California Resident Rights and Opt-Out of Sale or Sharing

What it is

If you live in California, you have specific legal rights over your data including the ability to see what Grammarly collects, delete it, correct it, and stop Grammarly from selling or sharing it with third parties.

Why it matters (compliance & governance perspective)

California's CCPA and CPRA give residents stronger data rights than many other US states, including the right to opt out of data sharing for advertising, which is practically significant given Grammarly's acknowledged use of data with business partners.

Consumer impact (what this means for users)

California residents can actively limit how their personal information is used and shared, including opting out of data sharing with business partners, which may reduce targeted advertising or secondary data uses; exercising these rights requires submitting a request through Grammarly's privacy portal.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision directly implements CCPA and CPRA requirements, enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. Key CPRA obligations include the right to limit use of sensitive personal information and the right to opt out of sharing for cross-context behavioral advertising. Non-compliance with opt-out request mechanisms can result in regulatory enforcement and civil penalties. GOVERNANCE EXPOSURE: Medium. The provision discloses the rights but compliance depends on the operational functionality of the opt-out and deletion mechanisms, the response time and process for honoring requests, and whether all categories of 'sharing' within the CPRA definition are covered by the opt-out offered. JURISDICTION FLAGS: These rights apply specifically to California residents. Organizations with California-based users should ensure their own privacy notices reflect Grammarly's data practices and that employees are aware of available data rights. Other US states with similar laws (Virginia, Colorado, Connecticut, Texas) may have analogous rights that Grammarly's policy may or may not address with equal specificity. CONTRACT AND VENDOR IMPLICATIONS: Enterprises with California-based employees using Grammarly's consumer product should assess whether employee data rights under CPRA are adequately addressed through consumer-facing mechanisms or require enterprise-specific agreements. Vendor assessments should include verification of Grammarly's CPRA opt-out signal support including Global Privacy Control (GPC) compliance. COMPLIANCE CONSIDERATIONS: Privacy compliance teams should verify that Grammarly honors opt-out requests within the 15-business-day period required under CPRA and that the privacy portal is functional and accessible. Organizations acting as employers should assess whether the use of Grammarly's consumer product by employees creates obligations under their own CPRA compliance programs.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• User Content Used for AI Model Training high
• Data Sharing with Business Partners and Third Parties medium
• Corporate Transaction Data Transfer medium
• EEA and UK User Rights under GDPR medium
• Age Restriction and Children's Data medium
• Cross-Border Data Transfers medium

Related Analysis

• OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

  Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.