The Credentials That Reflect Our Commitment to Security and Privacy
Over 30 million people, including 70,000 teams, rely on Grammarly’s communication assistance, and that’s a responsibility we take very seriously. To ensure our users’ data is safe and secure, we seek out third-party evaluations to validate our company-wide security controls with globally recognized standards. Through this process, we're able to maintain our existing certifications and attestations every year.
Compliance Certifications and Attestations
Together, these certifications and attestations speak to our safeguards for user data, cloud service management, and the protection of sensitive information.
SOC 2 (Type 2)
Grammarly’s SOC 2 (Type 2) report validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.
Contact us to read our report.
Contact us to read our report.
ISO/IEC 27001:2022
Grammarly’s information security management system meets the requirements of ISO 27001 and 27002 international standards.
Read our certificate.
Read our certificate.
ISO/IEC 27018:2019
Grammarly meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.
Read our certificate.
Read our certificate.
PCI DSS
Grammarly is compliant with the Payment Card Industry Data Security Standard.
Read our attestation of PCI compliance.
Read our attestation of PCI compliance.
GDPR
DPF
Grammarly is certified by the Department of Commerce for the Data Privacy Framework (DPF), for EU-US, Swiss-US, and UK extension, providing a transatlantic personal data transfer mechanism.
Learn more
Learn more
FERPA
Grammarly is compliant with the Family Educational Rights & Privacy Act.
Contact us about our special EDU addenda.
Contact us about our special EDU addenda.
SOC 3
Grammarly’s SOC 3 report describes our validated controls regarding security, privacy, availability, and confidentiality.
Read our public report.
Read our public report.
ISO/IEC 27017:2015
Grammarly’s information security practices meet the requirements of ISO 27017 regarding our provision and use of cloud services.
Read our certificate.
Read our certificate.
ISO/IEC 27701:2019
Grammarly's privacy information management system meets the requirements of ISO 27701 international standards.
Read our certificate.
Read our certificate.
HIPAA
Grammarly is compliant with the Health Insurance Portability and Accountability Act.
Contact us about our Business Associate Agreement.
Contact us about our Business Associate Agreement.
CCPA
NYS Education Law 2-d
Grammarly is compliant with the New York State Education Law 2-d.
Contact us about our special EDU addenda.
Contact us about our special EDU addenda.
Security Industry Associations and Partnerships
Strong digital defense requires industry cooperation—not competition. That’s why we work with industry-leading organizations around the world to not only foster a security-first culture at Grammarly, but to also participate in the global security community and share knowledge with the field’s foremost experts.
OWASP
OWASP is the world’s largest software security nonprofit, and as a corporate member, we utilize its resources to ensure that Grammarly’s development aligns with industry best practices.
Learn more
Learn more
HackerOne
To validate the strength of our information security, we run a bug bounty program with HackerOne, a leading security platform that brings together ethical hackers to assess cybersecurity issues of all kinds.
Learn more
Learn more
Cloud Security Alliance
Grammarly is a proud member of CSA, an organization dedicated to promoting secure cloud practices.
Learn more
Learn more
IAPP
Grammarly is honored to be a member of IAPP, the largest and most comprehensive global information privacy community.
Learn more
Learn more
Our Safeguards Ensure Your Data is Protected
Whether you use Grammarly within a small organization, a large enterprise, or as an individual, have peace of mind knowing that your information is safe and secure.
Industry-leading standards
We maintain the highest standards against globally recognized certifications and attestations related to security, privacy, confidentiality, and availability.
Third-party verification
Our certifications and attestations are based on comprehensive examinations conducted by independent third-party audit firms each year.
Trusted certifications
Rest assured knowing that you can rely on our certifications and attestations if you need them for any vendor risk-management purposes.
Continuous improvement
Our compliance portfolio is always evolving to reflect industry best practices and the needs of our customers.
Frequently Asked Questions
Is Grammarly secure?
We are vigilant about information security. If you'd like to know more about our approach, we’ve outlined our security operations, policies, practices, and attestations, and you can also see our SOC 2 (Type 2) and SOC 3 for further transparency.
Is Grammarly GDPR compliant?
Where does Grammarly store data?
Grammarly stores data on servers hosted by Amazon Web Services, an industry-leading infrastructure provider, in their US-based data centers. Learn more about Grammarly's secure infrastructure.
Who has access to my data, both physically and virtually?
As a rule, Grammarly employees do not monitor or view user data. We adhere to the principle of least privilege and regularly review employees’ data-access rights to ensure only minimum required privileges are granted. To learn more about access to data and the information we collect, visit our Privacy Policy.
Where can I find audit reports?
If you need an audit report, contact our sales team to request the documentation you’re looking for.
Is Grammarly HIPAA compliant?
Yes, Grammarly is compliant with HIPAA Security, Privacy, and Breach Notification rules.
Improve Communication With a Service You Can Trust
Grammarly’s best-in-class writing assistance helps you communicate with confidence knowing your data is protected by industry-leading security standards.