This year, Grammarly reached a milestone on our mission to improve lives by improving communication. Over 50,000 teams at organizations including Atlassian, Databricks, and Siemens now rely on our B2B offering, Grammarly Business, to help them achieve their goals through effective communication. Our service offerings are used by tens of millions of individuals worldwide, with many in professional settings. Without a doubt, our dedication to user trust has enabled this momentum.
For organizations and businesses, we are serious about ensuring the peace of mind that comes from buying software that has earned enterprise-grade compliance certifications and attestations. All users, including individuals using Grammarly Premium or our free version, can rest easy knowing that their data is safe, their information is private, and where and when the product works is under their control. Whatever milestones Grammarly reaches, some things do not change: Instilling confidence in people and serving our customers’ interests remain at the heart of what we do.
Your best interest is our best practice
We serve our customers’ interests first. That means we operate with an ethical business model and focus on building the best product we can for our customers. The way we make money is by selling subscriptions to Grammarly product offerings. We don’t sell user data. We don’t give information about you to help advertisers sell their products, and Grammarly’s platform is not real estate to host ads either.
We insist on high security standards
Security is at the center of our product, infrastructure, company policies, and culture. Since our inception, we have worked to ensure our infrastructure and policies are watertight, so your data is processed and transmitted securely from the Grammarly applications you use to our AWS servers.
You don’t have to only take our word for it. We have received globally recognized certifications from the International Organization for Standardization, validating our security standards:
- ISO 27001:2013
- ISO 27017:2015
- ISO 27018:2019
Our Information Security team is continuously expanding our compliance portfolio. The following compliance attestations speak to our safeguards:
SOC 2 (Type 2) and SOC 3: Ernst & Young has issued Grammarly SOC 2 (Type 2) and SOC 3 reports, which validate the strength and effectiveness of our system and organizational controls regarding security, privacy, availability, and confidentiality. The SOC 3 report is the publicly available version of our SOC 2 (Type 2). Please contact our Sales team if you’d like to receive our SOC 2 report.
PCI DSS SAQ-A: As a merchant, we have systems that align with the Payment Card Industry Data Security Standard. This attestation verifies that Grammarly maintains a secure system to protect cardholder data, mitigates vulnerabilities, and regularly tests and monitors our network.
These certifications and attestations affirm our abiding investments, backed by features and functionality to secure the information of everyone using our product. For example, we provide two-step authentication for all Grammarly users. In addition, Grammarly Business subscriptions include team-specific security features. We include single sign-on (SSO) with Grammarly Business by default, no matter the size of the teams, to protect against unauthorized access.
At Grammarly, we fortify our security-first culture through our work with industry-leading organizations that help us strengthen our approach to protecting our product, infrastructure, and users. We’re proud members of the Cloud Security Alliance, an organization dedicated to promoting secure cloud practices, and OWASP, the world’s largest software security nonprofit. We also ensure third-party experts regularly test our information security to help identify and resolve any issues before they can be exploited, through initiatives including a HackerOne bug bounty program and network penetration tests. You can read more about our features, compliance, and attestations on our Security page.
Finally, Grammarly also invests in internal expertise: hiring security experts to build out a dedicated, in-house information security team. This team works around the clock to stay ahead of new and emergent threats and acts as a continuous feedback loop on our security infrastructure. Our security engineers are also embedded in every step of product development. As we design new product offerings in response to customer needs, this team ensures the high standards of our safeguards are uncompromising.
We prioritize your privacy
Security is how we keep your data from getting into the wrong hands. Privacy is how we protect your rights to control and access your personal information.
Grammarly customers have control over where our product works and what text it checks. By default, Grammarly never runs in sensitive fields, such as password and credit card fields. You can always view all data associated with your account. You own what you write: Users retain all rights to their text, including copyrights and duplication privileges. And our infrastructure is built to protect this data according to strict industry standards, including encryption of all user data in transit and at rest.
We also comply with international data privacy and protection regulations, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). To best serve our healthcare customers and partners, Grammarly is compliant with the Health Insurance Portability and Accountability Act (HIPAA), a verification we received through an independent audit by Ernst & Young. Of note, Grammarly does not need to collect any protected healthcare information to provide our service.
Grammarly also belongs to the IAPP, the most comprehensive global information privacy community, ensuring we stay informed of new insights and best practices in the industry.
As Grammarly has grown and our product offerings have become more complex, we know that providing clear information about how Grammarly works and your own rights as a customer is more important than ever. You can read more in our Privacy Policy.
Our company-wide dedication
At Grammarly, we know better than most the power of words, so it is no small thing when you entrust us with yours. Our company-wide dedication to user trust, including an ethical business model, security, and privacy, represents our reciprocal commitment to honor the trust our users have given us.
Find out more information about Grammarly’s approach to security, privacy, and compliance in our Trust Center.