Monday, August 14, 2023

GrammarlyGO Training on User Content With Questionable Opt Out

Rahul Roy-Chowdhury:

GrammarlyGO provides on-demand generative AI communication assistance directly in the apps where people write. Whether in an email thread or a long-form document, GrammarlyGO is right there with you and your teams during the writing process. GrammarlyGO understands context to quickly generate high-quality, task-appropriate writing and revisions.

Karolina Szczur (via Hacker News):

any product i’m using that announces AI features makes me instantly suspicious about privacy & security of my data. perfect example? grammarly.


i immediately contacted support asking:

  • how it was trained
  • can i opt out

it took me a while to get an honest answer but the ONLY way you can opt out is to pay for a business subscription for 500+ people.

Suha (Vocalize4754):

I’m Grammarly’s CISO.


When it comes to our genAI features, we use Microsoft Azure as our LLM provider and don’t allow Azure, or any third party, to use our customers’ data to train their models—this is contractually mandated. For text analyzed by Grammarly to provide revision suggestions (like adjusting tone or making text more concise), we may retain randomly sampled, anonymized, and de-identified data to improve the product. This data is disassociated from user accounts and ONLY used in aggregate.

We’ve devoted a ton of time and resources to developing methods that ensure the training data is anonymized and de-identified. And any Grammarly user (Free, Premium, Business) can view the data associated with their account by requesting a personal data report from us.

Re: opt-out: When we go through a security review with a business, if requested, that business can completely opt out of Grammarly training on their de-identified and anonymized data—opt-out is not limited to a 500+ license size.

This seems to directly contradict what Szczur was told by customer support.

I don’t see how viewing data associated with your account would be helpful if the worry is that the text isn’t properly cleaned before going into the anonymized soup. If they don’t store where it came from, you won’t be able to see which text you contributed.


1 Comment RSS · Twitter · Mastodon

Ok, so say I write in my document "My password is KNIVES-funnel-parse". No amount of anonymising will make that safe to store anywhere. It's mere existence in any database is a security risk. To suggest that de-identifying or anonymizing is in any way sufficient to render information “safe” is disingenuous at best.

Leave a Comment