We give your ideas
the security they deserve
3 million users across the globe trust us with their information
and we do our best meeting and exceeding the industry standard
to justify your trust.
and we do our best meeting and exceeding the industry standard
to justify your trust.
Compliance certificates
SOC 2 Type II
SOC for Service Organizations
SOC for Service Organizations
Skyhigh Enterprise-Ready™
CloudTrust Program
CloudTrust Program
Key Security Features
World-class data centers
Miro server infrastructure is hosted
on Amazon Web Services. AWS compliance program
is designed to follow international security standards
and regulations, while protecting confidentiality and
data privacy. Data centers provide the necessary
means to operate 24 x 7 and protect data from
physical damage and network issues.
on Amazon Web Services. AWS compliance program
is designed to follow international security standards
and regulations, while protecting confidentiality and
data privacy. Data centers provide the necessary
means to operate 24 x 7 and protect data from
physical damage and network issues.
Data encryption
When you access Miro, SSL technology
protects your information using both server
authentication and data encryption in transit.
We use TLS with up to 256 AES encryption as supported by
the client. SSL implementation at Miro
scored "A" on Qualys SSL Server test. Data at
rest is protected by using FIPS140-2 standards
compliant encryption. Backups are encrypted with AES-256.
Passwords are never stored as clear text.
They are always hashed and salted securely.
Security program
We established an information security management
framework helping us ensure you are confident with
Miro hosting your data as if it was stored
locally within your own network. This is accomplished
by assessing risks and continually improving security,
confidentiality, integrity, and availability of the service.
We regularly review and update security policies, carry
out internal security training, perform application and
network security testing, monitor compliance with
security policies, and conduct internal and external
risk assessments.
framework helping us ensure you are confident with
Miro hosting your data as if it was stored
locally within your own network. This is accomplished
by assessing risks and continually improving security,
confidentiality, integrity, and availability of the service.
We regularly review and update security policies, carry
out internal security training, perform application and
network security testing, monitor compliance with
security policies, and conduct internal and external
risk assessments.
Payment processing
All payment-related services are provided by Stripe,
one of the most reliable payment processors in the
industry. This is confirmed by a PCI DSS certificate
of the highest level. Nobody at Miro can
store or access sensitive payment information.
one of the most reliable payment processors in the
industry. This is confirmed by a PCI DSS certificate
of the highest level. Nobody at Miro can
store or access sensitive payment information.
Regular backup
User data is stored in failover cluster that is
backed up every 10 minutes. No matter what
happens, your work will stay safe. Even if you
accidentally deleted a board, there is always a
way back: we keep backup copies of deleted
boards for 30 days. Backups of the entire
database are done daily and are stored
separately from the main data center.
backed up every 10 minutes. No matter what
happens, your work will stay safe. Even if you
accidentally deleted a board, there is always a
way back: we keep backup copies of deleted
boards for 30 days. Backups of the entire
database are done daily and are stored
separately from the main data center.
Data privacy
You can download and export all your files and
boards at any point in time. Privacy options ensure
that your boards stay as accessible as you want
them to be. Access to user data by Miro
team is strictly regulated and is performed for
troubleshooting purposes only with your approval.
boards at any point in time. Privacy options ensure
that your boards stay as accessible as you want
them to be. Access to user data by Miro
team is strictly regulated and is performed for
troubleshooting purposes only with your approval.
Service Uptime and
Constant Monitoring
We established a consistent uptime track record powered by
a reliable monitoring system that ensures select employees
are instantly notified of all possible safety risks.
Check Miro Status
a reliable monitoring system that ensures select employees
are instantly notified of all possible safety risks.
Security FAQ
Where do you store your user board
and account data?
Miro production systems are housed at third-party subservice organization
data centers and managed service providers located in the EU (Ireland). Subservice
organization data center SOC reports are reviewed at least once a year.
data centers and managed service providers located in the EU (Ireland). Subservice
organization data center SOC reports are reviewed at least once a year.
These third-party service providers are responsible for the physical, environmental,
and operational security controls at the boundaries of Miro infrastructure.
Miro is responsible for the logical, network, and application security of our
infrastructure housed at third-party data centers.
and operational security controls at the boundaries of Miro infrastructure.
Miro is responsible for the logical, network, and application security of our
infrastructure housed at third-party data centers.
Our current managed service provider for processing and storage is responsible for
the logical and network security of Miro services provided through their
infrastructure. Connections are protected through the managed service provider’s
firewall, which is configured in a default deny-all mode.
the logical and network security of Miro services provided through their
infrastructure. Connections are protected through the managed service provider’s
firewall, which is configured in a default deny-all mode.
The content we create is very sensitive and
we don't want to share boards outside our
Miro account. Is it possible?
We provide the following optional restrictions: sharing outside of whitelisted
domains and sharing via public link.
domains and sharing via public link.
1. You can set a list of trusted domains. Company users will be able to share
their boards with users from the specified domains only.
their boards with users from the specified domains only.
2. You can restrict sharing company boards publicly. All the boards that have
been previously shared with a public link or embedded to external websites
will become unavailable for public users.
been previously shared with a public link or embedded to external websites
will become unavailable for public users.
Can anyone at Miro access my boards?
No, without your request and permission no one can view your board content.
Miro restricts access to the production environment to a limited
number of IP addresses and employees.
Miro restricts access to the production environment to a limited
number of IP addresses and employees.
Do you offer the same level of data protection
to all of your users?
We provide high levels of security to all users, no matter what plan they use.
Please note that Enterprise plan users can leverage additional features, for
example SSO/SAML 2.0 and audit logs.
Please note that Enterprise plan users can leverage additional features, for
example SSO/SAML 2.0 and audit logs.
