Grammarly · Grammarly Privacy Policy

Cross-Border Data Transfers

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you use Grammarly from outside the US, your personal data — including your writing — is transferred to and stored in the United States, where different privacy laws apply.

Consumer impact (what this means for users)

Your personal data and User Content are stored and processed in the United States, where US government surveillance authorities such as FISA §702 may apply, potentially limiting the protections available under GDPR or your home country's laws.

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

US data protection laws offer fewer statutory protections than GDPR and similar frameworks, meaning users in the EU and other regions may have less legal protection for their data once it is transferred to the US.

View original clause language
Grammarly is based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside of the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those in your country of residence.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Cross-border data transfers from the EU/EEA to the US are regulated under GDPR Chapter V (Arts. 44-49), requiring an adequacy decision, Standard Contractual Clauses (SCCs, Commission Decision 2021/914), or other appropriate safeguards. The EU-US Data Privacy Framework (DPF, adopted July 2023) provides an adequacy mechanism for certified US organizations. UK data transfers are governed by UK GDPR and the UK-US data bridge. The CJEU's Schrems II decision (C-311/18) remains relevant for assessing supplementary measures. Enforcement: EU DPAs (lead authority: Irish DPC), ICO (UK). (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces compliance with the EU-US Data Privacy Framework for US-based organizations claiming DPF certification, including Grammarly.
    File a complaint →

Provision details

Document information
Document
Grammarly Privacy Policy
Entity
Grammarly
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004133
Document ID
CA-D-00456
Evidence Provenance
Source URL
https://www.grammarly.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
d08a9713ff1dfd27ddd4383c3d20e95b0e83f623b74496507b64d9362c696444
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Grammarly | Document: Grammarly Privacy Policy | Record: CA-P-004133
Captured: 2026-04-30 06:25:07 UTC | SHA-256: d08a9713ff1dfd27…
URL: https://conductatlas.com/platform/grammarly/grammarly-privacy-policy/cross-border-data-transfers/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document