Security at Miro

Millions of users and companies across the globe do their
best collaborative work in Miro. We hold ourselves to
industry-leading privacy and security standards and take
the responsibility of keeping your data secure and private
seriously.

Compliance

The security of your data is our highest priority.
With independent, third-party assurance, we are committed
to protecting both our systems and your data.
CSA Cloud Security Alliance
CSA
Cloud Security Alliance
View CSA certification
SOC 2 Type II
SOC 2 Type II
SOC for Service Organizations
Request our SOC2 report
EU/US Privacy Shield
SOC 3
SOC for Service Organizations
Download Miro SOC 3 report
EU/US General Data Protection Regulation
CCPA
California Consumer Privacy Act
California Consumer Privacy Act
EU/US GDPR
General Data Protection Regulation
EU/US General Data Protection Regulation
NIST
National Institute of Standards
and Technology

Want to learn more from
our security whitepaper?

Contact us
Key Security
and Privacy Features
  • Need Help with Compliance
    or Security?
  • Global Data Center Security
  • General Data Protection Regulation
    (GDPR)
  • California Consumer Privacy Act
    (CCPA)
  • Third-Party Oversight
    (Watching the Watchers)
  • Payment Processing
  • Regular Secure Backups Data Residency

Need Help with Compliance or Security?

Miro has a dedicated Compliance and Security staff, ready to assist you with the complexities of global data regulations, management, and oversight. We will help you navigate the global regulatory landscape.

Global Data Center Security

Miro infrastructure is hosted within Amazon Web Services (AWS), with regions throughout the world, overlaying and augmenting AWS compliance and security programs. This is designed to follow international security standards and regulations, while protecting confidentiality, data sovereignty and data privacy regulations.

General Data Protection Regulation (GDPR)

Miro adheres to GDPR standards and is registered within the EU with relevant Data Authorities. Miro relies on the Standard Contractual Clauses (SCCs) as a data transfer mechanism.

Miro customers who are data controllers can download and export all files and boards at any point in time. Your boards stay as accessible as you want them to be and under your control with administrative settings to ensure conformity and access when you need it.

California Consumer Privacy Act (CCPA)

Miro does not sell your data and is compliant with service provider requirements under the California Consumer Privacy Act. We're committed to work with our clients to fulfill any CCPA requests received.

Third-Party Oversight (Watching the Watchers)

Miro takes data security seriously. Miro ensures that our programs are audited under the SSAE 18 SOC 2 standards, with SOC 2 and SOC 3 reports available for customers and prospects. Additionally, Miro believes in full transparency — no hiding behind an auditor report. Customer engagement around security is paramount; it is your data!

Payment Processing

All payment-related services are provided by Stripe, certified to PCI DSS Level 1. No one at Miro can store or access sensitive payment information.

Regular Secure Backups

Miro customer data is regularly stored and secured to ensure the safety of your data. Accidentally deleted a board? Please contact us or see our Help Center for additional information on how to restore boards.

Data Residency Policy statement

Miro has made a commitment to our customers to ensure that their personal information is maintained and secured in accordance with various regulations around the world, including the European Union’s (EU) General Data Protection Regulation (GDPR). This is not a new policy at Miro, but we are committed to providing more insight and transparency into our operations and data protections, especially in light of the recent Schrems II decision which invalidated Privacy Shield.

Over the past year, Miro has continued working proactively to ensure alignment with GDPR for our EU-based customers. This has included modifying the architecture of our application to support 100% hosting of customer content within the EU. We’ve also made improvements within our authentication model to guarantee that board content and non-user generated content remain within the boundaries of the EU.

This commitment was underway prior to the Schrems II decision and Miro has taken pre-emptive action to ensure that we can support our customers in a post-Schrems world.

Beyond the logical and physical work that has been done to ensure that we have aligned to our customer’s needs within the EU, our Legal and Trust teams have been hard at work, as well. Our commitment to our customers’ regulatory and compliance needs can be seen in our revised Standard Contractual Clauses (SCC) and the addition of new Controller/Processor items such as Transfer Impact Assessments (TIA). Though these are fairly new requirements, we have quickly aligned our people and processes to ensure that when working with our customers, hire additional legal resources, and continue to provide proper documentation and processes for our customers.

We look forward to being your partner in regulatory, legal and compliance requirements within the EU and elsewhere.

More information may be found:

Miro Terms of Service
Miro Privacy Policy

Service Uptime and
Constant Monitoring

We established a consistent uptime track record powered
by a reliable monitoring system that ensures select employees
are instantly notified of all possible safety risks.
Check Miro Status

Security FAQ

  • Yes, regardless of which Miro plan rest assured your data is securely managed and held. With TLS 1.2 or higher for transit and AES 256 at rest, in compliance with GDPR and CCPA standards, your data is secured to the highest levels at no additional cost.

    For advanced security, privacy, and administrative controls, please contact us to learn more about Miro Enterprise.
  • Miro Enterprise provides the following features to help you ensure team members can collaborate in Miro while maintaining security and privacy.
  • Miro maintains all production data within the EU (Ireland) and US (Virginia). Additionally, all data transfers conform to EU/US General Data Protection Regulation (GDPR) requirements under the Standard Contractual Clauses (SCCs).

Want to learn more from
our security whitepaper?

Contact us
Get Miro app
Add ideas, digitize sticky notes, and leave comments on the go with Miro mobile app