Grammarly (with Grammarly AI / GrammarlyGO)

Plain-English risk rating: 3 of 5 (Free/Premium) / 2 of 5 (Business/Enterprise)

Grammarly is one of the most-deployed writing AI tools in the SMB and individual professional segments, with reported user base of approximately 30 million daily active users across hundreds of millions of registered accounts. The risk picture is dominated by one structural fact: Grammarly's browser extension and desktop client read essentially all text the user types in applications where Grammarly is active, including email, document drafts, chat messages, and any other text field. The platform processes this text on Grammarly's servers (and at LLM provider servers for AI-generated suggestions and rewrites) to produce its corrections and rewrites.

The scale of text content that crosses Grammarly's systems for an active business user is substantial. The privacy posture relies on Grammarly's commitments to not process content in sensitive fields (credit card forms, passwords, URLs) and the contractual no-training commitments at Business and Enterprise tiers. The structurally important fact for SMBs: individual users on Free and Premium cannot opt out of training data use — only Business account administrators can.

Recommended for

  • Sole proprietor: Premium at $12/month acceptable for general writing. Recognise that individual-user training opt-out is not available at this tier — your typed text contributes to model improvement under Grammarly's terms. Disable on sensitive applications via Grammarly's app-level controls.
  • Small team (2-10 people): Business at $15/user/month for contractual no-training and admin controls. The training opt-out is admin-controlled at this tier (not individual-controlled), so the workspace admin needs to configure the opt-out actively.
  • Regulated industry: Enterprise tier with BAA where applicable, strict allowed-applications policy, and explicit policy guidance to team members about which content classes should be excluded from Grammarly processing.
  • The honest answer for most 1-10 employee businesses: Grammarly is one of the most-pervasive AI tools in your environment if even one team member uses it. The right posture is: standardise on Business tier with admin controls; have the admin actively configure the training opt-out; document which applications Grammarly is allowed to operate in; treat the breadth of text Grammarly sees as a category-level data governance question rather than a per-employee decision.

Critical pre-deployment warning (individual training opt-out unavailable on Free/Premium)

This is the structurally important fact most Grammarly users do not know: Individual users on Free and Premium tiers cannot opt out of having their text used to improve Grammarly's AI models. Only Business account administrators have the opt-out control, and the opt-out is account-wide rather than per-user. The 2024 Cybershore vendor due diligence report explicitly flagged this as a privacy concern.

Grammarly's stated mitigations: text in sensitive fields (passwords, credit card numbers, URLs) is not processed; user-generated content is anonymised before being used for training; users can manually delete content from their account. None of these mitigations changes the fundamental fact that the individual user has no toggle to opt out.

The practical implication: if any employee in your business uses Grammarly Premium for work tasks, their typed text has been incorporated into Grammarly's model improvement pipeline. The fix is either (a) move that employee to Business tier on your account with admin opt-out configured, or (b) accept that the data is in the pipeline and document it for your privacy posture.

Data retention default

  • Free, Premium: Text processed for corrections retained per Grammarly's standard data lifecycle; user-generated content may be used for model improvement (anonymised) with no individual-user opt-out
  • Business, Enterprise: Stronger contractual retention controls; admin-configurable opt-out from model improvement use; verify current configuration per tenant
  • AI-generated rewrites (GrammarlyGO): LLM provider processing under zero-retention contracts for paid tiers
  • Sensitive-field exclusion: Grammarly does not process text in fields recognised as password, credit card, or sensitive URL types

Training opt-out

Free — NO INDIVIDUAL OPT-OUT AVAILABLE. Grammarly may use de-identified content for product improvement under standard terms. Account deletion is the only way to fully exit.

Premium — NO INDIVIDUAL OPT-OUT AVAILABLE. Same as Free regarding training opt-out; Premium tier benefits are about features and quotas rather than privacy controls.

Business — ADMIN-CONFIGURABLE OPT-OUT. The workspace administrator can opt the entire account out of model improvement use. This is the inflection point where Grammarly becomes appropriate for business use with client-sensitive content.

Enterprise — NO TRAINING ON CUSTOMER CONTENT BY DEFAULT per contractual terms; stronger admin controls.

