Security at Miro
Millions of users and companies across the globe do their
best collaborative work in Miro. We hold ourselves to
industry-leading privacy and security standards and take
the responsibility of keeping your data secure and private
seriously.
best collaborative work in Miro. We hold ourselves to
industry-leading privacy and security standards and take
the responsibility of keeping your data secure and private
seriously.
Compliance
The security of your data is our highest priority.
With independent, third-party assurance, we are committed
to protecting both our systems and your data.
With independent, third-party assurance, we are committed
to protecting both our systems and your data.

CCPA
California Consumer Privacy Act

EU/US GDPR
General Data Protection Regulation

NIST
National Institute of Standards
and Technology
and Technology
Want to learn more from
our security whitepaper?
Contact us
Key Security
and Privacy Features
and Privacy Features
Need Help with Compliance or Security?
Miro has a dedicated Compliance and Security staff, ready to assist you with the complexities of global data regulations, management, and oversight. We will help you navigate the global regulatory landscape.
Global Data Center Security
Miro infrastructure is hosted within Amazon Web Services (AWS), with regions throughout the world, overlaying and augmenting AWS compliance and security programs. This is designed to follow international security standards and regulations, while protecting confidentiality, data sovereignty and data privacy regulations.
General Data Protection Regulation (GDPR)
Miro adheres to GDPR standards and is registered within the EU with relevant Data Authorities. Miro relies on the Standard Contractual Clauses (SCCs) as a data transfer mechanism.
Miro customers who are data controllers can download and export all files and boards at any point in time. Your boards stay as accessible as you want them to be and under your control with administrative settings to ensure conformity and access when you need it.
Miro customers who are data controllers can download and export all files and boards at any point in time. Your boards stay as accessible as you want them to be and under your control with administrative settings to ensure conformity and access when you need it.
California Consumer Privacy Act (CCPA)
Miro does not sell your data and is compliant with service provider requirements under the California Consumer Privacy Act. We're committed to work with our clients to fulfill any CCPA requests received.
Third-Party Oversight (Watching the Watchers)
Miro takes data security seriously. Miro ensures that our programs are audited under the SSAE 18 SOC 2 standards, with SOC 2 and SOC 3 reports available for customers and prospects. Additionally, Miro believes in full transparency — no hiding behind an auditor report. Customer engagement around security is paramount; it is your data!
Payment Processing
All payment-related services are provided by Stripe, certified to PCI DSS Level 1. No one at Miro can store or access sensitive payment information.
Regular Secure Backups
Miro customer data is regularly stored and secured to ensure the safety of your data. Accidentally deleted a board? Please contact us or see our Help Center for additional information on how to restore boards.
Service Uptime and
Constant Monitoring
We established a consistent uptime track record powered
by a reliable monitoring system that ensures select employees
are instantly notified of all possible safety risks.
Check Miro Status
by a reliable monitoring system that ensures select employees
are instantly notified of all possible safety risks.
Security FAQ
Do you offer the same level of data
protection to all your users?
protection to all your users?
Yes, regardless of which Miro plan rest
assured your data is securely managed and
held. With TLS 1.2 or higher for transit and
AES 256 at rest, in compliance with GDPR and
CCPA standards, your data is secured to the
highest levels at no additional cost.
For advanced security, privacy, and
administrative controls, please contact us to
learn more about Miro Enterprise.
assured your data is securely managed and
held. With TLS 1.2 or higher for transit and
AES 256 at rest, in compliance with GDPR and
CCPA standards, your data is secured to the
highest levels at no additional cost.
For advanced security, privacy, and
administrative controls, please contact us to
learn more about Miro Enterprise.
The content we create is very sensitive and we don't want to share boards outside our Miro account. Is it possible?
Miro Enterprise provides the following features to
help you ensure team members can collaborate in
Miro while maintaining security and privacy.
help you ensure team members can collaborate in
Miro while maintaining security and privacy.
- Domain whitelisting allows you to set a list of
trusted domains by whitelisting specific
domains. Only users with emails in listed
domains can be invited to your account. - Link access controls allows you to to disable
users from sharing boards via public link,
ensuring only users who are part of your
account can access specific boards. - Domain control allows you to verify ownership of
corporate domains and provides the control
needed to maintain a centrally-managed
Enterprise subscription.
Where do you store your user board
and account data?
and account data?
Miro maintains all production data within the EU (Ireland) and US (Virginia). Additionally, all data transfers conform to EU/US General Data Protection Regulation (GDPR) requirements under the Standard Contractual Clauses (SCCs).