We give your ideas
the security they deserve

5 million users across the globe trust us with their information
and we do our best meeting and exceeding the industry standard
to justify your trust.

Compliance certificates

SOC 2 Type II
SOC for Service Organizations

Download Miro SOC 3 Report
Skyhigh Enterprise-Ready
Skyhigh Enterprise-Ready™
CloudTrust Program

Key Security Features

World-class data centers

World-class data centers

Miro server infrastructure is hosted
on Amazon Web Services. AWS compliance program
is designed to follow international security standards
and regulations, while protecting confidentiality and
data privacy. Data centers provide the necessary
means to operate 24 x 7 and protect data from
physical damage and network issues.
Data encryption

Data encryption

When you access Miro, SSL technology protects your information using both server authentication and data encryption in transit. We use TLS with up to 256 AES encryption as supported by the client. SSL implementation at Miro scored "A" on Qualys SSL Server test. Data at rest is protected by using FIPS140-2 standards compliant encryption. Backups are encrypted with AES-256. Passwords are never stored as clear text. They are always hashed and salted securely.
Security program

Security program

We established an information security management
framework helping us ensure you are confident with
Miro hosting your data as if it was stored
locally within your own network. This is accomplished
by assessing risks and continually improving security,
confidentiality, integrity, and availability of the service.
We regularly review and update security policies, carry
out internal security training, perform application and
network security testing, monitor compliance with
security policies, and conduct internal and external
risk assessments.
Payment processing

Payment processing

All payment-related services are provided by Stripe,
one of the most reliable payment processors in the
industry. This is confirmed by a PCI DSS certificate
of the highest level. Nobody at Miro can
store or access sensitive payment information.
Regular backup

Regular backup

User data is stored in failover cluster that is
backed up every 10 minutes. No matter what
happens, your work will stay safe. Even if you
accidentally deleted a board, there is always a
way back: we keep backup copies of deleted
boards for 30 days. Backups of the entire
database are done daily and are stored
separately from the main data center.
Data privacy

Data privacy

You can download and export all your files and
boards at any point in time. Privacy options ensure
that your boards stay as accessible as you want
them to be. Access to user data by Miro
team is strictly regulated and is performed for
troubleshooting purposes only with your approval.

Service Uptime and
Constant Monitoring

We established a consistent uptime track record powered by
a reliable monitoring system that ensures select employees
are instantly notified of all possible safety risks.
Check Miro Status

Security FAQ

Where do you store your user board
and account data?

Miro production systems are housed at third-party subservice organization
data centers and managed service providers located in the EU (Ireland). Subservice
organization data center SOC reports are reviewed at least once a year.
These third-party service providers are responsible for the physical, environmental,
and operational security controls at the boundaries of Miro infrastructure.
Miro is responsible for the logical, network, and application security of our
infrastructure housed at third-party data centers.
Our current managed service provider for processing and storage is responsible for
the logical and network security of Miro services provided through their
infrastructure. Connections are protected through the managed service provider’s
firewall, which is configured in a default deny-all mode.

The content we create is very sensitive and
we don't want to share boards outside our
Miro account. Is it possible?

We provide the following optional restrictions: sharing outside of whitelisted
domains and sharing via public link.
1. You can set a list of trusted domains. Company users will be able to share
their boards with users from the specified domains only.
2. You can restrict sharing company boards publicly. All the boards that have
been previously shared with a public link or embedded to external websites
will become unavailable for public users.

Can anyone at Miro access my boards?

No, without your request and permission no one can view your board content.
Miro restricts access to the production environment to a limited
number of IP addresses and employees.

Do you offer the same level of data protection
to all of your users?

We provide high levels of security to all users, no matter what plan they use.
Please note that Enterprise plan users can leverage additional features, for
example SSO/SAML 2.0 and audit logs.

Want to learn more from
our security whitepaper?

Contact sales
Get Miro app
Add ideas, digitize sticky notes, and leave comments on the go with Miro mobile app