Security at Miro

Miro has a dedicated Compliance and Security staff, ready to assist you with the complexities of global data regulations, management, and oversight. We will help you navigate the global regulatory landscape.

Miro infrastructure is hosted within Amazon Web Services (AWS), with regions throughout the world, overlaying and augmenting AWS compliance and security programs. This is designed to follow international security standards and regulations, while protecting confidentiality, data sovereignty and data privacy regulations.

Miro adheres to GDPR standards and is registered within the EU with relevant Data Authorities. Miro relies on the Standard Contractual Clauses (SCCs) as a data transfer mechanism.

Miro customers who are data controllers can download and export all files and boards at any point in time. Your boards stay as accessible as you want them to be and under your control with administrative settings to ensure conformity and access when you need it.

Miro does not sell your data and is compliant with service provider requirements under the California Consumer Privacy Act. We're committed to work with our clients to fulfill any CCPA requests received.

Miro takes data security seriously. Miro ensures that our programs are audited under the SSAE 18 SOC 2 standards, with SOC 2 and SOC 3 reports available for customers and prospects. Additionally, Miro believes in full transparency — no hiding behind an auditor report. Customer engagement around security is paramount; it is your data!

All payment-related services are provided by Stripe, certified to PCI DSS Level 1. No one at Miro can store or access sensitive payment information.

Miro customer data is regularly stored and secured to ensure the safety of your data. Accidentally deleted a board? Please contact us or see our Help Center for additional information on how to restore boards.