Ask Josh: Is Grammarly Safe to Use?
One of my favorite aspects of writing this Substack is when readers send me questions. I enjoy answering questions and providing useful content and it also makes it easy to pick a topic to write about.
The latest question: “Is it safe to use Grammarly?”
TL;DR: Grammarly (now part of the Superhuman Suite) remains secure and transparent, but AI training and personalization are on by default. Tax pros should ideally opt out of those features and never use Grammarly for sensitive client data.
What is Grammarly?
Grammarly began as an AI-powered writing assistant that checks your spelling, grammar, punctuation, and tone as you write. It works in virtually every application, from email to Google Docs to social media. It offers real-time suggestions through browser extensions, desktop apps, and mobile keyboards. In fact, over 40 million people use Grammarly daily , meaning many of us have been writing with AI for years without even realizing it.
But Grammarly is no longer just a grammar checker. The company has been aggressively expanding into a broader AI productivity platform, and recent changes affect how we should think about data security. For example, when Grammarly acquired the document collaboration startup Coda, it explicitly aimed to turn Grammarly’s tool into an “AI productivity platform” with new generative AI features . This evolution brings powerful new capabilities, and also new considerations for privacy and safety.
The Big News: Major Acquisitions and Rebranding
In mid-2025, Grammarly announced its intent to acquire Superhuman, an AI-native email app . This deal came on the heels of Grammarly’s acquisition of the collaborative docs platform Coda in late 2024, after which Coda’s co-founder Shishir Mehrotra became the new CEO of Grammarly . A few months after the Superhuman acquisition, in October 2025, Grammarly went a step further and rebranded itself as “Superhuman” . In fact, the company’s privacy policy (effective October 29, 2025) now explicitly refers to “Superhuman Platform Inc. (formerly Grammarly)” .
What does this mean in practice? Essentially, the company formerly known as Grammarly now offers what it calls the “Superhuman suite,” which unites Grammarly’s writing assistant, Coda’s all-in-one workspace, and Superhuman’s AI-powered email client under one umbrella . (They’ve even introduced a new product called Superhuman Go, an AI agent that works across your apps.) When you use Grammarly today, you’re actually part of a much larger ecosystem of productivity tools. The combined company envisions building “hundreds of task-specific agents” across these applications to help people work smarter .
Why does this matter for tax professionals? The tool you knew as a simple grammar checker is now integrated into a multi-product AI platform that could touch many aspects of your workflow, documents, emails, and more. All under one corporate umbrella with shared data practices. Next, we’ll look at what Grammarly (now Superhuman) is saying about data security and privacy in this new era.
Current Privacy Policy: What You Need to Know
Data Security: Still Strong. The good news is that Grammarly (now Superhuman Platform Inc.) continues to enforce strong security measures for user data. Your writing is transmitted and stored with encryption (TLS for data in transit and AES-256 for data at rest ). Grammarly’s infrastructure and practices meet rigorous standards: the company holds SOC 2 (Type 2) attestation and maintains multiple ISO certifications (ISO 27001, 27017, 27018, 27701, and even the new ISO 42001 for AI governance) . They also comply with regulations like GDPR and HIPAA, offering Business Associate Agreements for HIPAA-covered clients . Access to user data within the company is tightly restricted to authorized personnel on an as-needed basis . Data ownership remains yours, Grammarly does not claim your text as its property, and it doesn’t sell your content to third parties. In fact, they make money from subscriptions, not from monetizing user content.
AI Training: The Critical Issue That Hasn’t Changed. The biggest ongoing concern for professionals is how Grammarly uses your data to improve its AI models. Grammarly’s algorithms do analyze your text and writing behavior to give you suggestions. By default, the company may leverage random, anonymized samples of user content to refine its algorithms and products for everyone . In plain terms, AI model training is ON by default for individual users. Unless you opt out, some of your writing could be used (in aggregated, de-identified form) to help improve Grammarly’s suggestions and accuracy. You can disable this – there is a setting to turn off “Product Improvement and Training” in your account privacy preferences, which stops Grammarly from using your content in that way.
