The Credentials That Reflect Our Commitment to Security and Privacy

Over 30 million people, including 70,000 teams, rely on Grammarly’s communication assistance, and that’s a responsibility we take very seriously. To ensure our users’ data is safe and secure, we seek out third-party evaluations to validate our company-wide security controls with globally recognized standards. Through this process, we're able to maintain our existing certifications and attestations every year.
A group of four colleagues laugh at a table together

Compliance Certifications and Attestations

Together, these certifications and attestations speak to our safeguards for user data, cloud service management, and the protection of sensitive information.
AICPA Logo
ISO27001 Logo
ISO27017 Logo
ISO27018 Logo
Hippa Logo
PCIDSS Logo
cloud security alliance
GDPR Logo
Data Privacy Framework Certified, EU-US, Swiss-US, UK extension
California State Graphic
Ferpa
NYS Education

SOC 2 (Type 2)

Grammarly’s SOC 2 (Type 2) report validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.

Contact us to read our report.


ISO/IEC 27001:2013

Grammarly’s information security management system meets the requirements of ISO 27001 and 27002 international standards.

Read our certificate.


ISO/IEC 27018:2019

Grammarly meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.

Read our certificate.


PCI DSS

Grammarly is compliant with the Payment Card Industry Data Security Standard.

Read our attestation of PCI compliance.


GDPR

Grammarly complies with the EU General Data Protection Regulation (GDPR).

Learn more


DPF

Grammarly is certified by the Department of Commerce for the Data Privacy Framework (DPF), for EU-US, Swiss-US, and UK extension, providing a transatlantic personal data transfer mechanism. 

Learn more


FERPA

Grammarly is compliant with the Family Educational Rights & Privacy Act.

Contact us about our special EDU addenda.


SOC 3

Grammarly’s SOC 3 report describes our validated controls regarding security, privacy, availability, and confidentiality.

Read our public report.


ISO/IEC 27017:2015

Grammarly’s information security practices meet the requirements of ISO 27017 regarding our provision and use of cloud services.

Read our certificate.


HIPAA

Grammarly is compliant with the Health Insurance Portability and Accountability Act.


Contact us about our Business Associate Agreement.


CCPA

Grammarly complies with the California Consumer Privacy Act (CCPA).

Learn more


NYS Education Law 2-d

Grammarly is compliant with the New York State Education Law 2-d.

Contact us about our special EDU addenda.

Security Industry Associations and Partnerships

Strong digital defense requires industry cooperation—not competition. Thats why we work with industry-leading organizations around the world to not only foster a security-first culture at Grammarly, but to also participate in the global security community and share knowledge with the fields foremost experts.
OWASP
Cloud Service Alliance Logo
HackerOne
IAPP

OWASP

OWASP is the world’s largest software security nonprofit, and as a corporate member, we utilize its resources to ensure that Grammarly’s development aligns with industry best practices.

Learn more

HackerOne

To validate the strength of our information security, we run a bug bounty program with HackerOne, a leading security platform that brings together ethical hackers to assess cybersecurity issues of all kinds.

Learn more

Cloud Security Alliance

Grammarly is a proud member of CSA, an organization dedicated to promoting secure cloud practices.


Learn more


IAPP

Grammarly is honored to be a member of IAPP, the largest and most comprehensive global information privacy community.


Learn more

Our Safeguards Ensure Your Data is Protected

Whether you use Grammarly within a small organization, a large enterprise, or as an individual, have peace of mind knowing that your information is safe and secure.
Target and arrow

Industry-leading standards

We maintain the highest standards against globally recognized certifications and attestations related to security, privacy, confidentiality, and availability.
people icons inside a dotted circle

Third-party verification

Our certifications and attestations are based on comprehensive examinations conducted by independent third-party audit firms each year.
shield icon with a checkmark

Trusted certifications

Rest assured knowing that you can rely on our certifications and attestations if you need them for any vendor risk-management purposes.
Graph icon

Continuous improvement

Our compliance portfolio is always evolving to reflect industry best practices and the needs of our customers.

Frequently Asked Questions

Is Grammarly secure?

We are vigilant about information security. If you'd like to know more about our approach, weve outlined our security operations, policies, practices, and attestations, and you can also see our SOC 2 (Type 2) and SOC 3 for further transparency.

Is Grammarly GDPR compliant?

Where does Grammarly store data?

Grammarly stores data on servers hosted by Amazon Web Services, an industry-leading infrastructure provider, in their US-based data centers. Learn more about Grammarly's secure infrastructure.

Who has access to my data, both physically and virtually?

As a rule, Grammarly employees do not monitor or view user data. We adhere to the principle of least privilege and regularly review employees data-access rights to ensure only minimum required privileges are granted. To learn more about access to data and the information we collect, visit our Privacy Policy.

Where can I find audit reports?

If you need an audit report, contact our sales team to request the documentation youre looking for.

Is Grammarly HIPAA compliant?

Yes, Grammarly is compliant with HIPAA Security, Privacy, and Breach Notification rules.

Improve Communication With a Service You Can Trust

Grammarly’s best-in-class writing assistance helps you communicate with confidence knowing your data is protected by industry-leading security standards.