Grammarly's privacy policy (now branded under its parent company Superhuman) was updated on July 6, 2026 to expand the types of personal data it collects and clarifies how the policy applies to organizational users. The updated policy now explicitly states it collects 'screen content' and 'web pages' in addition to existing content categories, and adds disclosure of voice data collection for transcription features. For organizational users (employees, students, account managers on behalf of entities), the policy clarifies that it no longer applies to content they upload or output, shifting responsibility to the organization itself.
The updated policy now discloses that Grammarly collects voice data if you use transcription or Notetaker features, including recordings of other participants, and expands its list of collected content to explicitly include screen content and web pages. For users whose accounts are managed by an organization (employer, school, or other entity), the policy clarifies that Grammarly's privacy terms do not apply to the content you upload or output—your organization's privacy terms govern that data instead. This means organizational account users should review their organization's privacy policies rather than relying on Grammarly's policy to understand how their work or educational data is handled.
The updated policy expands transparency regarding voice and screen data collection, and clarifies that organizations providing Grammarly to employees or students are now responsible for privacy governance of organizational user data rather than relying on Grammarly's policy. This affects how organizations document vendor privacy practices, design privacy notices for internal users, and structure data processing agreements with Grammarly.
→ If you use Grammarly's transcription or Notetaker features, review the updated policy disclosure that voice data, including recordings of other participants, is collected.
→ If your account is provided by an employer, school, or organization, ask your organization's privacy or IT team how they handle Grammarly data, since Grammarly's privacy policy no longer governs organizational account content.
→ Voice data collected through transcription features will be processed by Grammarly according to the terms stated in the updated policy, without prior notification if you do not review the disclosure.
→ Organizational account users will have their data privacy governed by their organization's agreements with Grammarly and the organization's own privacy policies, not by Grammarly's standalone privacy policy.
Grammarly's privacy policy no longer applies to content uploaded or output by users with accounts managed by organizations; the organization assumes privacy responsibility for that data.
The policy now explicitly discloses collection of voice recordings for transcription features, including recordings of other participants.
Policy now explicitly lists screen content and web pages as collected content types alongside existing categories.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If your organization provides Grammarly accounts to staff or students, you are now explicitly responsible for explaining privacy terms for their data, since Grammarly's privacy policy does not apply to that content.
If you use Grammarly's transcription or Notetaker features, you are now explicitly told the service collects voice recordings including from others on the call.
This change introduces explicit data collection disclosures (voice data, screen content, web pages) and clarifies the scope of Grammarly's privacy policy for organizational accounts. For organizations providing Grammarly accounts to employees or students, the update states that Grammarly's privacy policy no longer applies to user-uploaded or generated content—the organization assumes responsibility for privacy governance of that data. Organizations should review whether their existing Data Privacy Addendums, processing agreements, or privacy notices already account for this carve-out, and whether their own privacy policies adequately describe how Grammarly processes organizational customer data. The expansion of collected data types (voice, screen content, web pages) may trigger review of data minimization and processing necessity under GDPR, CCPA, or similar privacy frameworks, particularly if these data types are processed beyond the stated transcription use case.
GDPR (data collection and processing lawfulness principles), CCPA (consumer rights over collected personal information), PIPEDA (Canadian privacy standards), UK-GDPR (UK privacy requirements explicitly mentioned in policy scope). The explicit collection of voice data and screen content may implicate GDPR Article 5 (data minimization and lawfulness), GDPR Article 6 (lawful basis for processing), and GDPR Article 13/14 (transparency requirements). CCPA Section 1798.100 (consumer right to know what personal information is collected). The organizational account carve-out may affect DPA requirements and processor liability under GDPR Article 28.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003514.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorGet alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.