// Trust & Security Report

    ParagraphAI Inc. logo

    ParagraphAI Inc.

    ParagraphAI is a consumer/prosumer AI writing assistant (mobile app, AI keyboard, browser/Chrome extension, web app) for grammar correction, replies, drafting, translation (40+ languages), and humanizing AI text, with a separate ParagraphAI Enterprise tier adding brand-voice customization, account management, and a dedicated account rep. The site also markets a healthcare/medicine use case page with no accompanying compliance documentation.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence: no trust center, security page, or SOC 2 mention found anywhere on paragraphai.com; web search for 'ParagraphAI SOC 2' returns no vendor-specific results.

    source: paragraphai.com
    ISO 27001
    NOT CONFIRMED

    No public evidence: no ISO 27001 mention on vendor domain or in search results for 'ParagraphAI ISO 27001'.

    source: paragraphai.com
    ISO/IEC 42001 (AI management)
    NOT CONFIRMED

    No public evidence of an AI-governance certification anywhere on the vendor domain.

    source: paragraphai.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found.

    source: paragraphai.com
    HIPAA
    NOT CONFIRMED

    Vendor markets a 'AI Writing Assistant for Healthcare & Medicine' page but makes no HIPAA claim there or elsewhere; no Business Associate Agreement (BAA) or HIPAA compliance statement found on the healthcare page, privacy policy, or terms of service.

    source: paragraphai.com
    PCI DSS
    NOT CONFIRMED

    No public evidence found; ParagraphAI does not appear to process cardholder data directly (billing likely handled by a third-party payment processor, unconfirmed).

    source: paragraphai.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found.

    source: paragraphai.com
    GDPR (posture)
    NOT CONFIRMED

    Privacy policy (last updated May 16, 2022) states CCPA compliance only: 'we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act.' No GDPR-specific language (lawful basis, EU representative, data subject rights, SCCs) found anywhere on the vendor domain.

    source: paragraphai.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not specified anywhere on the vendor domain. Company has offices in Toronto, Canada and Cambridge, Massachusetts, USA; no stated data residency or hosting region.

    Homepage states: 'We only work with models that have a zero data retention policy, ensuring your inputs are not used for training.' This is a marketing claim on the homepage, not corroborated by the privacy policy (dated 2022, predates this language) or terms of service, neither of which mention AI training, model providers, or retention policy. Treated as the vendor's current stated posture but flagged as unverified by an independent trust/security document.

    // Security controls

    Encryption in transit

    Marketing copy states 'All data transmission is encrypted' and 'end-to-end encryption and a no-retention policy'; no technical detail (TLS version, key management) and not corroborated by a security page or trust center.

    paragraphai.com

    Data selling/sharing

    Privacy policy: 'We do not sell, trade, or otherwise transfer to 3rd parties your personally identifiable information,' though data may be shared with unnamed 'trusted third parties who assist us' in operating the site.

    paragraphai.com

    Data retention

    Not specified in the privacy policy. Homepage claims a 'zero data retention' / 'no-retention policy' for AI model inputs, but no retention schedule for account data, logs, or support tickets is published.

    paragraphai.com

    Content licensing (ToS)

    Terms of service grant ParagraphAI 'a perpetual, irrevocable, worldwide, royalty-free, exclusive license to reproduce, modify, adapt, translate, publish, publicly display and/or distribute' content users post via open communication tools on the site (registration info is excluded, covered by the privacy policy instead). This is a broad license clause worth flagging for enterprise buyers, though it appears scoped to public/community-facing content rather than AI-assisted document drafts.

    paragraphai.com

    Liability cap

    Damages capped at 'the amount you paid, if any, for use of products/services'; broad warranty disclaimer.

    paragraphai.com

    // Products & data scope

    ParagraphAI (consumer/free & Pro)AI writing assistant - mobile app, AI keyboard, Chrome extension, web app

    data: User-typed text across apps/websites (via keyboard/extension) sent to underlying AI model(s) for grammar fixes, replies, rewrites, translation, summarization

    Free tier plus 'ParagraphAI Pro' subscription for unlimited use. No security documentation beyond homepage marketing claims.

    ParagraphAI EnterpriseTeam/enterprise AI writing assistant

    data: Same text-input scope as consumer product, plus brand-voice customization and team account management

    Marketed as protected by 'enterprise-level security' and offering a dedicated account rep and 24/7 support, but the enterprise contact page itself lists no certifications, SSO, or data-residency commitments. Prospective enterprise buyers should request a DPA and security documentation directly, none is published.

    Healthcare & Medicine use caseVertical marketing page (not a distinct product)

    data: Same core writing-assistant functionality, positioned for healthcare communication

    No HIPAA compliance, BAA, or healthcare-specific safeguards documented anywhere on this page or elsewhere on the domain; this is an over-claim risk if healthcare buyers infer HIPAA readiness from the page's existence.

    // What to watch

    • NO-TRUST-CENTER: No trust/security center exists; all security claims are unverified marketing statements on the marketing homepage, not on a dedicated security or compliance page.
    • OVER-CLAIM-RISK-HEALTHCARE: Vendor markets a dedicated 'AI Writing Assistant for Healthcare & Medicine' page but provides no HIPAA compliance statement, BAA, or healthcare-specific safeguards anywhere on the domain. Healthcare buyers should not assume HIPAA readiness from this page.
    • STALE-PRIVACY-POLICY: Privacy policy is dated May 16, 2022 and mentions only CCPA, with no GDPR language, despite the product serving international/EU users (translation to 40+ languages, global marketing). This is a gap, not a confirmed non-compliance, but worth flagging for EU enterprise buyers.
    • UNVERIFIED-AI-TRAINING-CLAIM: 'Zero data retention' / 'inputs are not used for training' claim appears only in homepage marketing copy, not in the privacy policy or terms of service, and is not backed by a named model provider or a data processing agreement.
    • BROAD-CONTENT-LICENSE: Terms of service include a perpetual, irrevocable, exclusive license grant over content posted via 'open communication tools,' a term buyers should get clarified before enterprise use.
    • NO-DPA: No Data Processing Agreement is referenced or offered publicly; enterprise/EU customers would need to request one directly.

    // At a glance

    Pricing model

    Freemium consumer app (free + Pro subscription) plus custom-quoted Enterprise plans

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on ParagraphAI Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    paragraphai.com

    > Browse all vendor trust reports