Our top priority at Grammarly is helping over 30 million users and 70,000 teams communicate more effectively, with best-in-class security and privacy practices that keep user data private and protected. We take this responsibility seriously and regularly update our compliance portfolio to stay ahead of evolving industry best practices.
Today, we’re announcing we’ve achieved the ISO 27701 certification from our third-party auditor, Ernst & Young, demonstrating our commitment to maintaining the highest standards in data privacy management. ISO 27701 supplements our existing set of enterprise-grade certifications and compliance offerings, such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, PCI DSS, TX-RAMP, and HIPAA, and will be a recurring annual audit.
Unofficially dubbed the “GDPR certification,” ISO 27701 showcases an organization’s strong commitment to data protection through clear policies, proactive risk assessment, and streamlined breach notifications. Not only do we value these principles on their own merits; we recognize that they’re crucial for meeting GDPR standards.
ISO 27701’s objective is to create and maintain a Privacy Information Management System (PIMS) focused on personal data protection and privacy. It is an extension of the ISO 27001 standard (Information Security Management System), for which Grammarly has been certified since June 2021, but it adds new requirements:
- Privacy risk assessments to identify and manage potential impacts on individuals and organizations
- Strict conditions for collecting and processing personal data, for instance, purpose and consent
- Honoring data subjects’ rights, such as data access, correction, and deletion
- Privacy by design principles, for instance, defined retention periods, de-identification, and sanitization of data collected
- Procedures for disclosing personal data to third parties
The scope of this standard addresses the principles found in many global data protection regulations, such as the European General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and the Data Protection Act 2018. While the focus is on protecting personal data, Grammarly’s PIMS applies to all customer content, regardless of whether data is personally identifiable information (PII). It also covers Grammarly as a PII processor for institutions and a PII controller for individuals.
Grammarly has prioritized secure, private, and responsible innovation since our inception over 15 years ago. Thousands of businesses and millions of people already trust us to elevate their communication—no matter where they work or what they’re working toward—while maintaining the most secure infrastructure and respect for user privacy. This new ISO 27701 certification, along with our Data Privacy Addendum, builds on Grammarly’s existing, robust security practices to provide customers with even more assurance that any personal data processed by Grammarly will be handled in a way that meets the strictest standards, ones that we would expect for our own data.
Visit The Grammarly User Trust Center | Security, Privacy, & Compliance to find more information about our security practices and policies.
Read more about our journey to obtain our SOC 2 report and other ISO certifications.
