Security
Keeping Your Writing Safe at Grammarly
We keep security at the heart of our product, infrastructure, and company policies. Thousands of organizations trust Grammarly to power effective team-wide communication.
Trusted by
Enterprise-grade attestation and regulatory compliance
SOC 2 (Type 2)
Grammarly’s SOC 2 (Type 2) report validates our controls regarding security, privacy, availability, and confidentiality.
Contact us to read our report.
Contact us to read our report.
ISO/IEC 27001:2013
Grammarly’s information security management system meets the requirements of ISO 27001 and 27002 international standards.
Read our certificate.
Read our certificate.
ISO/IEC 27018:2019
Grammarly meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.
Read our certificate.
Read our certificate.
PCI DSS
Grammarly is compliant with the Payment Card Industry Data Security Standard.
Read our attestation of PCI compliance.
Read our attestation of PCI compliance.
GDPR
SOC 3
Grammarly’s SOC 3 report describes our validated controls regarding security, privacy, availability, and confidentiality.
Read our public report.
Read our public report.
ISO/IEC 27017:2015
Grammarly’s information security practices meet the requirements of ISO 27017 regarding our provision and use of cloud services.
Read our certificate.
Read our certificate.
HIPAA
Grammarly is compliant with the Health Insurance Portability and Accountability Act.
Contact us about our Business Associate Agreement.
Contact us about our Business Associate Agreement.
Cloud Security Alliance
Grammarly is a proud member of CSA, an organization dedicated to promoting secure cloud practices.
Read our Consensus Assessments Initiative Questionnaire (CAIQ).
Read our Consensus Assessments Initiative Questionnaire (CAIQ).
CCPA
“We thoroughly evaluate all our potential vendors, and we were impressed with the transparency Grammarly offered regarding their certifications, their architecture, and their policies and practices. Their security posture materials made us really confident in trusting Grammarly with our data.”
Jose Costa
Chief Information Security Officer at Tugboat Logic, Inc.
Protecting your data and privacy
Trust Grammarly to protect your writing with care—we maintain security standards and procedures to keep your words safe.
Read our User Trust Guidelines to learn about our user-first approach to privacy and security.
Read our User Trust Guidelines to learn about our user-first approach to privacy and security.
Data security
Through industry-standard data protection, secure infrastructure, and third-party verification, Grammarly ensures data security across our product ecosystem.
Data ownership
Your words are yours—we do not, and will not, sell or rent your or your team’s information. We don’t help third parties advertise their products to you.
Features that enhance security and control
Grammarly Business includes safeguards to give control over account access—so you can trust that your company’s work is protected.
Secure infrastructure
Grammarly’s infrastructure is built to protect your data according to high industry standards.
Data hosting
Grammarly hosts data in Amazon Web Services data centers in US East and US West regions and ensures continual product availability by using native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type 2) report.
Data encryption
Grammarly encrypts all data in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. Grammarly uses AWS Key Management Services for database encryption and secure key management.
Cloud platform
All components that process your data operate in Grammarly’s private network inside our secure cloud platform, and each Grammarly user’s data is isolated from other users’ data. Grammarly’s servers and network ports are behind load balancers and a web application firewall.
Grammarly thoroughly reviews all data subprocessors to conduct due diligence. Read more about the subprocessors Grammarly uses.
Grammarly hosts data in Amazon Web Services data centers in US East and US West regions and ensures continual product availability by using native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type 2) report.
Data encryption
Grammarly encrypts all data in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. Grammarly uses AWS Key Management Services for database encryption and secure key management.
Cloud platform
All components that process your data operate in Grammarly’s private network inside our secure cloud platform, and each Grammarly user’s data is isolated from other users’ data. Grammarly’s servers and network ports are behind load balancers and a web application firewall.
Grammarly thoroughly reviews all data subprocessors to conduct due diligence. Read more about the subprocessors Grammarly uses.
Security is embedded in our culture
Maintaining a secure company, product, and infrastructure is top of mind at Grammarly across teams and departments. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.
View our Security Practices page to download our security whitepaper
View our Security Practices page to download our security whitepaper
Dedicated security team
Grammarly’s in-house team of security specialists is focused on ensuring security across the company—in our product and infrastructure, as well as in all operations. The team also oversees risk management and standards compliance. Company executives are directly involved in overseeing security strategy.
Internal training & monitoring
Grammarly employees complete mandatory annual training on a wide range of privacy and security topics. In addition, our Security Champions program ensures that teams have an embedded security-focused adviser who drives team-specific security initiatives.
Access management
Grammarly adheres to the principle of least privilege—employees’ data access rights are regularly reviewed to ensure only minimum required privileges are granted. All workstations run on centrally controlled endpoint-management software that enforces security configurations and protection solutions.
Third-party validation
External penetration testing
Grammarly continually works to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests as well as AWS security and corporate infrastructure security assessments and audits.
Bug bounty program
Grammarly’s ongoing HackerOne bug bounty program promotes transparency and provides a channel for external security researchers to identify potential security concerns. Our team responds rapidly—and resolves these issues before they can be exploited.
If you believe you've discovered a security-related issue, please report it at HackerOne or contact us at security@grammarly.com.
If you believe you've discovered a security-related issue, please report it at HackerOne or contact us at security@grammarly.com.
