What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: The policy engages GDPR (EU/EEA users, with Miro acting as data controller for account data and processor for customer-uploaded board content), the UK GDPR, CCPA and CPRA (California residents, including rights to know, delete, correct, and opt out of sale or sharing of personal information), and references Standard Contractual Clauses for international data transfers. The FTC exercises general oversight over unfair or deceptive data practices for US users. Where Miro a…

How does Miro's Miro Privacy Policy affect users?

The agreement establishes that Miro collects account identifiers, usage data, device information, and content placed on boards, and authorizes use of this data for product improvement, personalization, and advertising purposes. Under these terms, personal data may be shared with third-party analytics, advertising, and service-provider partners, subject to contractual data protection obligations. You can exercise access, correction, deletion, portability, and opt-out rights by contacting Miro at…

How often is Miro's Miro Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Miro updates this document?

Yes. Monitor subscribers ($19/month) can add Miro to their watchlist and receive same-day email alerts whenever this document or any other Miro document changes.

CA-D-000556

Miro Privacy Policy

Miro

Last change detected June 19, 2026 Privacy policy

SHA-256: 61479d07e20a760c358… 8 versions captured 8 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Miro ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

4 Medium severity

2 Low severity

Summary

Miro's Privacy Policy covers how Miro collects, uses, and shares personal data from users of its online collaborative whiteboard platform, including account registration details, usage activity, device identifiers, and content placed on boards. The policy authorizes sharing personal data with advertising, analytics, and service-provider partners, and describes how users in the EU, UK, and California may exercise access, deletion, portability, and opt-out rights. Enterprise customers are subject to a separate Data Processing Addendum that governs how Miro handles board content as a data processor on behalf of business customers.

Technical / Legal Breakdown

This document is Miro's Privacy Policy, governing the collection, use, disclosure, and retention of personal data by Miro (RealtimeBoard, Inc. and its affiliates) in connection with the Miro collaborative workspace platform, with legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The policy states that Miro collects account identifiers, contact information, device and usage data, content users place on boards, and data from third-party integrations, and the terms authorize sharing this data with service providers, advertising partners, analytics vendors, and business partners. The policy addresses AI feature data handling through a separate AI Terms Addendum, and the scope of data shared with advertising and analytics partners warrants review given Miro's positioning as an enterprise collaboration tool where sensitive business content may be processed. The policy engages GDPR for EU/EEA users (with Miro identifying as data controller for account data and data processor for customer board content), CCPA/CPRA for California residents, and references data transfers under Standard Contractual Clauses; applicability of specific rights and obligations depends on user jurisdiction and account type. Enterprise customers are directed to a separate Customer Data Processing Addendum, which governs processor-level obligations and may supersede certain policy provisions for business accounts.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

8 important changes detected

8 versions captured · Last updated: June 2026

June 19, 2026

unknown

What changed Miro updated their Miro Privacy Policy on June 19, 2026. Change detected: 13 sentence(s) added, 2 sentence(s) modified. Document contained 244 sentences after update.

View full change record →

May 22, 2026

low

What changed The detected change consists of minor text additions in the navigation and header areas of Miro's Privacy Policy document. Two words—'Andrey' and 'Jeff'—were inserted into non-substantive sections of the page layout. These appear to be incidental text insertions in navigation elements rather than changes to the privacy policy's operative language, terms, or disclosures. The substantive privacy policy text, effective date, and all regulatory provisions remain unchanged.

Why this matters This change introduces minor text additions ('Andrey' and 'Jeff') into non-substantive page navigation areas of Miro's Privacy Policy. The operative privacy policy language, effective date of August 1, 2025, and all substantive disclosures regarding data collection, use, and consumer rights remain unchanged. No material change to Miro's data handling practices, user rights, or privacy protections is reflected in this update.

View full change record →

May 21, 2026 low

Miro updated its Privacy Policy on May 21, 2026 by modifying promotional language on the policy landing page. The previous version referenced a San Francisco event registration, while the updated …

View change record →

May 19, 2026 low

Miro updated the footer of its Privacy Policy on May 19, 2026, changing one word in a navigation link. The previous version linked to 'Private Policy' while the updated version …

View change record →

May 16, 2026 low

On May 16, 2026, Miro's Privacy Policy was updated to add a navigation link to 'Connectors' in the product menu structure. This is a navigation and site organization change with …

View change record →

May 14, 2026 low

Miro updated its Privacy Policy on May 14, 2026 by adding a navigation link labeled 'AI Trust' in the policy header. The change does not alter substantive privacy terms, rights, …

View change record →

May 6, 2026 low

Miro updated their privacy policy navigation on May 6, 2026 by changing the call-to-action button from 'Sign up free' to 'Get started free' in the header. This is a minor …

View change record →

May 5, 2026 low

Miro updated the navigation text in their Privacy Policy header on May 5, 2026, changing 'Get started free' to 'Sign up free'. This is a formatting and UI text change …

View change record →

Recent Provision Changes Jun 19, 2026

7 provisions unchanged.

View full change record →

High — 1 provision

Dual Controller and Processor Roles Compare →

The policy distinguishes between Miro's role as a data controller for account, registration, and usage data, and its role as a data processor for content uploaded by enterprise customers to boards, with the latter governed by the Customer Data Processing Addendum.

Added May 21, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Data Collection Scope Compare →

The policy states that Miro collects account identifiers, contact information, device and browser data, usage and activity data, and content that users place on boards, as well as data received from third-party integrations and single sign-on providers.

Added May 21, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing Compare →

The policy authorizes Miro to share personal data including identifiers, usage data, and device information with advertising, analytics, and service-provider partners, subject to contractual data protection requirements.

Added May 21, 2026 Standard Seen across 284 platforms
International Data Transfers Compare →

The policy states that personal data may be transferred internationally, including to the United States, and that Miro relies on Standard Contractual Clauses or other approved transfer mechanisms to authorize such transfers for EU and UK users.

Added May 21, 2026 Standard Seen across 284 platforms
AI Features Data Handling Compare →

The policy references a separate AI Terms Addendum that governs the collection and use of data in connection with Miro's AI features, indicating that AI-related processing is subject to additional terms beyond the base privacy policy.

Added May 21, 2026 Standard Seen across 284 platforms

Low — 2 provisions

User Rights and Exercise Mechanisms Compare →

The policy states that users may exercise rights of access, rectification, deletion, portability, restriction, and objection by contacting Miro at privacy@miro.com, with additional rights for California residents under CCPA/CPRA including the right to opt out of sale or sharing of personal information.

Added May 21, 2026 Standard Seen across 284 platforms
Cookie and Tracking Technologies Compare →

The policy references a separate Cookies Policy governing the use of cookies, pixels, and similar tracking technologies on the Miro platform and website, which authorizes use of these technologies for analytics, advertising, and functional purposes.

Added May 21, 2026 Standard Seen across 284 platforms

Monitoring

Miro has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI Features Data Processing and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured June 19, 2026 00:59 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000556

Version ID CA-V-004028

Source URL https://miro.com/legal/privacy-policy/

Wayback Machine View external archival references →

SHA-256 61479d07e20a760c358437b8e6f0362c7d5aa6116d1cb12ac2e4f7b0e28facd4

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Miro Privacy Policy

June 19, 2026

May 22, 2026

Recent Provision Changes Jun 19, 2026

Monitor governance changes across the platforms you rely on.