Our top priority at Grammarly is keeping our users’ words and data safe and secure. We are proud that every day 30 million people and 30,000 teams around the world trust us and our product to help them communicate effectively. We take that responsibility seriously—and that’s why our user-first security and privacy principles drive everything we do. Security is at the heart of our company and product.
Today, we’re happy to announce a new milestone validating all we do to keep our users’ data safe and secure through the strength of our information security and data privacy controls: We have received SOC 2 (Type 2) and SOC 3 reports as well as three certifications from the International Organization for Standardization. Together with our HIPAA compliance, these credentials speak to our safeguards for user data, cloud service management, and the protection of sensitive user information. To earn these enterprise-grade verifications, our controls and organizational practices were reviewed by third-party auditor Ernst & Young. Together, they showcase and reaffirm Grammarly’s abiding commitment to securing and protecting the information of everyone using our product—whether you’re an individual, small business, or large enterprise.
- SOC 2 (Type 2): Our SOC 2 (Type 2) report validates the strength and effectiveness of our system and organization controls regarding security, privacy, availability, and confidentiality. This report details the extreme care we take to earn and maintain user trust in our company, systems, and product.
- SOC 3: Our SOC 3 report is a publicly available description of the controls validated in our SOC 2 (Type 2) report.
- ISO/IEC 27001:2013: The first of our certifications from the International Organization for Standardization certifies that Grammarly’s information security management system meets industry-standard requirements to secure your information. Grammarly also meets the requirements of ISO 27002, which covers further requirements for strong security management.
- ISO/IEC 27017:2015: This certification validates how we apply information security controls in cloud services to protect your data.
- ISO/IEC 27018:2019: This certification validates the care we take to protect our users’ personally identifiable information (PII) in the cloud.
- HIPAA: We are compliant with the Health Information Portability and Privacy Act, demonstrating our commitment to protecting and securing sensitive user information.
These reflect our security and privacy-first culture. And, they attest to Grammarly’s focus on serving our users and earning their trust by protecting data at all times. Beyond our most recent certifications and compliances, we are proud to be a member of the Cloud Security Alliance, a nonprofit committed to raising awareness about transparent security practices. Since 2018 we’ve run a public bounty program with HackerOne, where security researchers can seek out and identify vulnerabilities before they may be exploited. Within the company, through our Security Champions program, we empower team members to bring a security focus to every project we undertake.
These initiatives are all central to what we’re doing at Grammarly: building a product that people around the world can trust to help them write effectively every day. We’re working to elevate communication for individuals and teams—no matter where they’re working or what they’re working toward—while maintaining a secure infrastructure and respecting user privacy.
Read more information about our security practices and policies, including our suite of compliances, certifications, and validations.