Overview
At Dictionary, information sharing is governed by strict internal controls, industry-standard encryption, and transparent data lifecycle management. Whether you are an end-user, enterprise customer, API developer, or third-party partner, this page details how your data is collected, processed, shared, and protected.
We do not sell user data. Information is shared only when necessary to deliver requested services, maintain system integrity, comply with legal obligations, or with explicit user consent.
Core Principles
Data Minimization
We collect and share only the minimum data required to fulfill a specific, legitimate purpose.
Transparency
All data processing activities are documented, auditable, and clearly communicated to users.
Explicit Consent
Sharing beyond core functionality requires opt-in consent with clear, granular controls.
Global Compliance
We adhere to GDPR, CCPA, LGPD, and other regional data protection regulations.
Security & Compliance Standards
All data in transit and at rest is protected using industry-leading encryption and access controls:
- Encryption: AES-256 for data at rest, TLS 1.3 for data in transit.
- Access Control: Role-based access control (RBAC) with multi-factor authentication (MFA) enforcement.
- Auditing: Continuous SOC 2 Type II compliance, annual third-party penetration testing.
- Data Residency: Users can select data processing regions (US, EU, APAC) to meet regional compliance requirements.
Dictionary maintains a public security status page and publishes transparency reports quarterly.
Partner & Developer Guidelines
Third-party developers and enterprise partners accessing Dictionary's API or shared data pipelines must adhere to the following:
- Register via the Developer Portal to obtain API credentials.
- Implement OAuth 2.0 or API key authentication with rotating tokens.
- Sign a Data Processing Agreement (DPA) outlining acceptable use and breach notification timelines.
- Rate limiting applies (default: 1,000 requests/min). Enterprise tiers offer negotiated limits.
- Prohibited uses include data resale, model training without explicit consent, or scraping of protected content.
Full technical specifications, sandbox environments, and compliance documentation are available in the Developer Documentation.
Frequently Asked Questions
No. Dictionary does not sell, trade, or license individual user search queries, browsing history, or personal identifiers to advertisers or third-party data brokers. We operate on a freemium subscription model.
Users can export all personal data (search history, saved words, API keys) in JSON/CSV format via Account Settings β Data Privacy. Deletion requests are processed within 30 days, with backups purged within 60 days.
Upon account closure, all personally identifiable information (PII) is permanently deleted from active systems. Aggregated, anonymized usage statistics may be retained for service improvement, but these cannot be traced back to your account.
Report any suspected vulnerabilities or data incidents immediately to security@dictionary.com or through our encrypted bug bounty portal. We guarantee a response within 24 hours and full compliance with breach notification laws.
Contact Data Governance
For questions regarding information sharing, data subject requests, or partnership compliance, reach out to our Data Protection Office.
Data Protection & Compliance Team
Available MonβFri, 09:00β18:00 UTC. Response time: < 24 hours for general inquiries, < 2 hours for security incidents.