Privacy & Data Protection Policy

1. Introduction

At Dictionary ("we", "our", or "us"), we are committed to protecting your privacy and handling your data with transparency and care. This Privacy & Data Protection Policy explains how we collect, use, store, and safeguard your personal information when you access our website, mobile applications, APIs, and related services (collectively, the "Services").

We comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional privacy frameworks. By using our Services, you consent to the practices described in this policy.

2. Information We Collect

We collect information to provide, improve, and secure our Services. This includes:

2.1 Information You Provide Directly

• Account Details: Name, email address, password, and optional profile information during registration.
• Search & Usage Data: Words, phrases, or terms you search, along with interaction patterns within the app.
• Communications: Messages sent to our support team, feedback submissions, or newsletter opt-ins.
• Payment Information: Billing details processed securely by our third-party payment providers (we do not store full credit card numbers).

2.2 Information Collected Automatically

• Device & Technical Data: IP address, browser type, operating system, device identifiers, and crash logs.
• Usage Analytics: Pages visited, feature interactions, session duration, and performance metrics.
• Cookies & Tracking Technologies: Essential, analytical, and preference cookies to maintain session state and improve user experience. See our Cookie Policy for details.

3. How We Use Your Information

We process your data strictly for the following purposes:

• Delivering core dictionary, translation, and pronunciation features.
• Authenticating users and maintaining account security.
• Personalizing search results, word lists, and learning recommendations.
• Processing subscriptions, invoices, and refunds.
• Analyzing usage trends to optimize performance and develop new features.
• Communicating service updates, security alerts, and support responses.
• Complying with legal obligations and enforcing our Terms of Service.

4. Legal Basis for Processing

Under applicable law, we rely on the following lawful grounds:

• Contractual Necessity: To fulfill your request for dictionary services and process payments.
• Legitimate Interests: For service improvement, fraud prevention, and security monitoring.
• Consent: For optional features like email newsletters, personalized recommendations, and non-essential cookies.
• Legal Compliance: When required by law, court order, or regulatory authority.

5. Data Sharing & Third Parties

We do not sell or rent your personal data. We may share information only in the following circumstances:

• Service Providers: Hosting, analytics, payment processing, customer support, and AI inference partners operating under strict data processing agreements.
• Legal Requirements: To comply with subpoenas, court orders, or government requests.
• Business Transfers: In connection with mergers, acquisitions, or asset sales, with notice and continued privacy obligations.
• With Your Consent: When you explicitly authorize sharing with third-party integrations.

6. Security & Data Retention

We implement industry-standard technical and organizational measures to protect your data, including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular security audits, and employee training programs.

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Account data is anonymized or securely deleted upon request or after 24 months of inactivity, unless otherwise required by law.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access & Portability: Request a copy of your data in a machine-readable format.
• Correction: Update inaccurate or incomplete information.
• Deletion: Request erasure of your data, subject to legal retention requirements.
• Restriction & Objection: Limit processing or object to certain uses.
• Consent Withdrawal: Opt out of marketing communications or optional tracking at any time.

To exercise these rights, use the privacy settings in your account dashboard or contact us directly. We will respond to verified requests within 30 days.

8. Children's Privacy

Dictionary Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take prompt steps to delete it. Parents or guardians who believe this has occurred may contact us for assistance.

9. International Data Transfers

Dictionary operates globally. Your information may be processed in countries other than your own. We ensure adequate protection through Standard Contractual Clauses (SCCs), Privacy Shield frameworks (where applicable), or equivalent safeguards recognized by regulatory authorities.

10. Changes to This Policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or in-app notice at least 30 days before the effective date. Continued use of the Services after modifications constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy & Data Protection Policy or our data practices, please reach out:

• Email: privacy@dictionary.com
• Address: Dictionary Inc., Legal & Compliance Dept., 100 Language Way, San Francisco, CA 94107, USA
• EU Representative: Available upon request for GDPR-related inquiries.
• Data Protection Officer: dpo@dictionary.com

You also have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.