We care about data privacy and security and strive to keep our security practices on par with industry leaders. The article covers answers to the most frequently asked questions about data privacy and security.
- Where are users' board and account data stored?
- Miro production systems are housed at third-party subservice organization data centers and managed service providers located in the EU (Ireland). Subservice organization data center SOC reports are reviewed at least once a year.
These third-party service providers are responsible for the physical, environmental, and operational security controls at the boundaries of Miro infrastructure. Miro is responsible for the logical, network, and application security of our infrastructure housed at third-party data centers.
Our current managed service provider for processing and storage is responsible for the logical and network security of Miro services provided through their infrastructure. Connections are protected through the managed service provider’s firewall, which is configured in a default deny-all mode.
The content we create is very sensitive and we don't want to share boards outside our Miro account. Is it possible?
- Enterprise plan provides the following optional restrictions: sharing outside of whitelisted domains and sharing via a public link.
1. You can set a list of trusted domains. Company users will be able to share their boards with users from the specified domains only.
2. You can restrict sharing company boards publicly. All the boards that have been previously shared with a public link or embedded to external websites will become unavailable for public users.
Can anyone at Miro access my boards?
- No, without your request and permission no one can view your board content. Miro restricts access to the production environment to a limited number of IP addresses and employees.
Do you offer the same level of data protection to all of your users?
- We provide high levels of security to all users, no matter what plan they use. Enterprise plan users can leverage additional features, for example, SSO/SAML 2.0 and audit logs.
Do you have a bounty program?
- Currently, we have no bug bounty program, so we do not usually provide a monetary reward. However, you're more than welcome to share the vulnerabilities that you found directly at email@example.com. Our Security team will be sure to get in touch with you.
Does Miro comply with the then-current requirements under the General Data Protection Regulation (GDPR)?
- Yes, please check the Terms of Service for more information.
To learn more about the security measures we take in Miro, visit this page on our website.