We care about data privacy and security and strive to keep our security practices on par with industry leaders. The article covers answers to the most frequently asked questions about data privacy and security.
- Where are users' board and account data stored?
- Miro maintains all production data within the EU (Ireland) and US (Virginia). Additionally, all data transfers conform to EU/US General Data Protection Regulation (GDPR) requirements under the Standard Contractual Clauses (SCCs).
The content we create is very sensitive and we don't want to share boards outside our Miro account. Is it possible?
- Miro Enterprise provides the following features to help you ensure team members can collaborate in Miro while maintaining security and privacy.
- Domain whitelisting allows you to set a list of trusted domains by whitelisting specific domains. Only users with emails in listed domains can be invited to your account.
- Link access controls allow you to disable users from sharing boards via a public link, ensuring only users who are part of your account can access specific boards.
- Domain control allows you to verify ownership of corporate domains and provides the control needed to maintain a centrally-managed Enterprise subscription.
Can anyone at Miro access my boards?
- No, without your request and permission no one can view your board content. Miro restricts access to the production environment to a limited number of IP addresses and employees.
Do you offer the same level of data protection to all of your users?
- We provide high levels of security to all users, no matter what plan they use. Enterprise plan users can leverage additional features, for example, SSO/SAML 2.0 and audit logs.
Do you have a bounty program?
- Currently, we have no bug bounty program, so we do not usually provide a monetary reward. However, you're more than welcome to share the vulnerabilities that you found directly at firstname.lastname@example.org. Our Security team will be sure to get in touch with you.
Does Miro comply with the then-current requirements under the General Data Protection Regulation (GDPR)?
To learn more about the security measures we take in Miro, visit this page on our website.