720-891-1663
Return to the list of client alerts
Grammarly is the very popular writing aid tool company that went from broke to billions.
Basically, it is a keystroke logger that sends every keystroke back to their servers for interpretation and recommendation.
They have offices in Kyiv, Berlin, Vancouver and at home on multiple continents and are headquartered in San Francisco.
Given this, if you deal in any export controlled information, it is a solid no. No question. No wiggle room.
On their security page the claim a lot of attestations including SOC-2 HIPAA, PCI, GDPR, CCPA and others. As you well know, a lot of companies that have been breached also claim these.
Still, companies like Microsoft have banned it over the concern of loss of intellectual property.
Some schools love it and others outlaw it, but your 2nd year term paper is probably not much of a secret.
Some professors liken the use of Grammarly to cheating and a student at the University of North Georgia wound up on academic probation over it.
DHS apparently signed an agreement in 2024 to use the free version but the amendment to the normal terms of service effectively eliminates all of the terms in the service. Check it out here.
There are reports of a federal government ban, but I cannot find any confirmation of that.
Bottom line is that if you are comfortable with Grammarly vacuuming every keystroke and having that data potentially visible to folks in other countries, then that is a risk decision you can make.
On the other hand, if the data that you deal with is covered by government regulation like HIPAA, ITAR, CMMC or similar regs, now would be a good time to talk to your attorney about the risk you are assuming.
If you deal with trade secret information (yours or anyone else’s) or information covered by an NDA you also need to consider the risk.
Finally, if you deal with HIPAA covered data you need to get Grammarly to sign a Business Associate Agreement.
Grammarly is only one of many software tools that suck up everything you do and send it somewhere – unknown – and keep it for an unknown amount of time.
If you need help with this, please contact us or your attorney.