The moment you register a domain, your name, phone number, and email address go public. Anyone can search WHOIS records and find your contact details in seconds.
That exposure invites spam calls, phishing emails, and scrapers building profiles for identity theft. Most registrants only notice the problem after the calls start.
WHOIS privacy hides that data behind a proxy service instead of your real details.
This guide shows which South African domains get WHOIS privacy for free, which charge for it, and how to check right now.
What WHOIS Privacy Actually Hides

WHOIS privacy does not hide your entire domain record. It replaces personal fields with proxy information while leaving technical fields visible. Here is what changes.
Before privacy protection:
Registrant Name: John Dlamini
Email: [email protected]
Phone: +27 82 555 1234
Address: 12 Main Road, Cape Town
After privacy protection:
Registrant Name: Privacy Protect LLC
Email: [email protected]
Phone: Redacted for Privacy
Address: Redacted for Privacy
Fields that stay visible either way include the registrar name, the domain status, the expiry date, and the nameservers.
These fields tell anyone who manages the domain and where it points, without exposing who you are as a person.
Keep this in mind before you assume privacy hides everything about your registration.
Is WHOIS Privacy Free on Every South African Domain Registrar?
The short answer is no, and this is where most registrants get confused. Coverage depends heavily on which extension you register.
International extensions like .com, .net, and .org usually include free privacy at most South African registrars.
Domain-only registrars built around ICANN policy tend to bundle this protection at no extra cost.
Truehost offers WHOIS privacy on domains, which you can include with your purchase before checkout.
Why .co.za Works Differently From International Domains
The .co.za extension sits under the .za namespace, managed by the ZA Central Registry, known as ZACR.
ZACR does not run the same privacy framework that ICANN enforces for gTLDs like .com. As a result, the .co.za domain does not support Whois.com’s Privacy Protection feature.
Since September 2019, ZACR redacts certain WHOIS fields by default across the .za space.
Fields marked for redaction show up as “REDACTED FOR PRIVACY PROTECTION” instead of your real name or email.
That default redaction is not the same as choosing a dedicated privacy proxy. It exists mainly for compliance with data protection law, not as a full privacy product you control.
This usually includes a forwarding email address for messages sent to the proxy. Treat default redaction as a baseline, not a replacement for active privacy protection.
POPIA and Your Domain Registration Data
The Protection of Personal Information Act, known as POPIA, governs how South African businesses handle personal data. This includes the data your registrar collects when you buy a domain.
POPIA places obligations on the registrar, not directly on you as the registrant. Your registrar must store, process, and secure your name, email, and phone number responsibly under the law.
That obligation covers internal handling of your data. It does not stop your details from appearing on a public WHOIS lookup that anyone can run.
This is the gap most articles skip over. POPIA compliance protects how your registrar stores your information internally. It does nothing to stop public WHOIS exposure unless privacy protection is active on your domain.
If you want your contact details fully hidden from public search, POPIA compliance alone will not do that. You still need to activate WHOIS privacy on the domain itself.
How to Activate WHOIS Privacy on Your Domain

The steps differ slightly for a new domain versus adding privacy to one you already own.
For a new domain registration:
- Add WHOIS privacy during checkout. Truehost offers it as an add-on
- Confirm the proxy details are active by running a WHOIS lookup right after registration
- Privacy typically reflects on public WHOIS servers immediately for new domains
For an existing domain:
- Log in to your registrar account and locate the domain privacy setting
- Enable privacy protection from the domain management panel
- Expect a delay of up to five days before public WHOIS servers show the change
That five-day window applies to registry policy and applies across most South African registrars equally. During this period, your real details may still show up if someone runs a lookup.
Once privacy activates, your public email address changes to a proxy format, something like [email protected]. Messages sent to that address are forwarded to your real inbox after filtering.
Keep an eye on that forwarded inbox after activation. Some legitimate registrar or ICANN notices route through the proxy address first.
What Happens If You Skip WHOIS Privacy
Leaving your details public carries real consequences, and they tend to show up sooner than most people expect. Automated scrapers pull fresh WHOIS records within days of a new registration.
Spam volume rises quickly once your email sits in a public database. Cold calls from web developers and marketing agencies often follow within weeks of registering a new domain.
Phishing attempts are a bigger risk. Scammers sometimes impersonate your registrar, referencing your real domain and expiry date to make a fake renewal email look convincing.
Some registrants choose to stay public on purpose, and there are valid reasons for that. A registered business that wants transparent, verifiable ownership may prefer visible contact details.
If you fall into that group, use a dedicated business email and phone line for WHOIS records. This limits exposure without hiding ownership.
Frequently Asked Questions
Is WHOIS privacy really free in South Africa?
It depends on the registrar. International domains like .com can get paid WHOIS privacy on Truehost, while .co.za gets the standard ZACR privacy reduction.
Does .co.za support WHOIS privacy protection?
Yes, but not by default in the same way international domains do. ZACR redacts some fields automatically, though full proxy privacy usually requires a paid feature from your registrar.
What personal information does WHOIS expose when you register a domain?
Without privacy protection, WHOIS can expose your name, email address, phone number, and physical address. Technical fields like nameservers and registrar names stay visible regardless.
Is domain privacy required under POPIA?
No, POPIA governs how your registrar stores and processes your data internally. It does not require public WHOIS masking, so privacy protection is still something you must activate yourself.
How long does it take for WHOIS privacy to activate or deactivate?
New registrations usually reflect privacy immediately on public WHOIS servers. Changes to an existing domain typically take up to five days to appear, both when enabling and disabling the feature.
Get Free WHOIS Privacy Protection
WHOIS privacy is a small setting with a real effect on your inbox and your safety. Knowing which extensions include it for free saves you from paying twice for the same protection.
Your South African domain needs extra attention, since default redaction does not provide full privacy protection.
Truehost South Africa includes free WHOIS privacy on eligible domains, excluding .co.za, with no hidden fees added later.
Register your domain, turn on privacy protection, and run a WHOIS lookup to confirm it worked.
Web Hosting
Windows HostingBuilt for Windows apps and websites – stability, speed and flexibility
Reseller HostingLaunch a hosting business without technical skills or expensive infrastructure
Affiliate ProgramRefer customers and earn commissions from sales across our platform
Domain SearchFind and secure a domain name in seconds with our quick lookup tool
CO ZA Domains
All DomainsExplore domain names from over 324 TLDs globally – all in one place
Free Whois Lookup Tool South Africa
VPS
SSLs