Short answer
Domain privacy renewal cost is whatever the registrar charges for the privacy add-on on every renewal term, after the first-year promo expires. At registrars that include privacy free (Cloudflare, Namecheap, Porkbun, Hover, Dynadot, Gandi), the renewal cost is $0 per year per domain for the life of the domain. At registrars that sell privacy as a paid add-on (GoDaddy, IONOS, Domain.com, Bluehost, HostGator), the renewal cost is roughly $5 to $15 per year per domain, often discounted to $0 in year one as a checkout sweetener. The gap compounds across a portfolio: a 10-domain portfolio over five years costs $0 in privacy at a registrar with free privacy, $250 to $750 at a registrar that charges $5 to $15 per domain per year, and $500 to $1,500 at a registrar that locks privacy into a multi-year prepaid term at first-year-free pricing. Privacy does not automatically transfer with the domain to a new registrar, so the privacy setup has to be re-enabled or re-purchased at the new registrar after every transfer, or the WHOIS record goes public again. The right answer for most buyers is free privacy at a registrar that includes it, or a transfer away from a registrar that charges for it; paid privacy is rarely the right call for the privacy alone.
What domain privacy renewal actually is
Domain privacy renewal is the recurring charge a registrar applies to the WHOIS privacy add-on at the end of each registration term, on top of the domain renewal price itself. The privacy add-on substitutes a forwarding proxy (a generic email like contact@privacy-example.com, a forwarding phone, and a proxy mailing address) for the registrant's real contact data in the public WHOIS record, and the charge is the registrar's mechanism for keeping the proxy running across renewal cycles.
The charge is structurally separate from the domain's renewal price. A .com that costs $12 to renew at a registrar that charges $9.99 per year for privacy has a $21.99 renewal total, not a $12 renewal. The two lines show up on the same invoice but they are billed independently, and the privacy line is the one most buyers do not look at until the year-two invoice arrives.
Three patterns dominate the privacy renewal market:
- Free privacy for life. The registrar includes privacy at no charge for the life of the domain, usually because the registrar prices domains at cost or close to it and treats privacy as table stakes. Cloudflare (at-cost pricing, no markup for privacy), Namecheap (free WhoisGuard bundled for the lifetime of the domain), Porkbun (free WHOIS privacy at registration), Hover (free privacy on most TLDs), Dynadot (free privacy on supported TLDs), and Gandi (included in standard registration) all fit this pattern. The renewal cost for privacy is $0, every year, for the life of the domain.
- First-year-free, paid renewal. The registrar discounts privacy to $0 in year one to make the checkout look cheaper, then charges the full $5 to $15 per year from year two onward. GoDaddy, IONOS, Domain.com, Bluehost, and HostGator all use this pattern. The promo price is the headline number on the checkout page; the renewal price is the small-print footnote in the renewal terms.
- Paid privacy, no promo. The registrar charges the full $5 to $15 per year for privacy from the first year, with no discount. This pattern is less common than the first-year-free pattern, but it shows up at registrars that bundle privacy with a "domain protection" plan that includes additional features (transfer lock, theft protection, monitoring). The renewal cost is the same as the first-year cost, and the bundle is the registrar's mechanism for charging a premium price for privacy.
The three patterns produce very different multi-year costs. A buyer who picks the first-year-free pattern at a registrar that charges $9.99 per year for privacy pays $0 in year one, $9.99 in year two, $9.99 in year three, and so on — the $0 in year one is a one-time discount, not a permanent price. A buyer who picks the free-for-life pattern at Namecheap pays $0 every year, forever. The gap is $9.99 per year per domain, multiplied by the portfolio size and the holding period.
The first-year-free pattern in detail
The first-year-free privacy pattern is structurally identical to the first-year-free domain pattern, applied to the privacy add-on. The mechanism is the same, the trap is the same, and the recovery is the same. The list below is what the pattern looks like in practice.
- The buyer registers a .com at a registrar that offers privacy for $0 in year one and $9.99 per year from year two. The checkout total shows $0.99 domain + $0 privacy = $0.99 for the first year. The buyer confirms the checkout.
- The buyer forgets about the privacy line. The domain renewal is on the buyer's mental calendar; the privacy renewal is not, because the year-one price was $0 and the buyer assumes $0 means $0 forever.
- Twelve months later, the registrar charges the buyer's saved card for the domain renewal ($12.99 for the .com) and the privacy renewal ($9.99 for the privacy). The total is $22.98, not the $0.99 the buyer remembers from the checkout.
