// Trust & Security Report

    Superhuman Platform Inc. (formerly Grammarly) logo

    Superhuman Platform Inc. (formerly Grammarly)

    AI-powered writing assistance and productivity platform. Consumer tiers: Free, Premium, Pro; enterprise tier: Enterprise. Additional products: Superhuman Go (productivity agents), Superhuman Mail (email), Grammarly for Education, Docs.

    Certifications held

    10

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 (Type 2) examinations validate that Grammarly meets the strict SOC 2 standards for security, availability, confidentiality, and privacy

    Verify on grammarly.com
    SOC 3
    HELD

    SOC 3 - Public report describing validated controls; available as of 2023

    Verify on grammarly.com
    ISO/IEC 27001:2022
    HELD

    Certificate dated June 23, 2025. Confirms Grammarly has established, implemented, maintained, and continually improving an information security management system

    Verify on support.grammarly.com
    ISO/IEC 27017:2015
    HELD

    Certificate dated June 23, 2025. Demonstrates compliance with security requirements for cloud service providers and customers

    Verify on support.grammarly.com
    ISO/IEC 27018:2019
    HELD

    Covers protection of users' personal information in cloud environments

    Verify on grammarly.com
    ISO/IEC 27701:2019
    HELD

    Privacy information management system. Verifies Grammarly meets requirements for privacy information management

    Verify on grammarly.com
    ISO/IEC 42001:2023
    HELD

    Responsible AI development and use requirements. ISO 42001 certification active as of 2023, demonstrating AI governance maturity

    Verify on grammarly.com
    PCI DSS
    HELD

    Payment card industry data security standard - Active compliance

    Verify on grammarly.com
    GDPR
    HELD

    Grammarly complies with GDPR via ISO 27701 and certifies compliance with EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework (cert at dataprivacyframework.gov)

    Verify on superhuman.com
    HIPAA
    HELD

    Grammarly is HIPAA compliant. Users must not store, transmit, or process Protected Health Information unless they have entered into a Business Associate Agreement (BAA) with Grammarly

    Verify on grammarly.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    US East (AWS) with international transfers. EU/UK/Swiss users covered by Data Privacy Framework

    Grammarly can use customer data to train AI models by default for Free/Premium/Pro tiers. OFF by default for Enterprise, Business, and Education tiers. Users can disable via Product Improvement and Training control in account settings. Grammarly restricts third-party AI service providers from training on customer content.

    // Security controls

    Encryption in transit

    TLS 1.2

    grammarly.com

    Encryption at rest

    AES-256 server-side encryption via AWS KMS

    grammarly.com

    Infrastructure

    Amazon Web Services (US East region) with native backup tools, load balancers, and web application firewalls

    grammarly.com

    Vulnerability management

    Third-party penetration testing and HackerOne bug bounty program

    grammarly.com

    Authentication

    FIDO2 authentication support

    grammarly.com

    Data ownership

    User words are owned by users; Grammarly does not sell or monetize user content

    grammarly.com

    // Products & data scope

    Grammarly FreeWriting assistance

    data: User writing content for grammar/clarity checks

    AI training enabled by default. Basic writing features. No cost.

    Grammarly PremiumWriting assistance

    data: User writing content including tone and style suggestions

    AI training enabled by default. Advanced suggestions, tone detection, plagiarism checker.

    Grammarly ProWriting assistance

    data: User writing content with team collaboration

    AI training ON by default for single-user and web-purchased plans; OFF by default for Sales-team purchases. Generative AI features, style guides, team collaboration.

    Grammarly EnterpriseWriting assistance + productivity

    data: Organization writing content with confidential mode option

    AI training OFF by default. Confidential mode, granular permissions, data loss prevention, unlimited users, dedicated support.

    Superhuman GoProductivity agents

    data: Workspace/document data for AI-powered workflows

    Part of Superhuman Platform acquisition. Productivity agents for docs and workflows.

    Grammarly for EducationWriting assistance for students

    data: Student writing submissions

    AI training OFF by default for all education accounts.

    // What to watch

    • CORPORATE CHANGE: Grammarly acquired by/merged into Superhuman Platform Inc. Privacy policy and DPA inquiries now redirect to Superhuman domain. Verify ongoing separation of product tiers.
    • AI TRAINING DEFAULTS: Consumer Free/Premium/Pro tiers have AI training ON by default. While opt-out is clearly available, this differs from Enterprise-by-default-OFF posture. Note for procurement: tier selection matters.
    • DATA RESIDENCY: Primary infrastructure is US East (AWS). While DPA compliance stated, EU/UK users should confirm data localization requirements.
    • BAA REQUIREMENT: HIPAA compliance is conditional on BAA execution. Not a default feature; users must request and execute agreement.

    // At a glance

    Pricing model

    Freemium (Free tier + Premium monthly/yearly + Pro + Enterprise contact sales)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Superhuman Platform Inc. (formerly Grammarly)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    grammarly.com

    > Browse all vendor trust reports