Privacy Policy

The Local Dictionary (“we”, “us”) is a consumer directory of Egyptian local brands, operated from Cairo, Egypt. We aggregate publicly-listed product information so shoppers can discover local brands in one place. We are not a retailer and we do not take payments, hold inventory, or ship products.

You can contact us at hello@localdictionary.eg for any privacy request.

This policy describes what personal data we collect when you visit or sign in to The Local Dictionary, how we use it, who we share it with, and the rights you have under Egyptian Personal Data Protection Law No. 151 of 2020 (the “PDPL”).

Information you provide:

• Account details when you sign up with email and password: your email address, an optional display name, and the password hash (we never store your password in clear text — authentication is handled by Supabase).
• Google account information if you sign in with Google: your email, name, and profile picture URL. We do not receive your Google password.
• Messagesyou send to our AI shopping assistant. The text of each message (up to the first 500 characters) and a preview of the assistant's reply (up to 200 characters) are stored so we can improve the service and respond to abuse.
• Reports and claims you submit, such as a takedown request or a brand-claim verification (e.g. Instagram DM code).

Information we collect automatically:

• Usage events— page views, searches (including the query and filters you applied), products you viewed, brands you viewed, and clicks that sent you to a brand's own site.
• A session identifier stored in a first-party cookie named ld_sid, so we can associate your activity across pages without needing an account.
• Device information — your user agent string, referrer URL, and approximate location derived from a one-way salted hash of your IP address. We do not store the raw IP.

We do not collect sensitive personal data (health, political views, religious beliefs, biometrics, etc.) and do not knowingly collect information from children under 13.

• Operate the directory — run searches, show recommendations, deliver the AI assistant.
• Improve ranking, relevance, and fairness of search results.
• Detect abuse, automated scraping of the directory, and other activity that violates our Terms of Use.
• Honor takedown requests from brand owners within our 48-hour service level (see §10).
• Send you transactional messages related to your account (sign-in confirmations, security alerts). We do not send marketing emails unless you explicitly opt in.

• Consent — when you create an account, sign in with Google, or chat with the assistant.
• Performance of a contract — fulfilling the service you asked for: searches, product pages, outbound links.
• Legitimate interests — preventing abuse, understanding aggregate usage patterns, and improving product quality. We do not use legitimate interests as a basis for marketing.

We use the following processors to run The Local Dictionary. Each is bound by their own privacy commitments; we share only the minimum data needed for the service they provide.

• Supabase — authentication, Postgres database, and file storage. Hosted on AWS infrastructure.
• Vercel — application hosting and content delivery.
• Google— OAuth sign-in (if you choose it), and Gemini APIs for semantic search embeddings and the AI shopping assistant. Messages you send to the assistant are processed by Google's Gemini API under Google's terms.
• ScrapFly — anti-bot scraping fallback for public brand storefronts. No personal data is shared; only public URLs are fetched.

We do not sell your personal data to third parties, and we do not run third-party advertising networks on the site. Sponsored search results are placements we sell directly to indexed brands — no personal data about you is shared with those brands.

Our service providers process data outside of Egypt, including in the European Union and the United States. Where required by the PDPL, transfers rely on standard contractual protections offered by those providers.

• Account records — for as long as your account is active, plus up to 12 months after deletion for audit, abuse-prevention, and legal-retention purposes.
• Usage events — up to 24 months, after which individual events are deleted or aggregated into non-identifiable statistics.
• AI assistant messages — up to 12 months, then deleted. You can request earlier deletion at any time.
• Session cookie (ld_sid) — 12 months, or until you clear your browser storage.

Under the PDPL, you can ask us to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or incomplete.
• Delete your account and the personal data tied to it.
• Withdraw consent for processing that relies on consent.
• Object to processing based on legitimate interests.
• Export your data in a structured, commonly used format.
• Lodge a complaint with the Egyptian Personal Data Protection Center if you believe we have mishandled your data.

To exercise any of these rights, email hello@localdictionary.eg. We respond within 30 days.

If you are a brand owner and want your brand, a product, or a specific image removed, email us at hello@localdictionary.eg. We respond to takedown requests within 48 hours.

We use a single first-party cookie, ld_sid, to maintain a session identifier. We also store Supabase authentication cookies when you are signed in. We do not use third-party advertising or behavioral-tracking cookies.

We use Supabase's managed Postgres with row-level security, hashed passwords, encrypted connections (TLS), and least-privilege service keys. No system is perfectly secure; if you suspect unauthorized access to your account, email us immediately.

We may update this policy as the service evolves. Material changes will be announced on the site and, where reasonable, by email to registered users at least 14 days before they take effect. The “Effective” date at the top of this page always reflects the current version.

The Local Dictionary — Cairo, Egypt. hello@localdictionary.eg