- The buyer's finance team flags the $22.98 charge. The buyer opens the registrar's billing page and sees the privacy line item. The buyer had not realized the privacy add-on was on a separate annual billing cycle.
- The buyer disables the privacy add-on to stop the charge, or transfers the domain to a registrar that includes free privacy. The buyer's $22.98 per year per domain spend drops to $12.99 (domain only) at the original registrar or to a lower renewal price at the new registrar.
The trap is structural. The first-year-free privacy pattern is designed to be invisible at checkout and visible at renewal, because the registrar's revenue comes from the renewal, not the first year. The buyer who treats the year-one $0 as a permanent price is the buyer the registrar is targeting. The buyer's job is to read the renewal price on the order form, the checkout page, or the terms of service before confirming the registration, and to budget for the renewal number, not the promo number.
The per-portfolio math: when $9.99 per domain per year becomes a real spend
The privacy line item looks small in isolation. $9.99 per year per domain is a rounding error against the cost of running a website, the cost of the hosting plan, or the cost of the developer's hourly rate. The number that matters is the portfolio total — the same $9.99 multiplied by the number of domains the buyer holds and the number of years the portfolio is held.
The table below shows the privacy-only spend for a buyer who holds a 10-domain portfolio or a 20-domain portfolio, at a registrar that includes free privacy, at a registrar that charges $9.99 per domain per year, and at a registrar that locks privacy into a multi-year prepaid term at first-year-free pricing. Numbers are illustrative; verify the actual privacy price on the registrar's pricing page or renewal terms before registering.
| Portfolio size | Holding period | Privacy cost at free registrar (per domain per year) | Privacy cost at $9.99/yr registrar | Privacy cost at first-year-free, $14.99/yr multi-year lock registrar |
|---|---|---|---|---|
| 1 domain (single hobby site) | 5 years | $0 | $49.95 | $74.95 (year 1 free, $14.99 × 4) |
| 5 domains (small portfolio) | 5 years | $0 | $249.75 | $374.75 |
| 10 domains (medium portfolio) | 5 years | $0 | $499.50 | $749.50 |
| 20 domains (large portfolio) | 5 years | $0 | $999.00 | $1,499.00 |
| 50 domains (agency / reseller) | 5 years | $0 | $2,497.50 | $3,747.50 |
| 1 domain (single hobby site) | 10 years | $0 | $99.90 | $149.90 |
| 10 domains (medium portfolio) | 10 years | $0 | $999.00 | $1,499.00 |
| 20 domains (large portfolio) | 10 years | $0 | $1,998.00 | $2,998.00 |
The table shows the size of the gap. A 10-domain portfolio held for five years costs $0 in privacy at a free registrar, $499.50 at a registrar that charges $9.99 per domain per year, and $749.50 at a registrar that locks privacy into a multi-year prepaid term at first-year-free pricing. A 20-domain portfolio held for ten years costs $0 at a free registrar, $1,998 at a $9.99-per-year registrar, and $2,998 at a first-year-free, multi-year lock registrar. The same domain, the same privacy service, the same coverage, three radically different multi-year costs.
The buyer's job is to model the portfolio total before registering, not after the first renewal. The buyer who holds 10 domains at a registrar that charges $9.99 per year for privacy is paying $99.90 per year for the privacy line alone — enough to cover a year of mid-tier hosting on a different provider, or to fund a registrar transfer to a registrar that includes privacy free. The transfer math usually wins by year two, sometimes by year one.
When paid privacy is bundled with other features: the math changes
The privacy renewal cost stops being a pure privacy line when the registrar bundles privacy into a "domain protection" plan that includes transfer lock, theft protection, expiration monitoring, or two-factor authentication on the registrar account. The bundle is the registrar's mechanism for charging a premium price for privacy by attaching features the buyer may or may not need.
