Data Retention Policy
1. Overview
At Dictionary, we are committed to protecting your privacy while maintaining the quality, security, and legal compliance of our services. This Data Retention Policy outlines how long we retain your personal data, why we retain it, and how we securely dispose of it when no longer needed.
We only collect and retain data that is necessary for specific, legitimate purposes. When data is no longer required, we securely delete or anonymize it in accordance with applicable laws, including GDPR, CCPA, and other regional regulations.
🔒 We believe in data minimization. We do not hoard information. Every data point we retain serves a clear operational, legal, or security purpose.
2. Data Retention Periods
Retention periods are determined by the purpose of collection, legal obligations, and operational needs. Below is a summary of how we handle different data categories:
| Data Type | Purpose | Retention Period | Deletion Process |
|---|---|---|---|
| Account & Profile Data | Service delivery, authentication, preferences | Until account deletion + 30 days | Permanent deletion from active databases |
| Search History & Queries | Personalization, analytics, service improvement | 12 months from last activity | Aggregated & anonymized for analytics |
| Subscription & Payment Data | Billing, fraud prevention, tax compliance | 7 years after account closure | Encrypted archival; PCI-compliant tokenization |
| Support Tickets & Communications | Customer service, dispute resolution | 2 years after ticket closure | Secure deletion with audit logging |
| Logs & Security Data | System integrity, threat detection, compliance | 6–12 months depending on type | Automated purging with forensic backup isolation |
3. Storage & Security Standards
All retained data is stored in certified, secure infrastructure. We implement industry-leading safeguards to protect your information throughout its lifecycle:
- Encryption: AES-256 encryption at rest and TLS 1.3 for data in transit
- Access Control: Role-based access with multi-factor authentication and strict least-privilege principles
- Backup Isolation: Retention policies apply to backups. We use immutable backup storage with automatic lifecycle management
- Auditing: Continuous monitoring, quarterly third-party penetration testing, and SOC 2 Type II compliance
Data centers are located in regions that meet our security standards and comply with cross-border data transfer requirements. Where data is processed internationally, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards.
4. Your Rights & Data Requests
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. We strive to make this process simple and transparent:
How to Request Data Deletion
- Log into your Dictionary account dashboard
- Navigate to Settings → Privacy → Delete Account
- Confirm deletion. Your data will be scheduled for permanent removal within 30 days
Alternatively, you may email privacy@dictionary.com with the subject line "Data Retention Request". Our Privacy Team will verify your identity and process your request within 14 business days.
⚠️ Please note: Certain data may be retained longer if required by law, for fraud prevention, or to resolve ongoing disputes. We will notify you if any of your data falls under these exceptions.
5. Legal & Compliance Exceptions
While we prioritize data minimization, we may retain certain information beyond standard periods when required by:
- Tax, accounting, or financial regulatory obligations
- Active litigation, regulatory investigations, or legal holds
- Fraud detection, abuse prevention, and Terms of Service enforcement
- Critical system security incidents requiring forensic analysis
In these cases, data is segregated, access-restricted, and subject to strict retention reviews. We will comply with any lawful request from governmental authorities while maintaining transparency where permitted.
6. Contact & Updates
This policy may be updated periodically to reflect changes in technology, regulation, or our operations. Material changes will be communicated via email or in-app notification.
If you have questions about our data retention practices, wish to verify your data status, or need assistance exercising your rights, please reach out:
- Email: privacy@dictionary.com
- Privacy Portal: dictionary.com/privacy-portal
- Headquarters: 100 Language Ave, Suite 400, San Francisco, CA 94107, USA
Thank you for trusting Dictionary with your language exploration journey. We are committed to handling your data responsibly, transparently, and securely.