If you're using Grammarly for everyday emails or school essays, you're probably fine.
If you're using it for medical notes, legal drafts, HR investigations, or anything under an NDA, you should know what's actually happening with your text before you paste it in.
What actually happens when you paste text into Grammarly
Grammarly is a cloud service. When you type or paste text, it gets sent to Grammarly's servers, processed by their AI, and returned to you with suggestions.
That's not a dark secret. It's how the product works and how most SaaS tools work. But it does mean your text leaves your device every time you use it.
For Grammarly's browser extension, this happens as you type. For the desktop app, it happens on paste. Either way, every sentence you run through Grammarly passes through their infrastructure before it comes back to you.
What Grammarly's privacy policy says
Their policy is more readable than most. A few things worth knowing:
They collect your text to provide the service. They may use your text to improve their AI models, though you can opt out of this in account settings. They say they don't sell personal data to third parties. They retain your data for a period of time after you use the service.
The "don't sell" part is true. Grammarly is not in the business of selling your writing to advertisers or data brokers.
But there are a few things that statement doesn't cover:
- Employees and contractors with infrastructure access can view data as part of their job functions
- Legal requests (subpoenas, court orders) can compel disclosure of stored data
- A security breach at Grammarly means your stored text is part of that breach
- If you're operating under HIPAA, NDA terms, or attorney-client privilege, third-party cloud processing may violate those requirements regardless of Grammarly's intentions
None of this means Grammarly is doing something wrong. They're a legitimate company with real security practices. The issue is structural: when your text lives on someone else's servers, you've handed over some control, and "we don't sell it" doesn't get all of that control back.
Why "we don't sell data" isn't the same as "your data is private"
This is the gap that trips people up.
"We don't sell your data" addresses one specific concern: your text being packaged and sold to advertisers or data brokers. That's a real concern and it's good that Grammarly doesn't do it.
But there are other scenarios it doesn't address. Your data still exists on their servers. It's still accessible to people inside the company. It's still subject to legal process. It still carries breach risk. And if your use case has external privacy requirements (HIPAA, legal privilege, contractual NDAs), the vendor's data sales policy doesn't determine whether you're compliant. The question is whether the data left your control at all.
Who should actually think twice
For most people, this isn't a meaningful risk. But if any of these fit your situation, it's worth considering:
Healthcare workers. HIPAA covers protected health information. Standard Grammarly plans don't include a Business Associate Agreement (BAA). That means using standard Grammarly to check notes containing patient details may not be HIPAA-compliant. Their enterprise plan offers a BAA for covered entities, but the free and paid individual plans don't.
Lawyers. Attorney-client privilege can be affected by disclosure to third parties, including cloud services. The specifics vary by jurisdiction and situation, but using a cloud tool to process privileged communications is worth running by your firm's IT and compliance team.
HR professionals. Investigations, performance reviews, termination documents. If your company has policies about where confidential HR content can be processed, a cloud grammar tool may be out of scope.
Employees under NDAs. If you signed an NDA covering work you're doing, your agreement may restrict sending that content to third-party services. Worth checking the language.
Anyone writing sensitive personal content. Mental health journaling, medical histories, relationship notes. Stuff you'd write differently if you knew it might be readable by someone else someday.
The alternative: grammar checking that stays on your phone
The reason I started building Proofed was exactly this situation. I pasted a sensitive work email into Grammarly and then immediately wondered where that text went.
The technical answer to "stay offline" is Apple's Foundation Models framework. It's an on-device AI that runs local inference with no network calls. I wrote about how it works for grammar checking in more detail.
The short version: Proofed runs the same type of grammar analysis Grammarly does, but entirely on your iPhone. No server. No account. Nothing transmitted. Your text goes in, corrections come out, and nothing leaves the device.
It's not a full replacement for everything Grammarly does. No browser extension. No desktop app. No tone detector that tracks your writing habits over time. For a lot of people, those features matter and Grammarly is the right tool.
But if you need grammar checking on your iPhone and you need your text to stay on your phone, that's the gap Proofed fills.
FAQ
Does Grammarly store your text?
Yes. Grammarly processes your text on their servers and retains it for a period of time. They don't publish a specific retention window in their public policy. You can submit a data deletion request through their privacy settings.
Is Grammarly safe for medical records?
Standard Grammarly plans are not HIPAA-compliant. If you're handling protected health information, you'd need their enterprise plan with a Business Associate Agreement, or you'd need to avoid cloud-based grammar tools entirely.
Can Grammarly see my private documents?
Your text passes through Grammarly's infrastructure, where it's processed by their systems. Grammarly employees with infrastructure access have the technical ability to view data, though their policies prohibit unauthorized access. It's a policy control, not a technical one.
Does Grammarly track your writing?
Grammarly collects data about your usage and the text you input. They use this to provide the service and, unless you opt out, to improve their AI. Their analytics also track things like your writing goals, correction acceptance rates, and usage patterns.
What grammar tools work completely offline on iPhone?
Proofed is built specifically for this. It runs Apple's on-device AI with no network connection required. iOS's built-in spell check also works offline but doesn't do grammar analysis.
Proofed is available on the App Store. No account. No internet required. Your text stays on your phone.