The table below shows the typical bundles at registrars that sell paid privacy, and the per-year cost of each bundle. Numbers are illustrative; verify the actual bundle price and feature list on the registrar's pricing page or product page before adding the bundle at checkout.
| Bundle name (typical) | Annual cost per domain | Privacy included? | Other features typically included | What it actually does for the buyer |
|---|---|---|---|---|
| Basic WHOIS privacy | $5 to $9.99 | Yes | None | Replaces registrant contact in public WHOIS. Nothing else. |
| Domain Privacy + Protection | $9.99 to $14.99 | Yes | Transfer lock, expiration monitoring, email forwarding | Privacy plus passive protection against accidental transfer or expiry. |
| Full Domain Protection | $14.99 to $24.99 | Yes | Transfer lock, theft protection, expiration monitoring, DNS lockdown, security alerts | Privacy plus active monitoring and lock-down features. Premium tier. |
| Business Domain Protection | $24.99 to $49.99 | Yes | All of the above plus legal defense fund, brand monitoring, premium support | Privacy plus insurance-style features. Common at registrars that target SMBs. |
| Free privacy (Namecheap WhoisGuard, Porkbun, Hover, Dynadot, Gandi, Cloudflare) | $0 | Yes | None, or limited transfer lock | Privacy only. Transfer lock and monitoring may be separate free features. |
The table shows the bundle gradient. The cheapest paid bundle is $5 to $9.99 per year for privacy only; the most expensive bundle is $24.99 to $49.99 per year for privacy plus insurance-style features the buyer may never use. The middle bundles ($9.99 to $14.99 per year) add transfer lock and expiration monitoring, which are useful but available separately at free registrars as part of the standard account.
The right answer depends on whether the buyer would otherwise buy the bundled features separately. If the buyer wants transfer lock and expiration monitoring, the bundle is sometimes cheaper than buying them as separate add-ons. If the buyer only wants privacy, the bundle is a $5 to $45 per year per domain premium for features the buyer will not use, and a transfer to a free-privacy registrar is almost always cheaper.
The privacy-that-disappears-on-transfer trap
The most overlooked domain privacy renewal cost is the privacy that disappears when the domain is transferred to a new registrar. Most buyers assume the privacy add-on transfers with the domain, the same way the DNS settings and the contact data transfer. The reality is that privacy add-ons are registrar-specific services, and the new registrar does not inherit the old registrar's privacy subscription.
The list below is what happens to privacy in a typical transfer.
- The buyer registers a .com at Registrar A with paid privacy at $9.99 per year. The buyer's WHOIS record shows Registrar A's privacy proxy.
- The buyer decides to transfer the .com to Registrar B, which includes free privacy for life. The buyer initiates the transfer, pays Registrar B's transfer fee (often free or $0 to $10), and waits for the transfer to complete.
- The transfer completes. The .com is now at Registrar B. Registrar A cancels the paid privacy subscription because the domain is no longer at Registrar A.
- At Registrar B, the privacy setting is either auto-enabled (rare, common only at registrars with a "free privacy for life" default) or default-off (common at registrars that charge for privacy). The buyer's WHOIS record goes from private to public in the window between Registrar A cancelling privacy and Registrar B re-enabling it.
- The buyer has to log into Registrar B, find the privacy setting, and manually enable it. Some registrars require a paid add-on to enable privacy; others include it free and just need to be toggled on.
- If the buyer forgets to re-enable privacy, the WHOIS record stays public until the buyer notices. The buyer may not notice for weeks or months, and the WHOIS data is harvested by spam lists the entire time.
The trap is structural. The buyer who transferred the domain to "save on privacy" may end up with the privacy disabled for a window after the transfer, and the buyer who forgets to re-enable privacy at the new registrar is back to paying for privacy (or not, but with public WHOIS data). The buyer's job is to check the privacy setting at the new registrar within 24 to 48 hours of the transfer completing, and to enable it manually if the new registrar does not auto-enable it.
GDPR redaction vs paid privacy: which one does the work
GDPR redaction and paid privacy are not the same thing, and the buyer who pays for both is usually paying for redundancy. The list below is what each does and does not do, and when one is enough.
- GDPR redaction (free). Most ICANN-accredited registrars redact personal contact fields for natural persons (individual registrants) in the public WHOIS to comply with GDPR. The redaction is automatic, free, and applies to most EU/UK individual registrants on most TLDs. The redaction covers the registrant's full name, personal email, personal phone, and personal residential address.
- Paid privacy ($5 to $15 per year per domain). Paid privacy replaces the registrant's contact data with a forwarding proxy regardless of the registrant's residency or entity type. The proxy applies to natural persons and legal entities (companies, LLCs), and to TLDs where GDPR redaction does not apply (some ccTLDs, some restricted TLDs).
