Security

Keeping Your Writing
Safe at Grammarly

We keep security at the heart of our product, infrastructure, and company policies. Thousands of organizations trust Grammarly to power effective team-wide communication.
Hands typing on a keyboard
Trusted by teams at
Uber
Frost and Sullivan
Zoom
Caterpillar
Atlassian
Databricks
Expedia
Hacker One
Expensify
Everlane
Align
KPMG
eFront
Uber
Frost and Sullivan
Zoom
Caterpillar
Atlassian
Databricks
Expedia
Hacker One
Expensify
Everlane
Align
KPMG
eFront
IGT
ModMed
Coda Payments
CA.Gov
UC San Diego Health
Educative
Bizzabo
AffinityX
Enshored
Lucid
Fev Tutor
SGH
Wilson HCG
IGT
ModMed
Coda Payments
CA.Gov
UC San Diego Health
Educative
Bizzabo
AffinityX
Enshored
Lucid
Fev Tutor
SGH
Wilson HCG
Selfridges & Co
Upwork
State of California Department of Finance
CRH
Eventbrite
Investec
BlackRock
Burns & McDonnell
SuperMetrics
Prezi
Zapier
Selfridges & Co
Upwork
State of California Department of Finance
CRH
Eventbrite
Investec
BlackRock
Burns & McDonnell
SuperMetrics
Prezi
Zapier

Security Is Embedded in
Our Culture

Maintaining a secure company, product, and infrastructure is top of mind at Grammarly across teams and departments. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.

A person sits at a desk looking at a computer screen

Dedicated security team

Grammarly’s in-house team of security specialists is focused on ensuring security across the company—in our product and infrastructure, as well as in all operations. The team also oversees risk management and standards compliance. Company executives are directly involved in overseeing security strategy.
A group of people watch a presentation

Internal training and monitoring

Grammarly employees complete mandatory annual training on a wide range of privacy and security topics. In addition, our Security Champions program ensures that teams have an embedded security-focused adviser who drives team-specific security initiatives.
A person drinks coffee and types on a laptop

Access management

Grammarly adheres to the principle of least privilege—employees’ data access rights are regularly reviewed to ensure only minimum required privileges are granted. All workstations run on centrally controlled endpoint-management software that enforces security configurations and protection solutions.

Enterprise-Grade Attestation and Regulatory Compliance

AICPA Logo
ISO27001 Logo
ISO27017 Logo
ISO27018 Logo
Hippa Logo
PCIDSS Logo
cloud security alliance
GDPR Logo
Data Privacy Framework Certified, EU-US, Swiss-US, UK extension
California State Graphic
Ferpa
NYS Education

SOC 2 (Type 2)

Grammarly’s SOC 2 (Type 2) report validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.

Contact us to read our report.


ISO/IEC 27001:2013

Grammarly’s information security management system meets the requirements of ISO 27001 and 27002 international standards.

Read our certificate.


ISO/IEC 27018:2019

Grammarly meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.

Read our certificate.


PCI DSS

Grammarly is compliant with the Payment Card Industry Data Security Standard.

Read our attestation of PCI compliance.


GDPR

Grammarly complies with the EU General Data Protection Regulation (GDPR).

Learn more


DPF

Grammarly is certified by the Department of Commerce for the Data Privacy Framework (DPF), for EU-US, Swiss-US, and UK extension, providing a transatlantic personal data transfer mechanism. 

Learn more


FERPA

Grammarly is compliant with the Family Educational Rights & Privacy Act.

Contact us about our special EDU addenda.


SOC 3

Grammarly’s SOC 3 report describes our validated controls regarding security, privacy, availability, and confidentiality.

Read our public report.


ISO/IEC 27017:2015

Grammarly’s information security practices meet the requirements of ISO 27017 regarding our provision and use of cloud services.

Read our certificate.


HIPAA

Grammarly is compliant with the Health Insurance Portability and Accountability Act.


Contact us about our Business Associate Agreement.


CCPA

Grammarly complies with the California Consumer Privacy Act (CCPA).

Learn more


NYS Education Law 2-d

Grammarly is compliant with the New York State Education Law 2-d.

Contact us about our special EDU addenda.

Protecting your data and privacy

Trust Grammarly to protect your writing with care—we maintain security standards and procedures to keep your words safe. Read our Trust Center to learn about our user-first approach to privacy and security.
shield icon with a checkmark

Data security

Through industry-standard data protection, secure infrastructure, and third-party verification, Grammarly ensures data security across our product ecosystem.
paper and padlock icon

Data ownership

Your words are yours—we do not, and will not, sell your or your team’s information. We don’t help third parties advertise their products to you.

Features that enhance security and control

Grammarly Business includes safeguards to give control over account access—so you can trust that your company’s work is protected.
three people with checkmark icon

Team administration

Administration tools make it easy to add, remove, or transfer accounts and to manage team member roles, permissions, and access within your company.
padlock icon

SAML single sign-on

SSO allows for access management and enforcement of company-specific controls through integrations with identity providers.
Laptop with checkmark

Two-step authentication

For an extra layer of safety, multi-factor authentication is available for team members across your company to secure their individual access.

Secure Infrastructure

Grammarly’s infrastructure is built to protect your data according to high industry standards.
Amazon Web Services Graphic
Data hosting

Grammarly hosts data in Amazon Web Services data centers in the US East region and ensures continual product availability by using native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type 2) report.
Data encryption

Grammarly encrypts all data in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. Grammarly uses AWS Key Management Services for database encryption and secure key management.
Cloud platform

All components that process your data operate in Grammarly’s private network inside our secure cloud platform, and each user’s data is isolated from other users’ data. Grammarly’s servers and network ports are behind load balancers and a web application firewall. Grammarly thoroughly reviews all data subprocessors to conduct due diligence. Grammarly thoroughly reviews all data subprocessors to conduct due diligence.

Third-Party Validation

External penetration testing

Grammarly continually works to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests as well as AWS security and corporate infrastructure security assessments and audits.

Bug bounty program

Grammarly’s ongoing HackerOne bug bounty program promotes transparency and provides a channel for external security researchers to identify potential security concerns. Our team responds rapidly—and resolves these issues before they can be exploited.If you believe you’ve discovered a security-related issue, please report it at HackerOne or contact us at security@grammarly.com.

Write With More Peace of Mind

Join over 30 million people and 70,000 professional teams who trust Grammarly to help them communicate with confidence.