// Trust & Security Report
ParagraphAI Inc.
ParagraphAI is a consumer/prosumer AI writing assistant (mobile app, AI keyboard, browser/Chrome extension, web app) for grammar correction, replies, drafting, translation (40+ languages), and humanizing AI text, with a separate ParagraphAI Enterprise tier adding brand-voice customization, account management, and a dedicated account rep. The site also markets a healthcare/medicine use case page with no accompanying compliance documentation.
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: paragraphai.comNo public evidence: no trust center, security page, or SOC 2 mention found anywhere on paragraphai.com; web search for 'ParagraphAI SOC 2' returns no vendor-specific results.
source: paragraphai.comNo public evidence: no ISO 27001 mention on vendor domain or in search results for 'ParagraphAI ISO 27001'.
source: paragraphai.comNo public evidence of an AI-governance certification anywhere on the vendor domain.
source: paragraphai.comVendor markets a 'AI Writing Assistant for Healthcare & Medicine' page but makes no HIPAA claim there or elsewhere; no Business Associate Agreement (BAA) or HIPAA compliance statement found on the healthcare page, privacy policy, or terms of service.
source: paragraphai.comNo public evidence found; ParagraphAI does not appear to process cardholder data directly (billing likely handled by a third-party payment processor, unconfirmed).
source: paragraphai.comPrivacy policy (last updated May 16, 2022) states CCPA compliance only: 'we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act.' No GDPR-specific language (lawful basis, EU representative, data subject rights, SCCs) found anywhere on the vendor domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not specified anywhere on the vendor domain. Company has offices in Toronto, Canada and Cambridge, Massachusetts, USA; no stated data residency or hosting region.
Homepage states: 'We only work with models that have a zero data retention policy, ensuring your inputs are not used for training.' This is a marketing claim on the homepage, not corroborated by the privacy policy (dated 2022, predates this language) or terms of service, neither of which mention AI training, model providers, or retention policy. Treated as the vendor's current stated posture but flagged as unverified by an independent trust/security document.
// Security controls
Encryption in transit
Marketing copy states 'All data transmission is encrypted' and 'end-to-end encryption and a no-retention policy'; no technical detail (TLS version, key management) and not corroborated by a security page or trust center.
paragraphai.comData selling/sharing
Privacy policy: 'We do not sell, trade, or otherwise transfer to 3rd parties your personally identifiable information,' though data may be shared with unnamed 'trusted third parties who assist us' in operating the site.
paragraphai.comData retention
Not specified in the privacy policy. Homepage claims a 'zero data retention' / 'no-retention policy' for AI model inputs, but no retention schedule for account data, logs, or support tickets is published.
paragraphai.comContent licensing (ToS)
Terms of service grant ParagraphAI 'a perpetual, irrevocable, worldwide, royalty-free, exclusive license to reproduce, modify, adapt, translate, publish, publicly display and/or distribute' content users post via open communication tools on the site (registration info is excluded, covered by the privacy policy instead). This is a broad license clause worth flagging for enterprise buyers, though it appears scoped to public/community-facing content rather than AI-assisted document drafts.
paragraphai.comLiability cap
Damages capped at 'the amount you paid, if any, for use of products/services'; broad warranty disclaimer.
paragraphai.com// Products & data scope
data: User-typed text across apps/websites (via keyboard/extension) sent to underlying AI model(s) for grammar fixes, replies, rewrites, translation, summarization
Free tier plus 'ParagraphAI Pro' subscription for unlimited use. No security documentation beyond homepage marketing claims.
data: Same text-input scope as consumer product, plus brand-voice customization and team account management
Marketed as protected by 'enterprise-level security' and offering a dedicated account rep and 24/7 support, but the enterprise contact page itself lists no certifications, SSO, or data-residency commitments. Prospective enterprise buyers should request a DPA and security documentation directly, none is published.
data: Same core writing-assistant functionality, positioned for healthcare communication
No HIPAA compliance, BAA, or healthcare-specific safeguards documented anywhere on this page or elsewhere on the domain; this is an over-claim risk if healthcare buyers infer HIPAA readiness from the page's existence.
// What to watch
- NO-TRUST-CENTER: No trust/security center exists; all security claims are unverified marketing statements on the marketing homepage, not on a dedicated security or compliance page.
- OVER-CLAIM-RISK-HEALTHCARE: Vendor markets a dedicated 'AI Writing Assistant for Healthcare & Medicine' page but provides no HIPAA compliance statement, BAA, or healthcare-specific safeguards anywhere on the domain. Healthcare buyers should not assume HIPAA readiness from this page.
- STALE-PRIVACY-POLICY: Privacy policy is dated May 16, 2022 and mentions only CCPA, with no GDPR language, despite the product serving international/EU users (translation to 40+ languages, global marketing). This is a gap, not a confirmed non-compliance, but worth flagging for EU enterprise buyers.
- UNVERIFIED-AI-TRAINING-CLAIM: 'Zero data retention' / 'inputs are not used for training' claim appears only in homepage marketing copy, not in the privacy policy or terms of service, and is not backed by a named model provider or a data processing agreement.
- BROAD-CONTENT-LICENSE: Terms of service include a perpetual, irrevocable, exclusive license grant over content posted via 'open communication tools,' a term buyers should get clarified before enterprise use.
- NO-DPA: No Data Processing Agreement is referenced or offered publicly; enterprise/EU customers would need to request one directly.
// At a glance
Pricing model
Freemium consumer app (free + Pro subscription) plus custom-quoted Enterprise plans
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on ParagraphAI Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
paragraphai.com