When new domains are registered, the registration details are publicly searchable if WHOIS privacy is not aded at registration. We do add the privacy service at registration for all extensions for which the registries support it. You can see which extensions can use WHOIS privacy here.
Even with a privacy service in place, per ICANN policy registrants must be contactable at all times, so privacy services have a unique email address for each registration that will forward to the registrant.
This does help with security, however, sometimes unsolicited messages can get through, too. If there is no WHOIS privacy service in place, the domain's registrant details are publicly accessible and anyone can contact you.
We do not sell or otherwise provide customer information to anyone.
The most common unsolicited offers are for website design/development services, or for search engine submission/SEO services. Usually these offers come via email, but occasionally by phone as well.
Note that you do not need to submit your website to search engines, or pay anyone to do so, and many website services and platforms take care of SEO and related functions for you.
Note that if you are interested in buying/selling domains, for example, having WHOIS privacy in place will make it very difficult for any interested parties to get in touch with you. We also recommend against companies using WHOIS privacy in many cases, since you want to be contactable, and having identifying details available lends legitimacy to your web presence.
If you registered your domain name before February 2017 and your TLD supports WHOIS privacy, you can add it manually in your domains dashboard by clicking enable privacy on the domain's page.
We also have a longer article on WHOIS privacy and registants' contact information here if you'd like to learn more.