// Trust & Security Report

    Superhuman (formerly Grammarly Inc.) logo

    Superhuman (formerly Grammarly Inc.)

    Superhuman is a suite of AI productivity tools including Superhuman Mail (email), Grammarly (AI writing partner), Superhuman Docs (formerly Coda, all-in-one workspace), and Superhuman Go (AI assistant). Products work together as an integrated suite.

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 Type 2 - Compliance certification displayed on Trust Center security certifications

    Verify on trust.superhuman.com
    ISO/IEC 27001:2022
    HELD

    ISO/IEC 27001:2022 - Information security management system certification

    Verify on trust.superhuman.com
    ISO/IEC 27017:2015
    HELD

    ISO/IEC 27017:2015 - Cloud security controls certification

    Verify on trust.superhuman.com
    ISO/IEC 27018:2019
    HELD

    ISO/IEC 27018:2019 - Personal data protection in cloud services certification

    Verify on trust.superhuman.com
    ISO/IEC 27701
    HELD

    ISO/IEC 27701 - Privacy information management system certification

    Verify on trust.superhuman.com
    > Show 2 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    We are not HIPAA-compliant and do not sign Business Associate Agreements for Protected Health Information sharing

    source: blog.superhuman.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification

    source: trust.superhuman.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States and other locations where Superhuman and Sub-processors maintain operations. However, customer personal data originating in Europe will not be transferred outside Europe unless measures are taken to comply with European Data Privacy Laws. Superhuman participates in the Data Privacy Framework.

    The Data Processing Addendum explicitly prohibits using customer data for AI training purposes. Superhuman has a Zero Day Data Retention agreement with LLM providers, meaning customer data will not be saved or retained by LLM providers.

    // Security controls

    Encryption at Rest

    Google Cloud encryption infrastructure + application-level encryption for sensitive data

    blog.superhuman.com

    Encryption in Transit

    TLS 1.2+ for public internet traffic; Google Cloud ATLS for internal infrastructure traffic

    blog.superhuman.com

    Authentication

    OAuth-based authentication; passwords not stored by Superhuman

    blog.superhuman.com

    Infrastructure

    Hosted on Google Cloud; benefits from Google's SOC 2 and ISO 27001 certifications

    blog.superhuman.com

    Data Residency (Mail)

    For Superhuman Mail, inbox data is not stored on Superhuman servers - it is stored on the user's machine

    blog.superhuman.com

    SecurityScorecard Rating

    A grade

    trust.superhuman.com

    // Products & data scope

    Superhuman MailEmail/Productivity

    data: Email data downloaded from user accounts, stored on user's machine, not on Superhuman servers

    SOC 2 Type 2 compliant; includes AI-powered features; Zero Day Data Retention for LLM providers

    Grammarly (rebranded as Superhuman Writing)AI Writing / Productivity

    data: Text written in supported applications

    AI writing assistant; part of unified Superhuman suite

    Superhuman Docs (formerly Coda)Workspace/Collaboration

    data: Documents, wikis, project plans, shared with team members

    All-in-one AI workspace; separate security documentation referenced

    Superhuman GoAI Assistant

    data: Works across Gmail, Drive, Jira, and 800+ other applications

    Proactive AI assistant; integrates with user's favorite apps

    // What to watch

    • IDENTITY NOTE: 'Superhuman' is the rebranded parent company formerly known as Grammarly Inc. (rebranded October 2025). The company owns Grammarly, Coda, and Mail. Privacy policy URL redirects to Grammarly domain, indicating shared privacy framework across products.
    • PRODUCT STRUCTURE: Products are listed separately but are part of an integrated suite. Individual products may have varying compliance postures - Mail/Go are primary Superhuman products; Grammarly and Docs are acquisitions under the Superhuman brand.
    • NO HIPAA: Explicitly does not offer HIPAA compliance or sign Business Associate Agreements.
    • NO SELF-HOSTING: All products are cloud-based SaaS only.
    • DATA RESIDENCY: Default US, but compliance with European frameworks (GDPR, DPF, SCCs) for European data.
    • ZERO-KNOWLEDGE MAIL: Superhuman Mail distinguishes itself with local storage (inbox not on servers), reducing data exposure for email content.

    // At a glance

    Pricing model

    Freemium with paid subscription tiers; suite pricing available

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Superhuman (formerly Grammarly Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.superhuman.com

    > Browse all vendor trust reports