The key takeaway: if you don’t explicitly opt out, your content is being used to train Grammarly’s AI models (though not shared beyond that, and not in a form that would identify you).
The New “Tailored Assistance” Feature. A recent change in Grammarly’s product is the introduction of personalized assistance features. When these tailored assistance features are enabled, Grammarly will store certain data and associate it with your account to personalize your writing suggestions . In other words, the tool can learn from your specific writing patterns and context (for example, it might adapt to your tone or predict audience reactions) to give more individualized feedback.
This can be useful, but it does mean Grammarly is holding more of your data (content and context) persistently. You have control: users can opt out of each tailored assistance feature by visiting the Feature Customization page in their account settings .
If you turn a feature off, Grammarly will delete any data that was being stored for personalization of that feature . It’s a good idea to review these settings, especially if you prefer not to have your writing habits stored long-term for AI personalization.
Third-Party AI Providers. Another common question is whether your data is shared with any outside AI services. Grammarly has integrated generative AI capabilities (for instance, the GrammarlyGO writing suggestions), and it does use a few third-party large language model providers behind the scenes. According to Grammarly, any information necessary to power these features (your prompt, context, etc.) is shared only with a small number of thoroughly vetted partners for the sole purpose of providing the AI service. Grammarly does not allow those providers to use your content to train their own models.
In other words, if Grammarly’s AI feature uses (say) OpenAI or another LLM under the hood, your text might be sent to their servers to generate a result in that moment, but they are contractually prevented from learning from or storing your data. Grammarly also states that it does not retain prompts in a way that would show up in another user’s results – each customer’s content stays isolated to their account.
What This Means for Tax Professionals
The Expanding Attack Surface: With Grammarly’s evolution into Superhuman, a suite of writing, document, and email tools, the potential exposure of sensitive data has expanded. You’re no longer just dealing with a single purpose grammar checker; you’re dealing with a platform that could touch multiple aspects of your workflow under one roof. For a tax professional, this means more of your day-to-day work (emails, documents, client communications, notes) might flow through a single integrated system. From a security standpoint, a broader integrated platform can create a larger “attack surface” meaning there are simply more channels where data lives and more features interacting with that data. It also means that if you enable Grammarly/Superhuman across your workflow, a lot of information could be accessible within one ecosystem (even if protected by strong security, it’s something to be mindful of).
In short, the convenience of an AI-powered suite comes with the trade-off that any vulnerability or policy change now has a wider scope of impact on your data. For professionals handling ultra-sensitive information, that calls for careful consideration.
For Highly Sensitive Client Data:
The safest approach is still avoidance. For extremely sensitive client materials: think tax returns, Social Security Numbers, EINs, financial statements, or attorney-client privileged communications – the best practice is not to input them into Grammarly (or any AI tool) at all. No matter how secure a service is, minimizing the digital exposure of confidential data is the gold standard for privacy.
Turn off ALL training and personalization immediately. If you do use Grammarly, make sure you opt out of any data usage beyond basic correction. Specifically:
Go to account.grammarly.com/security/privacy in your Grammarly account settings. (If you have a business plan you will be prompted with a link to the admin page)
Toggle off the option for “Product Improvement and Training” (this stops Grammarly from using your content to train its AI models).
Visit account.grammarly.com/customize/features and opt out of any Tailored Assistance features that you don’t absolutely need. Turning these off will delete any personalized data already collected for those features .
Understand the limitations. Grammarly’s software tries to avoid capturing certain sensitive inputs (it ignores fields like passwords, credit card numbers, and other “sensitive fields” on websites on a best-effort basis ). However, this protection doesn’t extend to everything you might consider sensitive.
For example, if you’re typing a client’s SSN or financial data into a Word document or an email body, Grammarly will see it just like any other text. It doesn’t know that, say, an SSN is highly confidential. In short, Grammarly won’t intentionally scrape certain secure fields, but it will process whatever you deliberately type into a document or email. So assume that any text you volunteer into the Grammarly enabled app could be sent to their servers for analysis, and plan accordingly.