The two cover overlapping ground. For an EU/UK individual registrant on a .com, GDPR redaction does most of the work that paid privacy would do, and the paid privacy is redundant. For a US or Canadian individual on a .com, GDPR redaction may or may not apply (depends on the registrar's policy), and paid privacy is more important. For a company or LLC, GDPR redaction usually does not apply, and paid privacy is the only way to keep the company name and address out of public WHOIS.
The right answer for most individual EU/UK buyers is to skip paid privacy entirely and rely on GDPR redaction. The right answer for most US/Canadian buyers is to pick a registrar with free privacy (Cloudflare, Namecheap, Porkbun, Hover, Dynadot) rather than paying $9.99 per year at a registrar that sells it. The right answer for company or LLC registrants is paid privacy at a registrar that includes it (or a transfer to one) because GDPR redaction does not apply.
ccTLD exceptions: when privacy is not available at any price
Some country-code TLDs (ccTLDs) do not allow privacy or proxy data in the public WHOIS, regardless of what the registrar charges. The list below is the most common ccTLDs where privacy is structurally unavailable, and the workarounds the buyer has if the buyer wants to keep contact data redacted.
- .us (United States). The .us registry requires accurate registrant contact data in the public WHOIS. Privacy is not available on .us domains at most US registrars. The workaround is to register the .us through a registrar that offers a proxy service (some do, some do not), or to use a business address and a dedicated email that the buyer is willing to expose.
- .uk (United Kingdom). The .uk registry published accurate registrant data until 2014 and changed policy after GDPR. As of 2026, most .uk domains show Nominet's redacted record for individual registrants, but the underlying data is still held by the registrar and is subject to disclosure on legal request. Paid privacy is not commonly offered for .uk, but GDPR redaction does most of the work.
- .ca (Canada). The .ca registry shows accurate registrant data in the public WHOIS for legal entities (companies, sole proprietorships, partnerships). Individual registrants can opt into the "WHOIS Privacy" service through CIRA (Canadian Internet Registration Authority), which redacts the registrant's name and address but leaves the province and country visible.
- .eu (European Union). GDPR redaction applies to .eu for natural persons. Legal entities must publish their full name. Privacy is not commonly offered for .eu at the registrar level; GDPR is the de facto privacy mechanism.
- .de (Germany), .fr (France), .nl (Netherlands), .it (Italy). GDPR redaction applies to natural persons in most EU ccTLDs. Legal entities usually publish full contact data. Paid privacy at the registrar level is uncommon for EU ccTLDs because GDPR does the work for individual registrants.
- .io (British Indian Ocean Territory), .ai (Anguilla), .co (Colombia). These TLDs are technically ccTLDs but are marketed as generic TLDs. Privacy is available at most registrars that support the TLD, often free (Porkbun, Namecheap) and sometimes paid (GoDaddy, IONOS). The privacy behavior matches the registrar, not the TLD's home country.
- .jp (Japan), .cn (China), .in (India), .br (Brazil). These ccTLDs have stricter local presence or data publication requirements. Privacy is either unavailable or limited, and the buyer should verify the current policy with the registrar before registering.
The ccTLD exceptions matter because the buyer who registers a .com and a .us at the same registrar may find that the .us has no privacy option, regardless of what the registrar charges. The .us WHOIS will publish the buyer's contact data whether the buyer paid for privacy or not. The buyer's job is to check the TLD-specific privacy policy before registering, not after, because the privacy add-on may be technically unavailable on the TLD the buyer actually wants.
The 5-year cost curve for a single .com at three registrar types
The clearest way to see the privacy renewal cost gap is to model a single .com over five years at three representative registrars: a registrar with free privacy, a registrar with $9.99-per-year privacy, and a registrar with first-year-free, $14.99-per-year multi-year lock privacy. The model below uses a .com at $12.99 per year for the domain itself and the three privacy structures; the privacy line is the only variable.
| Year | Domain renewal at $12.99/yr | Free privacy registrar (Namecheap) — privacy cost | $9.99/yr privacy registrar (GoDaddy-style) — privacy cost | First-year-free, $14.99/yr multi-year registrar — privacy cost |
|---|---|---|---|---|
| Year 1 (registration) | $0.99 to $12.99 (promo) | $0 | $0 (first-year free) | $0 (first-year free) |
| Year 2 | $12.99 | $0 | $9.99 | $14.99 |
| Year 3 | $12.99 | $0 | $9.99 | $14.99 |
| Year 4 | $12.99 | $0 | $9.99 | $14.99 |
| Year 5 | $12.99 | $0 | $9.99 | $14.99 |
| 5-year privacy total | N/A | $0 | $49.95 | $74.95 |
| 5-year domain + privacy total | ~$52 to $64 | ~$52 to $64 | ~$102 to $114 | ~$127 to $139 |
The table shows the privacy renewal cost on a single .com over five years is $0 at a free-privacy registrar, $49.95 at a $9.99-per-year registrar, and $74.95 at a first-year-free, $14.99-per-year multi-year lock registrar. The same domain, the same privacy service, three different multi-year costs — and the difference is the registrar's pricing policy, not the buyer's choice to add or skip privacy.
