At Dictionary, we engineer our platform with a security-first mindset. We employ industry-leading encryption, rigorous access controls, and transparent practices to protect your information and uphold your privacy rights.
Every feature, infrastructure decision, and workflow is designed around protecting user data and maintaining strict confidentiality.
All data in transit uses TLS 1.3, and data at rest is encrypted using AES-256. We manage keys via HSM-backed services with automatic rotation.
Strict least-privilege access policies, multi-factor authentication for all internal systems, and continuous identity verification for employees and partners.
Automated vulnerability scanning, quarterly penetration tests by third-party firms, and real-time log analysis for anomalous activity.
Data minimization, purpose limitation, and user consent are embedded into our product development lifecycle from day one.
We maintain strict governance over how data is collected, processed, stored, and deleted throughout its lifecycle.
We only collect data strictly necessary for account functionality, personalization, and service improvement. No third-party trackers.
Data is processed within isolated, encrypted environments. AI models operate on anonymized subsets with strict access boundaries.
Enterprise-grade cloud infrastructure with geo-redundant backups. All databases are encrypted and regularly patched.
Users can permanently delete their accounts and data at any time. Automated retention policies ensure secure wiping per schedule.
We adhere to international privacy regulations and maintain rigorous compliance certifications to ensure trust and accountability.
Full compliance with EU General Data Protection Regulation, including data subject rights, DPIAs, and DPO oversight.
Adheres to California privacy laws, providing users with transparency, opt-out mechanisms, and data portability.
Independently audited for security, availability, processing integrity, confidentiality, and privacy controls.
Internationally recognized standard for Information Security Management Systems (ISMS) implementation.
Privacy Information Management extension ensuring strict personal data protection practices.
Aligned with NIST SP 800-53 controls for robust federal-grade security and risk management.
We deploy defense-in-depth strategies across our cloud infrastructure, application layer, and operational workflows.
Our security stack is continuously updated to counter emerging threats. We maintain strict separation of duties and automated compliance checks across all environments.
AWS & GCP multi-region deployment with VPC isolation
Zero-trust networking, microsegmentation, egress filtering
Input validation, CSRF/XSS protection, secure headers
SIEM integration, behavioral analytics, alert escalation
In the unlikely event of a security incident, we follow a strict protocol to contain, investigate, and communicate transparently.
Automated systems detect anomalies instantly. Our security team isolates affected systems within 15 minutes to prevent lateral movement.
Dedicated incident response team conducts root cause analysis, preserves evidence, and engages third-party forensic experts if necessary.
If user data is impacted, we notify affected individuals within 72 hours (or faster per local regulations), detailing what happened and remediation steps.
We deploy patches, update security controls, conduct post-incident reviews, and publish transparency reports to maintain trust.
We welcome security researchers and ethical hackers who help us improve our defenses. All reports are reviewed by our security team, and we compensate valid findings.