Zero Data Retention availability

  • Available at Business and Enterprise tiers via zero-retention LLM provider contracts for AI rewrite features
  • Custom data handling terms negotiable for Enterprise customers

Plan tiers and pricing (as of early 2026)

TierPrice (USD)Training defaultSuitable for
Free$0Yes; no individual opt-outPersonal use; light corrections only
Premium$12/monthYes; no individual opt-outIndividual professionals; consider Business for client work
Business$15/user/month (3-user min)Admin-configurable opt-outSmall teams
EnterpriseCustomNo training by defaultLarger orgs needing SSO, audit, admin controls

Jurisdiction

  • Primary processor: Grammarly Inc., San Francisco, California, USA (with Kyiv, Ukraine engineering presence)
  • Cloud infrastructure: AWS primarily
  • Third-party AI subprocessors: OpenAI, Anthropic under contractual no-training arrangements for paid Business and Enterprise tiers
  • SOC 2 Type II, ISO 27001 certified; HIPAA available at Enterprise with BAA
  • GDPR-compliant; data stored in the United States with global access by Grammarly engineering teams per published privacy policy

Breach history (public incidents)

February 2018 — Browser extension authentication token vulnerability (Tavis Ormandy / Google Project Zero)

Google Project Zero researcher Tavis Ormandy disclosed a critical vulnerability in Grammarly's browser extension that allowed any visited website to read the user's Grammarly account contents and stored documents. The exposure affected approximately 22 million users. Grammarly patched within hours of disclosure. The vulnerability arose from how Grammarly's browser extension exposed authentication tokens to web pages on which the extension operated.

Sources: Google Project Zero disclosure (February 2018); SecurityWeek coverage

2023 — API security flaw (Salt Labs research)

Salt Labs researchers identified an OAuth-related vulnerability affecting Grammarly, Vidio, and Bukalapak that could have allowed account takeover for affected users. The vulnerability category (OAuth implementation flaw allowing token interception) is one of the most-common authentication issues for SaaS products. Grammarly patched the issue. Salt Labs researcher Yaniv Balmas noted that the issues affected more than one billion users across the three platforms combined.

Source: Infosecurity Magazine coverage of Salt Labs disclosure

No major publicly-disclosed Grammarly AI-specific breach as of May 2026.

Category-level risk: Grammarly's breadth-of-text-access combined with browser-extension architecture creates a particular risk profile — a compromised Grammarly extension or account has access to every text field on every site the user visits. The 2018 disclosure and the 2023 Salt Labs API issue are useful reminders of how this attack surface manifests. The mitigations are: keep the extension updated, use multi-factor authentication on the Grammarly account, periodically review which sites have Grammarly active.

What this means in plain English for SMB owners

Three honest takeaways:

  1. Grammarly sees more of your text than any other AI tool in your environment. This is the structural fact to internalise. The breadth of text classes — email, drafts, chat, code comments, search queries, internal documents — is substantial. Treat this as a data governance question, not a feature decision.
  1. The Free and Premium tiers do not let individual users opt out of training data use. Only Business tier accounts (with admin-configurable opt-out) provide this control. The $15/user/month upgrade from Premium is the inflection point for any team handling client work. For sole proprietors who cannot justify Business tier, the realistic mitigation is per-application control (disable Grammarly on sensitive applications) rather than training opt-out.
  1. App-level controls matter regardless of tier. Grammarly's extension can be disabled per-application; use this for genuinely sensitive applications (legal document drafting, financial spreadsheets, regulated data entry, anything client-confidential). The control exists; using it is operational discipline.

Sources

  • Grammarly privacy and security documentation (grammarly.com/privacy, verified 2026-05-24)
  • Grammarly Trust Center for current certifications
  • Grammarly Business and Enterprise feature documentation
  • Grammarly: Demystifying Generative AI Security Risks blog post (September 2024)
  • Cybershore: Grammarly Security and Privacy Due Diligence Report (September 2024)
  • Google Project Zero disclosure of browser extension vulnerability (February 2018)
  • SecurityWeek: Grammarly Rushes to Patch Flaw Exposing User Data (2018)
  • Infosecurity Magazine: API Security Flaw Impacted Grammarly Vidio and Bukalapak (Salt Labs research coverage)
  • UpGuard: Grammarly Security Rating vendor risk report (verified 2026-05-21)

Related on AI Leakage