Multiply by the portfolio size and the gap scales linearly. A 10-domain portfolio at the same three registrars costs $0, $499.50, or $749.50 over five years in privacy alone. A 50-domain portfolio costs $0, $2,497.50, or $3,747.50. The privacy line is not a rounding error at portfolio scale; it is a real spend that the registrar's pricing structure determines, not the buyer's need for privacy.
Disabling paid privacy vs transferring to a free-privacy registrar
The buyer who is paying for privacy at a registrar that charges $9.99 per year has two paths: disable the privacy add-on (and accept public WHOIS) or transfer the domain to a registrar that includes free privacy. The list below is the trade-off between the two paths.
- Disabling privacy at the current registrar. The buyer turns off the privacy add-on at the current registrar and saves $9.99 per year per domain. The trade-off is that the buyer's WHOIS record goes public, with the buyer's real name, email, phone, and address visible to anyone who runs a WHOIS lookup. The buyer accepts the spam, the cold calls, the physical-mail scams, and the social-engineering exposure in exchange for the $9.99 savings per domain.
- Transferring to a registrar with free privacy. The buyer transfers the domain to a registrar that includes free privacy (Cloudflare, Namecheap, Porkbun, Hover, Dynadot, Gandi) and pays a transfer fee (often $0 to $10, sometimes a year added to the registration term). The buyer keeps the WHOIS record private, pays $0 per year for privacy going forward, and recovers the $9.99-per-year savings starting in year one at the new registrar. The trade-off is the transfer friction (60-day transfer lock after registration or last transfer, WHOIS verification email, transfer authorization code) and the small risk of a botched transfer.
The right answer depends on the value the buyer places on privacy and the size of the portfolio. For a single hobby domain, disabling privacy and accepting the spam is sometimes the right call. For a 10-domain or 20-domain portfolio, the math almost always favors transferring, because the $9.99-per-year savings recover the transfer friction in the first year and produce real savings every year after that. The transfer is also the right call for the buyer who values privacy but does not want to pay for it.
Privacy renewal cost at the most common registrars (typical ranges)
The table below shows the typical privacy renewal cost at the most common registrars, drawn from publicly available pricing pages and renewal terms as of mid-2026. Numbers and policies change; verify the current privacy price on the registrar's site before registering or transferring. The pattern is stable even when the numbers move a dollar or two.
| Registrar | Privacy cost in year 1 | Privacy renewal cost from year 2 (per domain per year) | Privacy transfers with domain? | Notes |
|---|---|---|---|---|
| Cloudflare Registrar | $0 | $0 | N/A (Cloudflare does not transfer in domains from most other registrars as of mid-2026) | At-cost pricing on the domain itself; privacy is included automatically. |
| Namecheap | $0 | $0 | WhoisGuard subscription is per-domain and is cancelled at transfer | WhoisGuard free for the lifetime of the domain at Namecheap; new WhoisGuard is required at the new registrar. |
| Porkbun | $0 | $0 | Privacy subscription is per-domain and is cancelled at transfer | Free privacy included at registration; new privacy at the new registrar required. |
| Hover | $0 | $0 | Privacy is per-domain at Hover; cancelled at transfer | Free privacy on most TLDs; new registrar privacy applies after transfer. |
| Dynadot | $0 | $0 | Privacy is per-domain at Dynadot; cancelled at transfer | Free privacy on supported TLDs; new registrar privacy applies after transfer. |
| Gandi | $0 (included in standard registration for individuals) | $0 | Whois proxy is per-domain; cancelled at transfer | Free for natural persons; legal entities may pay a small fee. |
| GoDaddy | $0 (first term free on most TLDs) | $5.99 to $9.99 per year per domain (varies by TLD and term) | Domain Privacy subscription is per-domain; cancelled at transfer | First-year-free pattern; renewal is the real number. Bundles with "Full Domain Protection" add theft and transfer features. |
| IONOS | $0 (first year free) | $6 to $10 per year per domain | WHOIS privacy plus is per-domain; cancelled at transfer | First-year-free pattern; renewal is the real number. |
| Domain.com / Network Solutions | $0 (first term free on some TLDs) | $5 to $15 per year per domain | Privacy subscription is per-domain; cancelled at transfer | Bundled with "Domain Privacy + Protection" plan; renewal is the real number. |
| Bluehost / HostGator / bundled hosts | $0 (first term free with hosting bundle) | $9.99 to $14.99 per year per domain | Privacy subscription is per-domain; cancelled at transfer | Bundled with "Domain Protection" plan; pre-checked at hosting checkout; renewal is the real number. |
The table shows the privacy renewal cost ranges from $0 to $14.99 per domain per year, with the registrars that include free privacy at the top and the registrars that sell privacy as a paid add-on at the bottom. The gap is the registrar's pricing policy, not the underlying cost of providing the service. The buyer's job is to pick a registrar from the top of the table for new registrations, and to evaluate the transfer math for any domain currently at a registrar from the bottom of the table.
