain name is infringing third party rights, contents or services offered infringe third party rights or statutory law, DNS security issues, etc.)
  • Summary of prior contact attempts and outcomes
  • Data handling and retention policies consistent with applicable privacy laws
  • Supporting documentation (e.g., legal filings, UDRP complaint number, abuse report reference)

Requests that are incomplete, unsupported, or do not demonstrate necessity may be delayed or denied at DreamHost’s sole discretion.

Review and Disclosure Process

Your request will be reviewed by our Compliance Team to assess legal sufficiency and necessity. If additional information is required, we will contact you for clarification.

DreamHost will only consider requests that involve currently registered, complete, and specifically identified domain names. We do not provide historical or archival registration data, partial or wildcard domain name matches, or data based on domain name searches or patterns.

As part of our identity verification process, we may request a copy of a government-issued photo ID as well as any other identification documents deemed necessary. This information will be used solely to verify your identity in connection with the disclosure request. It will be securely stored, accessible only to authorized personnel, and deleted promptly upon closure of the request. It will not be used or retained for any other purpose.

DreamHost may notify the registrant that a request for nonpublic registration data has been submitted.

If your request is approved, we will disclose only the minimum data necessary to fulfill your stated purpose. This may include the registrant, administrative, or technical contact’s name, organization (if applicable), and/or email address. No additional information will be provided.

All requests and disclosures are logged, and may be audited in accordance with our privacy, legal, and compliance obligations.

We aim to respond within 30 calendar days, though more complex cases may take longer.

All determinations are final and not subject to appeal.

Use and Retention of Disclosed Data

Any data disclosed through this process:

  • Must be used only for the approved and stated purpose;
  • Must be stored securely and handled in compliance with applicable data protection laws; and
  • Must be deleted once no longer required, and no later than 30 days after receipt, unless otherwise required by law.

Before disclosure, DreamHost will issue a Data Use Agreement, which must be reviewed, signed, and returned. Disclosure will not proceed without an executed agreement.

Misuse of disclosed data may result in denial of future requests and notification to ICANN, regulatory authorities, and/or law enforcement.

Denials and Further Action

A request may be denied for reasons including, but not limited to:

  • Lack of demonstrated legal or legitimate interest, as determined at DreamHost’s sole discretion;
  • Failure to exhaust alternative contact methods;
  • Incomplete or inaccurate information; or
  • Overly broad or unjustified scope of the request.

At this time, no appeal mechanism is available in the case of a denial of access. You may re-submit your request with corrected or additional documentation, or pursue lawful access through appropriate legal channels, if available.