We, Grammarly, Inc., address these California Privacy Disclosures only to California residents where we determine the means and purposes of processing their personal information. Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time, including by the California Privacy Rights Act of 2020 and its implementing regulations ("CCPA"), have the same meaning when used in these Disclosures. These Disclosures do not reflect our collection, use, or disclosure of California residents' personal information where an exception under the CCPA applies. 

1. Personal Information Processing Activities over the Past 12 Months

We have set out below the categories of "personal information" and "sensitive personal information" that we may have collected about California residents in the preceding 12 months in connection with their use of our services. Not all categories of personal information will be collected or received for every individual.

Categories of "personal information" as defined by the CCPA that Grammarly may collect:

• Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers;
  
• Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, address, telephone number,  payment information, excluding publicly available information that is lawfully made available to the general public from government records;
  
• Characteristics of protected classifications under California or federal law;
  
• Commercial information, including Grammarly products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  
• Internet or other electronic network activity information, including, but not limited to, browsing history (e.g., sites you use our products in for performance optimization), search history, and information regarding a consumer's interaction with an internet website application, or advertisement;
  
• Geolocation data;
  
• Professional or employment-related information;
  
• Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences and characteristics. 
  

Categories of "sensitive personal information" as defined by the CCPA that Grammarly may collect:

• A consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  
• The contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication.
  

Sources of Personal Information

We collect personal information from California residents from the following sources:

• From California residents directly or from their representatives;
  
• From a device associated with a California resident;
  
• From external third-party service providers we use, including social media platforms and networks, compilers of data, and automatically via cookies and other technology, etc.;
  
• From public record sources (e.g., Federal, State or Local Government Sources).
  

We do not have actual knowledge that we sell, or share for cross context behavioral advertising, the personal information of California residents under 16 years of age.

Using and Disclosing Personal Information

We used personal information for the purposes outlined in Section 2 of our Privacy Policy. With regard to personnel, we may collect and use different personal information, which is governed by our candidate and employee privacy notices. We only used and disclosed California residents' sensitive personal information as authorized under Section 7027(m) of the CCPA Regulations. 

We disclosed personal information to our service providers and the other categories of recipients set forth in Section 4 of our Privacy Policy. We describe the purposes of these disclosures in Sections 2 and 4 of our Privacy Policy. Because we rely on service providers to host and back up our IT systems, we disclose all categories of personal information we collect to these providers, who provide their services to us under appropriate contractual provisions.  

We may use de-identified information for any purpose. We commit to maintaining and using de-identified information in de-identified form and not to attempt to re-identify the information, except for the purpose of determining whether our de-identification processes satisfy applicable legal requirements.

2. CCPA Rights

As a California resident, you have the following rights under the CCPA:

• The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period. 
  
• The right to delete personal information that we have collected from you, subject to certain exceptions.
  
• The right to correct inaccurate personal information that we maintain about you.
  
• The right to opt out of the sale or sharing of your personal information by us. 
  
• The right to limit our use and disclosure of sensitive personal information to purposes specified at Section 7027(m) of the CCPA Regulations. We do not use or disclose sensitive personal information for purposes other than those specified at Section 7027(m) of the CCPA Regulations.
  
• The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, in violation of California Civil Code § 1798.125.
  

3. How to Exercise CCPA Rights

Methods of Submission and Instructions: To submit a request to exercise your rights to know, delete or correct, please contact us at the contact information further below and describe your request. To turn on or off the personal data sharing activities that enable our targeted and cross-context behavioral advertising activities, please use Targeted Advertising Settings.

Verification: Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may designate an authorized agent by taking the steps outlined under "Authorized Agent" further below. In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfill your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.

Authorized Agents:  You can designate an authorized agent to make a request under the CCPA on your behalf if:

• The authorized agent is a natural person or a business entity, and the agent provides proof that you gave the agent signed permission to submit the request; and
  
• You directly confirm with the Company that you provided the authorized agent with permission to submit the request.
  

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps, and we will respond to any request from such authorized agent in accordance with the CCPA.

4. Contact Information

You can contact us with questions relating to this Privacy Policy or requests to exercise your privacy rights by submitting a help desk request here, emailing privacy@grammarly.com, or contacting us via postal mail at Grammarly, Inc., 548 Market Street, #35410, San Francisco, CA 94104.