Secure from day one

Protecting your data is our top priority

Security

Your data isn’t the product

We want you to read our terms of service. What you write will never make it into our machine learning models. Your data is analyzed transiently, so what you write in your online tools stays there.


Compare Writer to
Grammarly Business →
Privacy

“We wouldn’t be able to use a product like Writer if it didn’t pass our stringent security standards. Their HIPAA-compliancy screening, privacy policies, and data analytics checked all of our boxes.”

Justin McIntosh from McKesson

Justin McIntosh
Content Strategy Manager
CoverMyMeds

Privacy at Writer is more than just a policy

Privacy at Writer is more than just something we do for legal compliance. It’s why we built a secure AI writing assistant as an alternative to consumer tools.


Read our privacy policy →
Privacy
Enterprise-grade security

Enterprise-grade
security features

Secure access

Secure access

Manage access centrally with SSO and control permissions by role. Audit and report on activity with granular logs. Enable multi-factor authentication for even greater protection.

Secure configuration

Secure configuration

Choose a configuration that fits your requirements. Deploy behind your firewall? With a VPN? For some apps only? Restrict IPs? We’ve got you.

Reliability

Reliability

Get real-time and historical platform status and a 99.9% uptime commitment on our Enterprise plan. We’ve had 99.99% uptime the last 12 months.

COMPLIANCE

Enterprise-grade security

Writer has a comprehensive privacy and security program.
We invest in compliance because protecting your data is our top priority.

GDPR
Privacy Shield
HIPAA Compliant
AICPA SOC
PCI Security Standards Council
Trust at Writer

Security highlights

Cloud infrastructure

Writer is a fully cloud-based service. We’re hosted on Google Cloud Platform (GCP). The physical servers are located in GCP US-Central 1 and access to them is managed by Google Identity and Access Management (IAM). Backup data is stored across various GCP US-West sites. You can find more information about GCP’s security practices here, and in their security whitepaper here. No data is stored outside the US.

How we process data

Writer stores the following customer data:

  • User login information (which includes PII)
  • Terms: Words and phrases customers maintain for special treatment by the platform
  • Snippets: Blocks of standard text customers maintain for ease and consistency
  • Styleguides: Rules and settings customers maintain for ease and consistency

Transient content

Writer doesn’t store content that customers submit for analysis for any length of time longer than is needed to examine the content and return content corrections and suggestions. More details about our privacy policy are at writer.com/privacy.

Encryption

Key management

Writer uses Google’s Cloud Key Management Service for creating, maintaining, and rotating all symmetric and assymetric encryption keys.

In-flight

Writer uses Transport Layer Security (TLS 1.2 or better) to protect user data as information is in transit. HTTPS traffic is terminated on Google Cloud Loadbalancer after passing through Google Cloud Armor WAF. Certificates and keys are managed directly by the loadbalancers.

At-rest

Data stored by Writer is encrypted at-rest by GCP with AES 256-bit secret keys.

Network security

Writer’s infrastructure is provisioned within an isolated production project on the Google Cloud Platform. The production project runs in a Virtual Private Cloud behind the declaratively-managed Google Cloud Firewall. Administrative access to the production environment is controlled by Google IAM requiring strong passwords, multifactor authentication, and strong end-to-end encryption.

User data privacy

The privacy of stored customer data is fundamental at Writer, and access to it is subject to published (and strict) policies and procedures. All access to our internal administration tools is logged and periodically reviewed. Access to user data is restricted and only granted as is deemed required for job function. Any access to user data requires security approval for access.

Access management

Writer employees have company-managed computers with full-disk encryption, lock-screen passwords with low timeouts, and remote wipe enabled. All personal mobile devices that access Writer systems are subject to the same management and security policies. Company systems use a single sign-on system using multi-factor authentication with strong passwords. Only Writer-managed devices (including personal mobile devices) can access our internal systems and other external systems.

Compliance

Writer has been audited for several privacy and security standards and has received the following certifications:

SOC 2 Type II

Writer undergoes regular Service Organization Controls audits (SOC 2 Type II) performed by an independent third-party auditing firm. You can ask your sales rep or customer success manager for a copy of our latest SOC 2 Type II report, or email [email protected] with your request.

GDPR and CCPA

Writer is in full compliance with European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) provisions.

DPA

Writer offers Enterprise customers the option to enter into a data processing agreement where Writer commits to process and safeguard personal data per GDPR requirements. You can download our Data Processing Addendum here.

HIPAA

HIPAA compliance is available on our Enterprise plan. You can ask your sales rep or customer success manager for a signed Business Associate Agreement (BAA). You may also email
[email protected] with your request.

PCI

Writer maintains PCI compliance, following stringent industry standards for storing, processing, and transmitting credit card information online.

Privacy Shield

We are members of the EU-U.S. Privacy Shield framework. You can view our full privacy policy at writer.com/privacy.

Penetration testing

Writer conducts third-party vulnerability audits and security pen tests. The last pen test was conducted March 2021. You can ask your sales rep or customer success manager for a copy, or email [email protected] with your request.

Security practices

All production environments require VPN and multifactor authentication. Writer has separate environments for development, testing, and production. All employees go through background checks before employment. All employees go through general security training twice a year, and engineers go through additional security training to gain access to production systems. Access to sensitive systems is on a need-to-know basis, and sensitive admin actions trigger notifications, which are logged and reviewed in real-time. Writer has a robust program to detect and respond to incidents, recover service, and maintain business continuity in the event of a disaster. You can ask your sales rep or customer success manager for a copy of our SSDLC documentation, or email [email protected] with your request.

Service availability

Writer has had an uptime of 99.99% over the past 12 months. Enterprise customers are provided with a 99.99% SLA. We use a microservices architecture to ensure minimal impact on system health in the case of failure of one or more components. You can track Writer’s availability through our status page at status.writer.com, where you can subscribe to updates via email or text message.

Dedicated personnel

Writer has dedicated security personnel who oversee:

  • Everything related to security, privacy, access, reliability, and disaster response
  • Ongoing risk assessment, vulnerability management, and incident recovery
  • Security training for employees and company and employee device management

Security questions?

If you have security questions or think you may have found a vulnerability in Writer, please get in touch.