Secure from day one

Protecting your data is our top priority


Your data isn’t the product

We want you to read our terms of use. What you write will never make it into our machine learning models. Your data is analyzed transiently, so what you write in your online tools stays there.


“We wouldn’t be able to use a product like Writer if it didn’t pass our stringent security standards. Their HIPAA-compliancy screening, privacy policies, and data analytics checked all of our boxes.”

Justin McIntosh from McKesson

Justin McIntosh
Content Strategy Manager

Privacy at Writer is more than just a policy

Privacy at Writer is more than just something we do for legal compliance. It’s why we built a secure AI writing platform as an alternative to consumer tools.

Read our privacy policy →
Enterprise-grade security

security features

Secure access

Secure access

Manage access centrally with SSO and control permissions by role. Audit and report on activity with granular logs. Enable multi-factor authentication for even greater protection.

Secure configuration

Secure configuration

Choose a configuration that fits your requirements. Deploy behind your firewall? With a VPN? For some apps only? Restrict IPs? We’ve got you.



Get real-time and historical platform status and a 99.9% uptime commitment on our Enterprise plan. We’ve had 99.99% uptime the last 12 months.


Enterprise-grade security

Writer has a comprehensive privacy and security program.
We invest in compliance because protecting your data is our top priority.

Trust at Writer

Security highlights

Cloud infrastructure

Writer is a fully cloud-based service. We’re hosted on Google Cloud Platform (GCP). The physical servers are located in GCP US-Central 1 and access to them is managed by Google Identity and Access Management (IAM). Backup data is stored across various GCP US-West sites. You can find more information about GCP’s security practices here, and in their security whitepaper here. No data is stored outside the US.

How we process data

Writer stores the following customer data:

  • User login information (which includes PII)
  • Terms: Words and phrases customers maintain for special treatment by the platform
  • Snippets: Blocks of standard text customers maintain for ease and consistency
  • Style guides: Rules and settings customers maintain for ease and consistency

Transient content

Writer doesn’t store content that customers submit for analysis for any length of time longer than is needed to examine the content and return content corrections and suggestions. More details about our privacy policy are at


Key management

Writer uses Google’s Cloud Key Management Service for creating, maintaining, and rotating all symmetric and assymetric encryption keys.


Writer uses Transport Layer Security (TLS 1.2 or better) to protect user data as information is in transit. HTTPS traffic is terminated on Google Cloud Loadbalancer after passing through Google Cloud Armor WAF. Certificates and keys are managed directly by the loadbalancers.


Data stored by Writer is encrypted at-rest by GCP with AES 256-bit secret keys.

Network security

Writer’s infrastructure is provisioned within an isolated production project on the Google Cloud Platform. The production project runs in a Virtual Private Cloud behind the declaratively-managed Google Cloud Firewall. Administrative access to the production environment is controlled by Google IAM requiring strong passwords, multifactor authentication, and strong end-to-end encryption.

User data privacy

The privacy of stored customer data is fundamental at Writer, and access to it is subject to published (and strict) policies and procedures. All access to our internal administration tools is logged and periodically reviewed. Access to user data is restricted and only granted as is deemed required for job function. Any access to user data requires security approval for access.

Access management

Writer employees have company-managed computers with full-disk encryption, lock-screen passwords with low timeouts, and remote wipe enabled. All personal mobile devices that access Writer systems are subject to the same management and security policies. Company systems use a single sign-on system using multi-factor authentication with strong passwords. Only Writer-managed devices (including personal mobile devices) can access our internal systems and other external systems.


Writer has been audited for several privacy and security standards and has received the following certifications:

SOC 2 Type II

Writer undergoes regular Service Organization Controls audits (SOC 2 Type II) performed by an independent third-party auditing firm. You can ask your sales rep or customer success manager for a copy of our latest SOC 2 Type II report, or email with your request.


Writer is in full compliance with European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) provisions.


Writer offers Enterprise customers the option to enter into a data processing agreement where Writer commits to process and safeguard personal data per GDPR requirements. You can view our data processing agreement here.


HIPAA compliance is available on our Enterprise plan. You can ask your sales rep or customer success manager for a signed Business Associate Agreement (BAA). You may also email with your request.


Writer maintains PCI compliance, following stringent industry standards for storing, processing, and transmitting credit card information online.

Privacy Shield

We are members of the EU-U.S. Privacy Shield framework. You can view our full privacy policy at

Penetration testing

Writer conducts third-party vulnerability audits and security pen tests. The last pen test was conducted January 2022. You can ask your sales rep or customer success manager for a copy, or email with your request.

Security practices

All production environments require VPN and multifactor authentication. Writer has separate environments for development, testing, and production. All employees go through background checks before employment. All employees go through general security training twice a year, and engineers go through additional security training to gain access to production systems. Access to sensitive systems is on a need-to-know basis, and sensitive admin actions trigger notifications, which are logged and reviewed in real-time. Writer has a robust program to detect and respond to incidents, recover service, and maintain business continuity in the event of a disaster. You can ask your sales rep or customer success manager for a copy of our SSDLC documentation, or email with your request.

Service availability

Writer has had an uptime of 99.99% over the past 12 months. Enterprise customers are provided with a 99.99% SLA. We use a microservices architecture to ensure minimal impact on system health in the case of failure of one or more components. You can track Writer’s availability through our status page at, where you can subscribe to updates via email or text message.

Dedicated personnel

Writer has dedicated security personnel who oversee:

  • Everything related to security, privacy, access, reliability, and disaster response
  • Ongoing risk assessment, vulnerability management, and incident recovery
  • Security training for employees and company and employee device management

Contact our security team:

Security questions?

If you have security questions or think you may have found a vulnerability in Writer, please get in touch.