SOC 2
Grammarly has successfully completed SOC 2 (Type 1) and SOC 2 (Type 2) examinations and received corresponding reports. These examinations validate that Grammarly meets the strict SOC 2 standards for security, availability, confidentiality, and privacy of our customers’ data.
SOC 3
Grammarly’s SOC 3 report is a publicly available version of the SOC 2 (Type 2) report. You can review this report here.
ISO/IEC 27001:2013
This is an international standard for information security management systems. Obtaining this certification confirms that Grammarly meets industry-standard requirements for establishing, implementing, maintaining, and continually improving an information security management system. Grammarly’s ISO 27001 certificate can be found here.
ISO/IEC 27017:2015
This certification sets forth security requirements for cloud service providers and customers. It shows that Grammarly adheres to industry standards concerning the provision and use of cloud services. You can find Grammarly’s ISO 27017 certificate here.
ISO/IEC 27018:2019
This international standard covers protection of users’ personal information. Grammarly meeting this standard demonstrates our commitment to safeguarding your data. You can follow this link to review Grammarly’s ISO 27018 certificate.
CSA STAR
Cloud Security Alliance is a nonprofit organization with the goal of promoting best practices in relation to cloud computing. Grammarly is a member of CSA and has completed the CSA STAR Level 1 assessment. You can review Grammarly’s Consensus Assessments Initiative Questionnaire for more information about our security practices.
PCI DSS
Grammarly is compliant with the Payment Card Industry Data Security Standard. Grammarly’s attestation confirms that your payment information is protected in accordance with industry standards.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 establishes a set of standards to protect sensitive health information. Grammarly is compliant with HIPAA Security, Privacy, and Breach Notification rules.
If you need to sign a BAA in order to comply with HIPAA, please be aware that currently we can enter into BAAs only for volume licenses of 100 seats or more. This limitation allows us to process these requests promptly and efficiently. We are looking to optimize this process as we ramp up HIPAA support for our other customers. If you are interested in a license of 100 seats or more, please submit your request here.