Grammarly
Dominant grammar and writing assistant with 30 million daily users. Free tier. Processes all text on company servers — opt-out from AI training available but not default.
What should journalists know about Grammarly?
Grammarly is the most widely used writing assistant in the world. 30 million daily users. That scale is its strength and its privacy risk. Every word you type in a Grammarly-enabled field gets sent to their servers for processing. By default, Free and Pro users' content trains Grammarly's AI models. You can opt out — but the toggle is buried in account settings, and most users never find it. Founded in 2009 by three Ukrainians — Max Lytvyn, Alex Shevchenko, and Dmytro Lider — who met at universities in Kyiv. Headquarters moved to San Francisco. The company maintained Kyiv operations through Russia's full-scale invasion and still has engineering staff there. Lytvyn and Shevchenko are now billionaires. The company raised $200 million at a $13 billion valuation in November 2021. An IPO was widely expected but never materialized. Lytvyn said in 2023 the company was "ready" but saw no "immediate need." In May 2025, Grammarly secured $1 billion in non-dilutive financing from General Catalyst. Annual revenue exceeded $700 million as of 2025. The corporate story got complicated fast. In December 2024, Grammarly acquired Coda (the productivity platform), and Coda's CEO Shishir Mehrotra became Grammarly's new CEO. In July 2025, Grammarly acquired the Superhuman email client. Then in October 2025, the parent company rebranded entirely to Superhuman Platform Inc. — Grammarly the writing tool still exists but is now one product in a four-product suite. This matters because the entity processing your text is no longer a focused grammar company. It is an AI productivity conglomerate with ambitions well beyond writing. The writing tool itself is excellent at what it does. Tone detection, full-sentence rewrites, style consistency. The AI features (Grammarly Go) use generative AI for drafting and rewriting. But every feature runs server-side. There is no local processing option. For journalists, the risk is not that Grammarly will leak your draft — it is that every sentence of every story you write passes through a third party's infrastructure, is retained for 30 days even after opt-out, and feeds an AI training pipeline unless you explicitly disable it. Enterprise accounts (150+ seats) offer contractual training exclusions, SSO, and admin controls. Individual journalists do not get these protections. If your newsroom cannot afford Enterprise, opt out of training immediately and never paste source identities or unpublished investigative material into any Grammarly-enabled field.
Copy editing, grammar correction, tone adjustment, style consistency across long-form articles. Grammarly Go for AI-assisted rewriting and drafting. Browser extension catches errors in email, CMS, and web forms without switching tools.
Processing confidential source communications or unpublished investigative material. Any workflow requiring local-only text processing. Journalists who cannot accept server-side analysis of every keystroke. Self-hosting is not an option.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
Free and Pro users: content trains Grammarly's AI models by default. Opt-out available at account.grammarly.com/security/privacy — toggle off "Product Improvement and Training." Even with opt-out, Grammarly retains text for 30 days for abuse monitoring. Non-content metadata (word counts, suggestion types accepted, error patterns) is always collected regardless of opt-out. Enterprise tier: admin can opt out for the entire organization. Contractual training exclusions apply. SOC 2 Type II (audited by Ernst & Young), ISO 27001, ISO 27017, ISO 27018 certified. HIPAA-compliant option available. The browser extension processes text in every active text field by default. It does not distinguish between a blog draft and a message containing source information. There is no per-field or per-site granular control — it is all or nothing unless you manually disable the extension on specific sites.
How to protect yourself:
Opt out of AI training immediately: account.grammarly.com/security/privacy > toggle off "Product Improvement and Training." Disable the browser extension on sensitive sites (newsroom CMS with source databases, encrypted messaging web clients, legal document platforms). Never paste source identities, unpublished documents, or confidential legal materials into Grammarly-enabled fields. For sensitive editing, use a local tool like LanguageTool's self-hosted instance or a desktop word processor with Grammarly disabled. If your newsroom has 150+ seats, push for Enterprise — it is the only tier with contractual data protection.
Strong infrastructure security: encryption in transit (TLS 1.2) and at rest (AES-256), SOC 2 Type II, ISO 27001/27017/27018, HIPAA option for Enterprise. The concern is not infrastructure — it is the data model. All text processing is server-side with no local option. AI training is opt-in by default for individual users. The browser extension processes every text field indiscriminately. Enterprise tier provides contractual protections, but individual journalists on Free or Pro have limited recourse. The rapid corporate transformation (three acquisitions, rebrand, new CEO) adds uncertainty about future data practices. Opt out of training, disable the extension on sensitive sites, and never process confidential source material through Grammarly.
Who Owns This
Known issues
Training opt-in by default: Free and Pro users' content trains AI models unless manually disabled. Most users never change this setting. The opt-out toggle is not surfaced during onboarding. No local processing: All text is sent to Grammarly's servers. There is no offline mode, no on-device analysis, no self-hosting option. Every keystroke in a Grammarly-enabled field transits their infrastructure. Browser extension scope: The extension activates on all text fields by default, including potentially sensitive ones. Grammarly says it excludes password fields and credit card forms, but it processes text in email compose windows, messaging platforms, and CMS editors without distinction. 2018 browser extension vulnerability: A security researcher found a flaw that could have let malicious websites access users' Grammarly account data, including saved documents. Patched within hours. No evidence of exploitation. Corporate complexity: Three acquisitions in 12 months (Coda, Superhuman, rebrand). The entity handling your writing data is now a multi-product AI platform company, not a focused grammar tool. Privacy policies and data practices may evolve as the Superhuman Platform consolidates. IPO uncertainty: Despite $13B valuation and $700M+ revenue, the company has not gone public. The 2021 valuation came during a market peak; secondary market pricing has fluctuated since.
Pricing
Free (basic grammar and spelling). Pro: $12/month (annual), $20/month (quarterly), $30/month (monthly). Enterprise: custom pricing, 150+ seats, requires sales contact. The company rebranded to Superhuman Platform Inc. in October 2025 after acquiring Coda and the Superhuman email client — pricing for the broader Superhuman Suite may evolve.
This is an editorial assessment based on publicly available information as of 2026-04-03, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.