At Dictionary, security isn't an afterthoughtβit's foundational. We employ industry-leading encryption, rigorous access controls, and transparent practices to keep your language data safe and private.
We follow a security-first mindset across every layer of our infrastructure, development pipeline, and organizational culture.
All data in transit is encrypted using TLS 1.3. Data at rest is protected with AES-256 encryption across all databases and storage systems.
We never implicitly trust any user, device, or network. Every access request is verified, authenticated, and authorized before granting permissions.
Comprehensive audit trails track all administrative actions, data access, and system changes. Logs are immutable and retained for compliance.
24/7 threat detection powered by AI analyzes network traffic, user behavior, and system logs to identify and neutralize anomalies instantly.
Independent third-party security firms conduct quarterly penetration tests and code audits to identify and remediate vulnerabilities proactively.
Team members only receive the minimum access required for their role. Multi-factor authentication is mandatory for all internal systems.
We maintain rigorous compliance with international data protection regulations and industry security frameworks.
Annually audited for security, availability, and confidentiality.
Full adherence to EU General Data Protection Regulation standards.
California Consumer Privacy Act compliant data handling practices.
Information Security Management System certified.
We believe transparency is the cornerstone of trust. You own your data, and we provide clear mechanisms to access, export, or permanently delete it at any time.
AES-256 standard across all cloud storage
Data resides in your chosen region only
Granular privacy toggles & audit logs
We value the security community. If you discover a potential vulnerability, please report it responsibly.
We appreciate responsible disclosure and will work with you to understand, validate, and resolve any identified issues. We do not pursue legal action against researchers who follow our disclosure guidelines.
For urgent matters, please use PGP encryption (key available on our transparency page).
π‘οΈ security@dictionary.comCommon questions about our security practices, data handling, and compliance.
No. We never sell, rent, or share personally identifiable information with third parties for marketing purposes. We only share data with essential service providers (like cloud infrastructure) under strict data processing agreements that prohibit further sharing.
Search history is stored only as long as your account is active. You can manually delete it at any time from your dashboard. Upon account deletion, all associated data is permanently purged from our systems within 30 days.
We do not store credit card details. All payments are processed by PCI DSS Level 1 compliant providers (Stripe & Braintree). We only receive a tokenized confirmation for billing purposes.
We maintain an incident response plan compliant with global regulations. In the unlikely event of a breach affecting personal data, we will notify affected users within 72 hours, report to relevant authorities, and provide clear guidance on protective steps.