The answer box
Domain privacy renewal cost is $0 per year at registrars that include privacy free for the life of the domain (Cloudflare, Namecheap, Porkbun, Hover, Dynadot, Gandi) and $5 to $15 per year per domain at registrars that sell privacy as a paid add-on (GoDaddy, IONOS, Domain.com, Bluehost, HostGator). The most common pattern is first-year-free privacy that auto-renews at the full price from year two onward — the same shape as the domain's first-year promo, applied to the privacy add-on. On a 10-domain portfolio over five years, the privacy-only spend is $0 at a free registrar, $499.50 at a $9.99-per-year registrar, and $749.50 at a first-year-free, $14.99-per-year multi-year lock registrar. Privacy does not automatically transfer with the domain to a new registrar, so the buyer has to re-enable or re-purchase privacy manually at the new registrar after every transfer, or the WHOIS record goes public in the window between the old registrar cancelling privacy and the new registrar re-enabling it. Paid privacy is rarely the right call for the privacy alone — most "domain protection" plans bundle privacy with transfer lock, theft protection, and email features that are either unnecessary or available separately at free-privacy registrars.
Buyer checklist: domain privacy renewal cost
- Write down the privacy renewal cost at the current registrar, per year per domain, before deciding to keep the registration or transfer the domain to a different registrar.
- Check whether the current registrar includes free privacy for life on the buyer's TLD. If yes, the renewal cost is $0 and there is no privacy line to budget for; if no, the renewal cost is the renewal number on the registrar's pricing page, not the year-one promo number.
- Multiply the per-domain privacy renewal cost by the number of domains in the portfolio. A 10-domain portfolio at $9.99 per domain per year is $99.90 per year in privacy alone, recurring every renewal term.
- Identify whether privacy is bundled into a "domain protection" plan that includes other features (transfer lock, theft protection, expiration monitoring). If the buyer would not buy the bundled features separately, the bundle is a premium for privacy and a transfer is usually cheaper.
- Check the TLD-specific privacy policy. Some ccTLDs (.us, .jp, .cn, .in, .br) do not allow privacy at any price, and the buyer's contact data will be published regardless of what the registrar charges.
- For EU/UK individual registrants, confirm whether GDPR redaction is already doing the work that paid privacy would do. If yes, paid privacy is usually redundant; the buyer is paying for coverage they already have.
- Plan the transfer-to-free-privacy math. A single .com at a $9.99-per-year registrar recovers the transfer fee in the first year at a free-privacy registrar, and the savings recur every year for the life of the domain.
- Re-enable privacy at the new registrar within 24 to 48 hours of completing a domain transfer. Privacy does not auto-transfer with the domain, and the WHOIS record can go public in the window between the old registrar cancelling privacy and the new registrar re-enabling it.
Affiliate disclosure: PriceGap is an independent buyer-education site. This article contains no advertiser checkout links, does not claim a current sponsor relationship with any registrar, and does not quote fixed live privacy prices or renewal terms for any specific plan. Privacy pricing, renewal terms, first-year-free promo structures, multi-year lock features, TLD-specific privacy availability, and GDPR redaction policies change frequently and vary by TLD, registrar, and registrant type; verify current pricing page terms, renewal terms, transfer policies, and your own portfolio composition directly with the registrar before registering, transferring, or projecting 5-year cost.