Effective as of November 8, 2024
Grammarly Supplemental EEA+ Privacy Notice
We, Grammarly, Inc., address this Supplemental EEA+ Privacy Notice only to individuals located in the European Economic Area (EEA), United Kingdom (UK) and Switzerland who interact with us as an individual, such as where you create an account and directly receive our products from us (e.g., through our Grammarly Free, Grammarly Premium, and Grammarly Pro products). It also applies when you browse our websites or similarly interact with us (e.g., by subscribing to our marketing emails).
This notice does not apply if you receive Grammarly products under the management of your employer or similar account with multiple seats (such as if you are a member of a company, organization, or other legal entity’s Grammarly Business, Grammarly for Education, or Grammarly Pro account). We process personal data under such accounts on behalf of that organization in accordance with our contract and data protection terms with the accountholder organization. For more information about how we collect, use, and disclose your personal data, please see the Grammarly Privacy Policy.
1. What laws apply?
If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. References to the “GDPR” are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
2. Who is the data controller, and who is its EEA and UK representative?
The data controller is us, Grammarly, Inc., 548 Market Street, #35410, San Francisco, CA 94104.
We’ve appointed VeraSafe as our representative in the EEA and UK for data protection matters. You can contact VeraSafe in matters related to personal information processing using this contact form. Alternatively:
3. What lawful bases of processing do we rely on?
We rely on the following legal bases to process your personal data, as appropriate:
The following table outlines the legal basis and, where applicable, the legitimate interests pursued with respect to each purpose for which we process personal data.
This notice does not apply if you receive Grammarly products under the management of your employer or similar account with multiple seats (such as if you are a member of a company, organization, or other legal entity’s Grammarly Business, Grammarly for Education, or Grammarly Pro account). We process personal data under such accounts on behalf of that organization in accordance with our contract and data protection terms with the accountholder organization. For more information about how we collect, use, and disclose your personal data, please see the Grammarly Privacy Policy.
1. What laws apply?
If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. References to the “GDPR” are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
2. Who is the data controller, and who is its EEA and UK representative?
The data controller is us, Grammarly, Inc., 548 Market Street, #35410, San Francisco, CA 94104.
We’ve appointed VeraSafe as our representative in the EEA and UK for data protection matters. You can contact VeraSafe in matters related to personal information processing using this contact form. Alternatively:
- For users in the EEA: You can contact VeraSafe at VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland.
- For users in the UK: You can contact VeraSafe at VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom.
3. What lawful bases of processing do we rely on?
We rely on the following legal bases to process your personal data, as appropriate:
- Necessary for us to perform a contract with you or take steps at your request prior to entering into a contract per Article 6(1)(b) GDPR (“Contract Performance Legal Basis”);
- Necessary for us to comply with an applicable legal obligation per Article 6(1)(c) GDPR (“Legal Obligations Legal Basis”);
- Necessary for us to realize a legitimate interest based on an assessment of that interest and your privacy and other fundamental interests per Article 6(1)(f) GDPR (“Legitimate Interest Legal Basis”); or
- According to your consent per Article 6(1)(a) GDPR (“Consent Legal Basis”). In these cases, you can withdraw your consent at any time with future effect.
The following table outlines the legal basis and, where applicable, the legitimate interests pursued with respect to each purpose for which we process personal data.
We will seek your consent if we wish to use your personal data for any new purpose incompatible with those set forth in the table above, and if you provide such consent, the Consent Legal Basis applies.
4. Where is your personal data processed, and on what basis do we transfer personal data across borders?
We rely on service providers in locations including the United States, EEA, and worldwide. We take measures to ensure that service providers provide an adequate level of data protection by entering into appropriate data transfer agreements based on Standard Contractual Clauses, where applicable, and performing data protection assessments of data transfer arrangements as appropriate. Data transfer agreements are accessible upon request by contacting us at the details shown further above. We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Learn More
5. Do you have to provide personal data?
You are not legally required to provide us with your personal data, but you may not be able to fully use our products if you do not provide us with personal data that we reasonably need to provide our products. If you do not allow us to collect information through cookies and similar technology, some parts of our website may not work properly or be as tailored to you as they could otherwise be, but they will still generally be usable. We will inform you of personal data that we reasonably need to fulfill the purposes in our privacy notices, such as by marking certain fields as mandatory on online forms requesting personal data from you.
6. How do we use cookies and other tracking technologies?
We and our affiliates, marketing partners, and analytics or service providers use cookies and other technologies to ensure everyone who uses our websites and products has the best possible experience. For example, when you use our websites, we may place a number of cookies in your browser to enable us to hold session information as you navigate from page to page, to improve your experience, and to track and analyze usage and other statistical information. Additionally, when you are logged-in, we may use cookies to remember your preferences and settings, such as your preferred language or customized features, and provide relevant content recommendations based on your previous activity.
The types of first- and third-party cookies served through our websites and products, and the purposes they perform, are described below. You can find more detailed information about the specific cookies we use on our websites in our Cookies Preferences Center. You can find more detailed information about the specific cookies we use in our products in the Privacy section of your account settings.
Strictly necessary cookies
These cookies are sometimes called “essential”, as without them we cannot provide the services that you have requested. For example, strictly necessary cookies help ensure the security of the services and remember your preferences as you use our websites and products.
