The credentials that reflect our commitment to security and privacy

Over 40 million people, including 50,000 organizations, rely on Grammarly’s communication assistance, and that’s a responsibility we take very seriously. To ensure our users’ data is safe and secure, we seek out third-party evaluations to validate our company-wide security controls with globally recognized standards. Through this process, we're able to maintain our existing certifications and attestations every year.
A group of four colleagues laugh at a table together

Compliance certifications

Together, these certifications speak to our safeguards for user and customer data, cloud service management, and the protection of personal information.
AICPA Logo
ISO/IEC 27001:2022 Badge
ISO/IEC 27701:2019 Badge
ISO/IEC 27017:2015 Badge
ISO/IEC 27018:2019 Badge
ISO 42001 icon
Hippa Logo
PCIDSS Logo
cloud security alliance
GDPR Logo
California State Graphic
Ferpa
NYS Education
NIST CSF
NIST Privacy Framework _ Icon
NIST AI RMF _ Icon

SOC 2 (Type 2)

Grammarly’s SOC 2 (Type 2) report validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.

Contact us to read our report.


ISO/IEC 27001:2022

Grammarly’s information security management system meets the requirements of ISO 27001 and 27002 international standards.

Read our certificate.


ISO/IEC 27018:2019

Grammarly meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.

Read our certificate.



ISO/IEC 42001:2023

Grammarly meets the requirements of ISO 42001 ensuring responsible AI development and use.

Read our certificate.

SOC 3

Grammarly’s SOC 3 report describes our validated controls regarding security, privacy, availability, and confidentiality.

Read our public report.


ISO/IEC 27017:2015

Grammarly’s information security practices meet the requirements of ISO 27017 regarding our provision and use of cloud services.

Read our certificate.


ISO/IEC 27701:2019

Grammarly's privacy information management system meets the requirements of ISO 27701 international standards.

Read our certificate.


Security industry associations and partnerships

Strong digital defense requires industry cooperation—not competition. Thats why we work with industry-leading organizations around the world to not only foster a security-first culture at Grammarly, but to also participate in the global security community and share knowledge with the fields foremost experts.
OWASP
HackerOne
IAPP

OWASP

OWASP is the world’s largest software security nonprofit, and as a corporate member, we utilize its resources to ensure that Grammarly’s development aligns with industry best practices.

Learn more

HackerOne

To validate the strength of our information security, we run a bug bounty program with HackerOne, a leading security platform that brings together ethical hackers to assess cybersecurity issues of all kinds.

Learn more

IAPP

Grammarly is honored to be a member of IAPP, the largest and most comprehensive global information privacy community.


Learn more

Our safeguards ensure your data is protected

Whether you use Grammarly within a small organization, a large enterprise, or as an individual, have peace of mind knowing that your information is safe and secure.

Industry-leading standards

We maintain the highest standards against globally recognized certifications and standards related to security, privacy, confidentiality, and availability.
shield icon with a checkmark

Trusted certifications

Our certifications are based on comprehensive examinations conducted by independent third-party audit firms each year. You can rely on our certifications if you need them for any vendor risk-management purposes.
Graph icon

Continuous improvement

Our compliance portfolio is always evolving to reflect industry best practices and the needs of our users and customers.

Frequently asked questions

Is Grammarly secure?

Ensuring the safety and security of our users’ information is important to us at Grammarly. We maintain security measures and practice privacy by design. If you'd like to know more, we’ve outlined our security operations, policies, practices, and attestations, and you can also see our SOC 2 (Type 2) and SOC 3.

Is Grammarly GDPR compliant?

Yes, Grammarly is GDPR-compliant. Please see our Privacy Policy for details.

Where does Grammarly store data?

Grammarly stores data on servers hosted by Amazon Web Services, an industry-leading infrastructure provider, in their US-based data centers. For more information, please visit our Privacy Policy and Trust Center.

Who has access to my data, both physically and virtually?

We tightly control access to user data within the company. We adhere to the principle of least privilege and regularly review employees’ data-access rights to ensure only minimum required privileges are granted. To learn more about access to data and the information we collect, visit our Privacy Policy.

Where can I find audit reports?

If you need an audit report, please contact our sales team to request the documentation you’re looking for.

Is Grammarly HIPAA compliant?

Yes, Grammarly is HIPAA compliant. Please note that as per our Acceptable Use Policy, you should not store, transmit, or otherwise process any information via our services that falls within the definition of “Protected Health Information” under the HIPAA Privacy Rule (45 C.F.R. Section 164.051), unless you have entered into a current Business Associate Agreement with Grammarly.

If you need to sign a BAA in order to comply with HIPAA, please submit your request here.

Improve communication with a service you can trust

Grammarly’s best-in-class writing assistance helps you communicate with confidence knowing your data is protected by industry-leading security standards.