Security and privacy

Hemingway Editor Plus keeps your data private.

Hemingway Editor Plus is built to improve writing without turning your documents into stored customer records or AI training data.

No document storage

We don't store your documents on our servers.

No AI training

We do not use your content to train AI models and will never sell it to a third party.

Secure sign-in

We authenticate through your email or Google account with no passwords that can be compromised.

Security details

Hemingway Editor Plus

Editor Plus is the web-based product. These details cover its cloud hosting, authentication, AI processing, permissions, and compliance posture.

Security overview

Hemingway Editor Plus is a cloud-based software-as-a-service application. It is a writing analysis and improvement tool that helps teams improve mass communications, internal communications, grants, sales proposals, and other written work.

The product uses a mix of code-based document analysis and cloud-based artificial intelligence to score and rewrite documents. It has no installable software components or browser plugins.

Teams often deem Editor Plus low-risk because content edited in Hemingway is usually intended to become public once the writer has finished editing it.

User authentication

Hemingway Editor Plus supports two secure authentication methods: Google Login and one-time magic links sent by email.

This approach avoids Hemingway-managed passwords. It also lets organizations enforce the two-factor authentication and security controls they already use for email or Google accounts.

Editor Plus does not currently support SAML or SSO.

Hosting and encryption

Hemingway Editor Plus is hosted on Render, a platform-as-a-service provider built on Amazon Web Services and Google Cloud. Servers and storage are hosted in the United States for all users. Render lists SOC 2 Type 2 among its compliance standards.

Editor Plus uses AES-256 encryption for secure communication, including communication with client web browsers and between servers. Data retained in the database is encrypted at rest.

Privacy, PII, data retention, and AI training

Hemingway Editor Plus collects usage metrics and error logging through Google Analytics, Mixpanel, and Sentry. This product usage information is used for product improvement and is not shared beyond those sub-processors.

The only required personally identifiable information shared with Editor Plus is the names and emails of users on an account. PII could also be included if a user puts it in a document they edit with Hemingway.

Editor Plus does not provide a mechanism for uploading and storing documents on our servers. When analyzing or rewriting parts of a document, Hemingway transmits the content to our server, relays it to an LLM hosting provider, and returns the result to the user. Hemingway currently uses OpenAI, Google, or Anthropic for LLM hosting.

We do not store document content after processing. Content is processed in memory and discarded. LLM providers may retain content temporarily, usually for 30 days, for security audits before discarding it. LLM providers cannot use customer data to train AI models.

Your organization retains copyright and ownership of content written by large language models on your behalf. Hemingway does not get control of the content you upload or generate.

User account data retained in Hemingway systems can be deleted at your request. This retained data is limited to user account information.

User roles and permissions

Hemingway Editor Plus includes three roles with different levels of access to sensitive resources.

  • Admin Only: for IT, finance, or other admins who need to manage billing, team members, and permissions, but do not use editing features. This role does not consume a Team Plan user license.
  • Admin User: similar to Admin Only, with the added ability to use Hemingway editing features. This role consumes a Team Plan user license.
  • User: for general team members. Users can access editing features and consume a user license, but cannot access billing or team management.

Security audits

Hemingway Editor Plus does not yet have SOC 2 or ISO certification.

If your organization has security, procurement, or vendor review questions that are not covered here, contact us and we can route the request for review.

Hemingway Editor Classic for Mac and PC

Classic is the downloadable desktop product. It uses a local-only security model for organizations that need content to stay on the device.

Desktop app security model

Hemingway Editor Classic for Mac and PC is a downloadable desktop app, not a web app.

Classic does not connect to Hemingway servers. Your writing stays on your device, and your content never leaves your device.

Classic includes Hemingway readability analysis and issue highlighting, but it does not include the AI rewriting, tone, length, or other AI features available in Editor Plus.

Because Classic runs locally and does not use AI, it is a strong choice for organizations that require absolute data and content security. It also works well for teams that do not want to use AI tools or cannot use them.

Need a security review? Have other questions?

If your organization needs additional vendor, procurement, or security review information, contact Hemingway support and we will route the request to the right team.

Contact support