USER TRUST GUIDELINES
We value the trust people place in us and our product.
We want everyone to feel confident about engaging with Grammarly’s product—whether that’s through our mobile keyboards, desktop applications, browser extensions, online editor, Microsoft Office add-in, or other offerings. This means providing clear and easy-to-access information about the efforts we take to keep your information secure and to respect your data privacy. This page outlines Grammarly’s user-first operating principles.
USER TRUST GUIDELINES AT A GLANCE
We are vigilant about information security
We maintain a security-first culture across our organization →
All data is encrypted to keep your information safe →
Our security features help protect you against unauthorized access →
We seek regular and consistent third-party evaluation →
Our enterprise-grade compliances validate our security controls →
We provide transparency about our secure cloud architecture →
USER TRUST GUIDELINES AT A GLANCE
We practice privacy by design
We are vigilant about information security
We maintain a security-first culture across our organization →
All data is encrypted to keep your information safe →
Our security features help protect you against unauthorized access →
We seek regular and consistent third-party evaluation →
Our enterprise-grade compliances validate our security controls →
We provide transparency about our secure cloud architecture →
Frequently asked questions
We make money from selling subscriptions—not from selling data
We have not, do not, and will not sell or rent user data—period. We don’t provide information to third parties to help them advertise to you.
Grammarly’s financial interests are directly aligned with our users’ interests. We make money when customers see value in what we provide and decide to purchase one of our paid product offerings: Grammarly Premium, Grammarly Business, or Grammarly @edu.
We practice privacy by design
Grammarly’s writing assistant provides real-time communication support wherever you’re typing. When you see the green Grammarly logo next to your text, we want you to feel secure that the product you’re using has been created with the privacy of your data top of mind. This section details the stringent protections we maintain.
Our product checks only the text you want it to
Grammarly’s product can’t access anything you type unless you are actively using it. For example: If you’re using one of our browser extensions or mobile keyboards, you can see that it is activated in a text field by looking for a visible Grammarly logo or an icon showing the number of suggestions waiting for you.
To check text and provide suggestions, Grammarly uses powerful server-based algorithms that are too complex to be stored locally on a user’s device. The servers are hosted by AWS in the United States.
Our product does not run in sensitive or read-only fields
Grammarly’s writing assistant is blocked from accessing text in fields marked “sensitive.” This means that Grammarly’s browser extensions and mobile keyboards do not see anything typed in credit card forms, password fields, URL fields, email address fields, or fields where similar private information is provided.
We additionally restrict our product from processing text in all single-line input fields, which are more likely to contain sensitive information like names or phone numbers. We also block the product from running where you can’t edit text (known as “read-only” fields), such as the instructions to a web form.
You can view all data associated with your account
We think you should know exactly what Grammarly has stored about you. To view the personal data associated with your account, log in and submit a request. This process helps us ensure that only you can request information about yourself. If you delete your account, we will remove your personal information from our systems.
If you use the Grammarly Editor, you can view all documents you have saved—we store them so you have access until you choose to delete them. If you delete your account, we will delete these documents from our servers.
We tightly control access to user data
Grammarly restricts employee access to customer data across our network, infrastructure, and services. Only those authorized to access data critical to their work may do so. This is often referred to as the “principle of least privilege.”
Grammarly relies on trusted third-party vendors for specific services and functions, such as hosting our servers, email communication, and customer support services. We regularly evaluate vendor security, and we validate that all user information is removed from third-party systems after there is no longer any need for its storage. Read more about the third-party subprocessors we use.
You own what you write
Grammarly does not own the text you write while using our product. You always retain all rights to your text, including copyrights and duplication privileges. In short, your work remains yours.
We comply with governmental privacy regulations and frameworks
Grammarly complies with regulations regarding data privacy and protection. This includes the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other frameworks that govern Grammarly’s privacy obligations.
You can read further detail about many of these points in our Privacy Policy and Terms of Service.
We are vigilant about information security
Supporting our users means keeping security at the core of everything we do. This section details how we safeguard your data at all times. We also encourage you to read more about our security practices.
We maintain a security-first culture across our organization
Grammarly’s in-house team of security specialists is dedicated to fortifying the security of our product, infrastructure, and operations. Company executives are directly involved in overseeing security strategy and enforcement.
We also run a Security Champions program. Team members across the organization train on information security matters and drive team-specific security initiatives. This helps ensure company-wide attention to security issues.
All data—in transit and at rest—is encrypted to keep your information safe
We use industry-standard encryption to protect all user data in transit and at rest. Whether you are receiving suggestions through the browser extension or saving documents in your Grammarly Editor, all your data is encrypted and safeguarded.
Security features in our product help protect you against unauthorized access
To aid users in keeping their accounts secure, we offer two-step verification—also known as two-step authentication, a type of multi-factor authentication. We also offer guidance about maintaining strong passwords. These help ensure your account can only be accessed by you.
Grammarly protects against unauthorized access through constant auditing and monitoring. We are vigilant about identifying unexpected account behavior, and we notify affected users if we learn of unauthorized account access.
We seek regular and consistent third-party evaluation
We ask outside experts to validate the strength of our information security. That’s why we operate a bug bounty program with HackerOne, where we invite ethical hackers to search for potential software vulnerabilities and report them directly to our Security team.
We regularly hire security firms to evaluate our systems through “penetration tests,” which simulate a cyber attack to check for anything that could be exploited. We also invite enterprise customers to contract third parties of their choosing to perform these tests.
Our enterprise-grade compliances validate our security controls
Third-party auditors review our security practices to help us achieve trusted industry standards. We have received a SOC 2 (Type 2) report and are certified with ISO 27001, 27017, and 27018, among other attestations.
We are proud to be members of the Cloud Security Alliance, a nonprofit dedicated to promoting secure cloud computing.
We provide transparency about our secure cloud architecture
We host a security whitepaper to offer transparency into our security practices and procedures.
FAQ
We know that information may be easier to approach in a Q&A format. That’s why we’ve collected questions from Grammarly users and have provided links to where you can find more information, on this page or elsewhere.
Is Grammarly secure?
We are vigilant about information security. We detail our security operations, policies, practices, and attestations and host a security whitepaper to provide further transparency.
Is Grammarly a privacy risk?
We maintain stringent protections for our users and practice privacy by design. We encourage you to read our Privacy Policy for more detailed information.
Does Grammarly sell your data?
No, we do not and will not sell or rent user data and never have. We make money from user subscriptions. We do not help third parties advertise to our users.
Is Grammarly a keylogger?
No, our product only checks the text you want it to, and it does not run in sensitive fields.
What data does Grammarly collect?
To serve our users, Grammarly collects necessary information, such as username, email address, and contact and language preferences. Read more in our Privacy Policy. Any user can request to view all data associated with their account. You can also find information about the small number of trusted third-party processors that help us provide our services.
Can Grammarly see or use your writing?
No one at Grammarly can read your text at will, as we tightly control access to user data within the company. You own what you write.
Does Grammarly use cookies? What’s Grammarly’s cookie policy?
Yes, Grammarly’s website uses cookies. We encourage you to read and review our Cookie Policy.
Is Grammarly reliable and accurate?
We encourage you to read this post to learn more about how we build our product with reliability and accuracy top of mind.
What are Grammarly’s Terms of Service?
We encourage all users to read our full Terms of Service.
Who owns Grammarly?
Grammarly is a private company. Read more about our story on our About Us page. To learn more about Grammarly’s business, read about how we make money from selling subscriptions—not from selling data.
Is Grammarly GDPR-compliant?
If you have questions that are not answered here, we encourage you to get in touch.