Consider the name change implications. Grammarly’s transformation into Superhuman Platform Inc. is more than cosmetic. The acquisitions and rebranding signal an integration of services and data. As the product suite evolves, keep an eye on updates to policies and settings. New integrations between Grammarly, Coda, and Superhuman Mail might introduce different data flows or defaults. It’s wise to stay alert to how your information is being shared across this new ecosystem. (For instance, if Superhuman Mail and Grammarly are now under one platform, could an AI feature draw from both your writing and your email content together? These are the kinds of questions to watch for as the platforms converge.)
Best Practices for Tax Professionals in 2025:
Establish firm wide policies about what types of data can be used with AI tools. Make sure everyone at your practice knows when it’s okay to use tools like Grammarly (for example, drafting a blog post or newsletter) and when it’s not (prepping client tax returns or anything with PII).
Review your settings across all products. If you’re using the Superhuman suite (Grammarly, Coda, Superhuman Mail), go through each one and ensure the privacy settings meet your standards (e.g. disable any optional data sharing or AI training features). Each product may have its own toggles for things like telemetry, AI suggestions, or integrations – align them with your firm’s privacy stance.
Consider Business or Enterprise accounts if available. Grammarly (Superhuman) offers enterprise plans where an administrator can control data settings for all users in an organization. If you have a team of professionals, an enterprise subscription might let you enforce privacy-safe defaults (like disabling model training globally) and manage who can enable which features. It also usually comes with enhanced security assurances and contractual protections.
Limit usage to general business communications. Use Grammarly’s assistance for things like internal emails, marketing content, memos, or articles, not for client deliverables that contain sensitive info. Many tax professionals find Grammarly helpful for client-facing newsletters or polishing website copy. Just draw a hard line that you won’t feed client tax data or legal documents into any AI writing tool.
Never paste raw client data into an AI tool. This might sound obvious, but in the rush of work it can be tempting to let Grammarly “look over” a client letter or fix formatting in a spreadsheet by pasting it somewhere. Don’t do it. The risk isn’t worth it. Keep confidential numbers, IDs, addresses, and anything non-public out of these platforms entirely.
Stay informed. The pace of change with this company has been rapid – two major acquisitions and a full rebrand within a year. Grammarly/Superhuman’s features and policies may continue to evolve quickly. Subscribe to update notices, periodically read their Trust Center or blog, and keep an eye on tech news. Being proactive will ensure you catch any new privacy options or changes in data practices so you can adjust your usage accordingly.
The Bottom Line
Grammarly, now part of Superhuman Platform Inc, still maintains strong security credentials and has been refreshingly transparent about its changes. However, the company’s transformation from a standalone writing assistant to a comprehensive AI productivity suite means a few key things:
Your data potentially touches more systems. Writing that you run through Grammarly may now intersect with documents or emails in the Superhuman suite, increasing the scope of what’s accessible (and what could be exposed in a worst-case scenario).
Default settings still allow your content to train AI models. Unless you opt out, your words can be used (in anonymized form) to improve Grammarly’s algorithms. Great for the product; not so great if those words include client-sensitive info.
New “personalization” features require even more data processing. Tailored suggestions might make your life easier, but they work by remembering and analyzing your writing data over time. It’s a trade-off that you should weigh, especially in a field like tax where confidentiality is paramount.
The corporate structure and product ecosystem are in rapid flux. When a company is adding products and changing names, you should anticipate that policies and integrations will change too. Today’s “Grammarly” is connected to a lot more than it was a year ago. Stay on top of those changes to avoid surprises.
For tax professionals handling sensitive client information, my recommendation remains firm: Immediately opt out of all training and personalization features, limit your use of Grammarly (Superhuman) to non-confidential communications, and establish clear firm-wide policies on AI tool usage. When it comes to client data, the safest course is still to keep such data completely out of cloud based AI. Old-fashioned proofreading and editing may be less convenient, but they carry zero risk of data leakage.
None of this is to say you shouldn’t use the technology at all. Grammarly can be a fantastic aid for general writing and catching mistakes. For drafting blog posts, emails to colleagues, or refining your firm’s marketing materials, it’s a valuable tool that has proven its commitment to security and privacy for those use cases. Just remember where to draw the line. When client confidentiality or legal compliance is on the line, caution should always win over convenience.
Have questions?