However, if the data belongs to a non-US citizen, it can be held for up to five years.
This includes phonecalls, emails and social media activity gathered by American security services.
The monitoring of foreign leaders will also be regularly reviewed.
The new rules were announced in a report by the Office of the Director of National Intelligence.
Another amendment to existing policies on data gathering and storage states that the Federal Bureau of Investigation can only keep its surveillance activities secret for up to three years when using its national security letters system to prevent disclosure.
"Our signals intelligence activities must take into account that all persons have legitimate privacy interests in the handling of their personal information," said Lisa Monaco, homeland security advisor to President Obama in a statement.
"At the same time, we must ensure that our intelligence community has the resources and authorities necessary for the United States to advance its national security and foreign policy interests and to protect its citizens and the citizens of its allies and partners from harm."'Right direction'
Cybersecurity expert Prof Alan Woodward from Surrey University told the BBC the changes in the rules were "a step in the right direction".
"It gives people some confidence," he said.
However, he added that the five-year rule for keeping the data of non-US citizens was concerning.
"Regimes change, governments change, and if they keep your data - and it's getting easier and cheaper to keep it - who knows what it might be used for in the future?" Prof Woodward added.
"The fact they are setting limits on it is good. But for non-US citizens five years is a long time."