Keeping Your Writing Safe
at Grammarly

We keep security at the heart of our product, infrastructure, and company policies. Thousands of organizations trust Grammarly to power effective team-wide communication.
Contact Sales
Keeping Your Writing Safe
Trusted by teams at:

Enterprise-grade attestation and
regulatory compliance

SOC 2 (Type I)

Grammarly’s SOC 2 (Type I) report attests to our enterprise-grade system and organization controls regarding security, privacy, availability, and confidentiality. Contact our team to read the report.

PCI DSS

Grammarly is compliant with the Payment Card Industry Data Security Standard, which validates that payments are handled with industry-standard security. Read Grammarly’s attestation of PCI compliance.

Cloud Security Alliance

Grammarly is a member of CSA, a nonprofit dedicated to promoting secure cloud computing. Read Grammarly’s Consensus Assessments Initiative Questionnaire (CAIQ), which details our security practices.

GDPR

Grammarly complies with the EU General Data Protection Regulation (GDPR). Where required, we will provide international data transfer mechanisms, such as standard contractual clauses, for our business customers.

CCPA

Grammarly complies with the California Consumer Privacy Act (CCPA) regarding the collection, use, and retention of personal information of residents of California.

Protecting your data and privacy

Trust Grammarly to protect your writing with care—we maintain security standards and procedures to keep your words safe.

Data security

Through industry-standard data protection, secure infrastructure, and third-party verification, Grammarly ensures data security across our product ecosystem.

Data ownership

Your words are yours—we do not, and will not, sell or rent your or your team’s information. We don’t help third parties advertise their products to you.

Features that enhance security and control

Grammarly Business includes safeguards to give control over account access—so you can trust that your company’s work is protected.

Team administration

Administration tools make it easy to add, remove, or transfer accounts and to manage team member access within your company.

SAML single sign-on

SSO allows for access management and enforcement of company-specific controls through integrations with identity providers.

Two-step authentication

For an extra layer of safety, multi-factor authentication is available for team members across your company to secure their individual access.

Team administration

Administration tools make it easy to add, remove, or transfer accounts and to manage team member access within your company.

Secure infrastructure

Grammarly’s infrastructure is built to protect your data according to high industry standards.
Grammarly infrastructure

Data hosting

Grammarly hosts data in Amazon Web Services data centers in US East and US West regions and ensures continual product availability by using native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type II) report.

Data encryption

Grammarly encrypts all data in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. Grammarly uses AWS Key Management Services for database encryption and secure key management.

Cloud platform

All components that process your data operate in Grammarly’s private network inside our secure cloud platform, and each Grammarly user’s data is isolated from other users’ data. Grammarly’s servers and network ports are behind load balancers and a web application firewall.

Security is embedded in our culture

Maintaining a secure company, product, and infrastructure is top of mind at Grammarly across teams and departments. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.
Visit our Security Practices page to download our security whitepaper

Dedicated security team

Grammarly’s in-house team of security specialists is focused on ensuring security across the company—in our product and infrastructure, as well as in all operations. The team also oversees risk management and standards compliance. Company executives are directly involved in overseeing security strategy.

Internal training & monitoring

Grammarly employees complete mandatory annual training on a wide range of privacy and security topics. In addition, our Security Champions program ensures that teams have an embedded security-focused adviser who drives team-specific security initiatives.

Access management

Grammarly adheres to the principle of least privilege—employees’ data access rights are regularly reviewed to ensure only minimum required privileges are granted. All workstations run on centrally controlled endpoint-management software that enforces security configurations and protection solutions.

Third-party validation

External penetration testing

Grammarly continually works to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests as well as AWS security and corporate infrastructure security assessments and audits.

Bug bounty program

Grammarly’s ongoing HackerOne bug bounty program promotes transparency and provides a channel for external security researchers to identify potential security concerns. Our team responds rapidly—and resolves these issues before they can be exploited.
If you believe you've discovered a security-related issue, please report it at HackerOne or contact us at security@grammarly.com.

Read more about Grammarly security

Ready to learn more about
Grammarly Business?

Contact Sales