The Credentials That Reflect Our Commitment to Security and Privacy

Over 30 million people, including 70,000 teams, rely on Grammarly’s communication assistance, and that’s a responsibility we take very seriously.

To ensure our users’ data is safe and secure, we seek out third-party evaluations to validate our company-wide security controls with globally recognized standards. Through this process, we're able to maintain our existing certifications and attestations every year.

Compliance Certifications and Attestations

Together, these certifications and attestations speak to our safeguards for user data, cloud service management, and the protection of sensitive information.

Data Privacy Framework Certified, EU-US, Swiss-US, UK extension

SOC 2 (Type 2)

Grammarly’s SOC 2 (Type 2) report validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.

Learn more

ISO/IEC 27001:2013

Grammarly’s information security management system meets the requirements of ISO 27001 and 27002 international standards.

Learn more

ISO/IEC 27018:2019

Grammarly meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.

Learn more

PCI DSS

Grammarly is compliant with the Payment Card Industry Data Security Standard.

Learn more

GDPR

Grammarly complies with the EU General Data Protection Regulation (GDPR).

Learn more

DPF

Grammarly is certified by the Department of Commerce for the Data Privacy Framework (DPF), for EU-US, Swiss-US, and UK extension, providing a transatlantic personal data transfer mechanism.

Learn more

FERPA

Grammarly is compliant with the Family Educational Rights & Privacy Act.

Contact us about our special EDU addenda

SOC 3

Grammarly’s SOC 3 report validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.

Learn more

ISO/IEC 27017:2015

Grammarly’s information security practices meet the requirements of ISO 27017 regarding our provision and use of cloud services.

Learn more

HIPAA

Grammarly is compliant with the Health Insurance Portability and Accountability Act.

Contact us about our Business Associate Agreement

Cloud Security Alliance

Grammarly is a CSA-Trusted Cloud Provider and has completed the Consensus Assessment Initiative Questionnaire to represent our security controls.

Learn more

CCPA

Grammarly complies with the California Consumer Privacy Act (CCPA).

Learn more

NYS Education Law 2-d

Grammarly is compliant with the New York State Education Law 2-d.

Contact us about our special EDU addenda

Security Industry Associations and Partnerships

Strong digital defense requires industry cooperation—not competition. That’s why we work with industry-leading organizations around the world to not only foster a security-first culture at Grammarly, but to also participate in the global security community and share knowledge with the field’s foremost experts.

OWASP

OWASP is the world’s largest software security nonprofit, and as a corporate member, we utilize its resources to ensure that Grammarly’s development aligns with industry best practices.

Learn more

HackerOne

To validate the strength of our information security, we run a bug bounty program with HackerOne, a leading security platform that brings together ethical hackers to assess cybersecurity issues of all kinds.

Learn more

Cloud Security Alliance

Grammarly is a proud member of CSA, an organization dedicated to promoting secure cloud practices.

Learn more

IAPP

Grammarly is honored to be a member of IAPP, the largest and most comprehensive global information privacy community.

Learn more

Our safeguards ensure your data is protected

Whether you use Grammarly within a small organization, a large enterprise, or as an individual, have peace of mind knowing that your information is safe and secure.

Industry-leading standards

We maintain the highest standards against globally recognized certifications and attestations related to security, privacy, confidentiality, and availability.

Third-party verification

Our certifications and attestations are based on comprehensive examinations conducted by independent third-party audit firms each year.

Trusted certifications

Rest assured knowing that you can rely on our certifications and attestations if you need them for any vendor risk-management purposes.

Continuous improvement

Our compliance portfolio is always evolving to reflect industry best practices and the needs of our customers.

Frequently Asked Questions

Is Grammarly secure?

We are vigilant about information security. If you'd like to know more about our approach, we’ve outlined our security operations, policies, practices, and attestations, and you can also see our SOC 2 (Type 2) and SOC 3 for further transparency.

Is Grammarly GDPR compliant?

Yes, we comply with governmental privacy regulations and frameworks, including GDPR, CCPA, HIPAA, ISO 27018, and SOC2.

Where does Grammarly store data?

Grammarly stores data on servers hosted by Amazon Web Services, an industry-leading infrastructure provider, in their US-based data centers. Learn more about Grammarly's secure infrastructure.

Who has access to my data, both physically and virtually?

As a rule, Grammarly employees do not monitor or view user data. We adhere to the principle of least privilege and regularly review employees’ data-access rights to ensure only minimum required privileges are granted. To learn more about access to data and the information we collect, visit our Privacy Policy.

Where can I find audit reports?

If you need an audit report, contact our sales team to request the documentation you’re looking for.

Is Grammarly HIPAA compliant?

Yes, Grammarly is compliant with HIPAA Security, Privacy, and Breach Notification rules.

Improve Communication With a Service You Can Trust

Grammarly’s best-in-class writing assistance helps you communicate with confidence knowing your data is protected by industry-leading security standards.