Functional cookies
These cookies are used to enhance the performance and functionality of our websites and products but are non-essential to their use. For example, during your visit to our websites or while you use our products, cookies are used to remember information you have entered or choices you make (such as your username or your region). They also store your preferences when personalizing our products to optimize your use of Grammarly (for example, your preferred language). These preferences are remembered through the use of persistent cookies, and the next time you use our products you will not have to set them again.
Performance cookies
These cookies track information about your visits and usage of our websites and products so that we can make improvements and report our performance—for example, to analyze visitor and user behavior to provide more relevant content or suggest certain activities. We might also use analytics cookies to test new ads, pages, or features to see how users react to them. Google Analytics is the main technology we currently use in this regard. To learn more about Google Analytics and your privacy, visit How Google uses information from sites or apps that use our services. To learn how you can opt out of being tracked by Google Analytics when using our website, visit Google Analytics Opt-out Browser Add-on.
Targeting cookies
These cookies may be set by third-party advertising platforms or networks in order to deliver ads for Grammarly paid accounts and track the performance of those ads. These platforms may subsequently use information about your visit to Grammarly.com to target you with advertising for Grammarly paid accounts on other websites.
These cookies may also allow you to share certain pages with social networks and interact with social media features while using our products, such as the “Share This” button or interactive mini-programs that run on our websites. These features may collect your IP address and which page you are visiting on our websites, as well as set a cookie to enable the feature to function properly.
You have the right to decide whether to accept or reject cookies. For our websites, you can exercise your cookie preferences by using our Cookies Preferences Center. For logged-in users, you can exercise your cookie preferences by visiting the Privacy section of your account settings.
You can also generally activate or deactivate the use of cookies through a functionality built into your web browser. Learn more about how to manage cookie settings through your browser:
If you want to learn more about cookies or how to control, deactivate, or delete them, please visit All About Cookies for detailed guidance. To learn how you can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance, visit YourAdChoices. In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with their internet browsing. To learn more about this feature from Google, visit My Ad Center.
If you choose not to activate cookies or later deactivate cookies, you may still visit our websites and use our products, but your ability to use some features may be limited.
7. What rights do you have?
In the EEA, Switzerland, and the UK, you have the following rights, subject to the conditions under the GDPR and/or local data protection law:
(a) To object, on grounds relating to your particular situation, to our processing of your personal data. This includes the right to object to our processing of your personal data for direct marketing or where we are pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
(b) To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
(c) To obtain from us the rectification of inaccurate personal data concerning you.
(d) To ask us to erase your personal data to the extent it is not required for legally required purposes.
(e) To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
(f) To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
(g) To lodge a complaint with a supervisory authority (only for EEA and UK).
(h) In some jurisdictions such as France and Portugal, you also have the right to provide us with guidelines as to the processing of your personal data after your death.
You may view a list of supervisory authorities in the EEA, UK, and Switzerland and their respective contact information here:
To exercise your rights under applicable privacy law, to raise a privacy concern, or to make a data-related request, please contact us via the contact information further below and describe your request. We may ask for additional information from you to clarify your request and verify that you are authorized to make your request. We will respond to requests to exercise privacy rights according to applicable laws.
8. Contact Information
You can contact us with questions relating to this notice or requests to exercise your privacy rights by submitting a help desk request here, emailing privacy@grammarly.com, or contacting us via postal mail at Grammarly, Inc., 548 Market Street, #35410, San Francisco, CA 94104.
You can also generally activate or deactivate the use of cookies through a functionality built into your web browser. Learn more about how to manage cookie settings through your browser:
If you want to learn more about cookies or how to control, deactivate, or delete them, please visit All About Cookies for detailed guidance. To learn how you can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance, visit YourAdChoices. In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with their internet browsing. To learn more about this feature from Google, visit My Ad Center.
If you choose not to activate cookies or later deactivate cookies, you may still visit our websites and use our products, but your ability to use some features may be limited.
7. What rights do you have?
In the EEA, Switzerland, and the UK, you have the following rights, subject to the conditions under the GDPR and/or local data protection law:
(a) To object, on grounds relating to your particular situation, to our processing of your personal data. This includes the right to object to our processing of your personal data for direct marketing or where we are pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
(b) To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
(c) To obtain from us the rectification of inaccurate personal data concerning you.
(d) To ask us to erase your personal data to the extent it is not required for legally required purposes.
(e) To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
(f) To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
(g) To lodge a complaint with a supervisory authority (only for EEA and UK).
(h) In some jurisdictions such as France and Portugal, you also have the right to provide us with guidelines as to the processing of your personal data after your death.
You may view a list of supervisory authorities in the EEA, UK, and Switzerland and their respective contact information here:
To exercise your rights under applicable privacy law, to raise a privacy concern, or to make a data-related request, please contact us via the contact information further below and describe your request. We may ask for additional information from you to clarify your request and verify that you are authorized to make your request. We will respond to requests to exercise privacy rights according to applicable laws.
8. Contact Information
You can contact us with questions relating to this notice or requests to exercise your privacy rights by submitting a help desk request here, emailing privacy@grammarly.com, or contacting us via postal mail at Grammarly, Inc., 548 Market Street, #35410, San Francisco, CA 94104.