We care about data privacy and security and strive to keep our security practices on par with industry leaders. The article covers answers to the most frequently asked questions about data privacy and security.
- Where are users' board and account data stored?
- Miro maintains all production data within the EU (Ireland) and US (Virginia). Additionally, all data transfers conform to EU/US General Data Protection Regulation (GDPR) requirements under the Standard Contractual Clauses (SCCs). Learn more. -
The content we create is very sensitive and we don't want to share boards outside our Miro account. Is it possible?
- Miro Enterprise provides the following features to help you ensure team members can collaborate in Miro while maintaining security and privacy.- Sharing policy allows you to set a list of trusted domain. Only users with emails in listed domains can be invited to your account.
- Link access controls allow you to disable users from sharing boards via a public link, ensuring only users who are part of your account can access specific boards.
- Domain control allows you to verify ownership of corporate domains and provides the control needed to maintain a centrally-managed Enterprise subscription.
-
Can anyone at Miro access my boards?
- No, without your request and permission no one can view your board content. Miro restricts access to the production environment to a limited number of IP addresses and employees. - How do I make sure that only I have access to my board?
- To create a private board, please use this guide. You can always check who has access to your board on the board Share menu. -
Do you offer the same level of data protection to all of your users?
- Yes, regardless of which Miro plan rest assured your data is securely managed and held. With TLS 1.2 or higher for transit and AES 256 at rest, in compliance with GDPR and CCPA standards, your data is secured to the highest levels at no additional cost.
For advanced security, privacy, and administrative controls, please contact us to learn more about Miro Enterprise. -
Do you sell data to third-party vendors?
- No, we do not sell our user data to anyone as stated in our Privacy Policy. -
Does Miro comply with the then-current requirements under the General Data Protection Regulation (GDPR)?
- Yes, please check the Privacy Policy for more information. - Where can I download SOC3 report?
- Please follow this link. - I need my clients to allow access to my Miro board but their firewall may block it. How do they allow access?
- Please check this guide: Add Miro to allowed domains. - Where can I access legal information about Miro?
- Please visit this page to find the Terms of Service, Privacy Policy, Data Processing Addendum (DPA), Cookies Policy, etc. - Do you have a bug bounty program?
- Yes, Miro has a private bug bounty program on HackerOne. If you'd like to participate, please send a request to security@miro.com specifying your HackerOne username and you will be invited to the program. Submissions for bounties are handled according to the program rules. Please check the rules carefully before you submit a report.
To learn more about the security measures we take in Miro, visit this page on our website.