What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR for EU and UK users, CCPA and CPRA for California residents, and the FTC Act for US-based consumer protection matters. Miro references a Customer Data Processing Addendum as the primary instrument for enterprise data processing obligations, meaning the standard Privacy Policy may not reflect the full scope of contractual protections available to business customers. The separation of AI feature data governance into a distinct addendu…

How does Miro's Miro Privacy Policy affect users?

Miro collects a broad range of personal data including account information, device and usage data, and the content users create on boards, which may include sensitive business or personal information shared in collaborative sessions. Users who enable AI features should be aware that their board content may be processed under a separate AI Features Addendum, which warrants independent review. You can exercise data access, correction, or deletion rights by contacting Miro at privacy@miro.com or t…

How often is Miro's Miro Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Miro updates this document?

Yes. Watcher subscribers ($9.99/month) can add Miro to their watchlist and receive same-day email alerts whenever this document or any other Miro document changes.

CA-D-000556

Miro Privacy Policy

Miro

Last change detected May 6, 2026 Privacy policy

SHA-256: 99e0a96b16ab926ea96… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Miro ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

5 Medium severity

2 Low severity

Summary

This is Miro's Privacy Policy, which explains how the company collects and uses your personal data when you use its online collaborative whiteboard platform. The most important thing to know is that Miro collects not just your account details and usage patterns but also the actual content you place on your boards, and this content may be processed for AI features under separate terms. If you are an EU or California resident, you have specific rights to access, correct, or delete your data, which you can exercise by contacting Miro's privacy team at privacy@miro.com.

Technical / Legal Breakdown

This document is Miro's Privacy Policy, governing the collection, use, and sharing of personal data by Miro (RealtimeBoard Inc. and its affiliates) in connection with the Miro collaborative workspace platform, operating under a consent and legitimate interests framework consistent with GDPR, CCPA, and other applicable data protection laws. The policy states that Miro collects account information, usage data, device and log data, content users place on boards, and information from third-party integrations, and asserts the right to use this data for service delivery, product improvement, marketing communications, and AI feature development. The policy references a separate Customer Data Processing Addendum (DPA) and a Subprocessors List, indicating a layered data governance structure where enterprise customers may have distinct contractual protections not automatically available to free or individual users. The policy engages GDPR (for EU and EEA users), UK GDPR, CCPA and CPRA (for California residents), and potentially other regional frameworks; enforcement authorities include the FTC for US users and relevant EU Data Protection Authorities for European users. Compliance teams should note that Miro's AI Features Addendum is listed as a separate legal instrument, suggesting that data processed through AI features may be governed by distinct terms requiring separate review.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 6, 2026

low

What changed Miro updated their privacy policy navigation on May 6, 2026 by changing the call-to-action button from 'Sign up free' to 'Get started free' in the header. This is a minor editorial update to button labeling with no material change to the privacy practices, data handling, user rights, or policy substance described in the document.

Why this matters This change is a minor revision to the website navigation button text on Miro's privacy policy page and does not affect the privacy policy's substantive content, your data rights, or how Miro collects, uses, or discloses your information. The policy terms, consent requirements, and privacy protections remain unchanged.

View full change record →

High — 1 provision

AI Features Data Processing Compare →

Miro processes data through AI features under a separate AI Features Addendum, meaning the standard Privacy Policy may not fully describe how your content is used when AI tools are enabled. Users should review the AI addendum independently.

Added May 9, 2026 Standard Seen across 189 platforms

Medium — 5 provisions

Collection of Board Content as Personal Data

Miro collects and may process the content you create on your boards, not just your account or usage data. This means that diagrams, notes, images, and other materials you place on a Miro board may be treated as personal data under the policy.

Added May 9, 2026 Rare
Customer Data Processing Addendum (Enterprise DPA) Compare →

Enterprise and business customers may have additional data protection rights and obligations governed by a separate Customer Data Processing Addendum (DPA), which operates alongside but may supersede certain provisions of the standard Privacy Policy.

Added May 9, 2026 Standard Seen across 246 platforms
Third-Party Subprocessors Compare →

Miro uses third-party subprocessors to deliver its services, and the current list of subprocessors is maintained as a separate document at miro.com/legal/subprocessors-list/. This list may change over time as Miro adds or removes vendors.

Added May 9, 2026 Standard Seen across 189 platforms
Regional Privacy Rights (GDPR and CCPA) Compare →

EU, EEA, UK, and California users have specific legal rights regarding their personal data, including the right to access, correct, delete, and in some cases port their data, as well as the right to object to certain processing activities.

Added May 9, 2026 Standard Seen across 262 platforms
Data Retention Compare →

Miro retains personal data for as long as necessary to provide its services and fulfill the purposes described in the Privacy Policy, after which data may be deleted or anonymized. Specific retention periods may vary by data type.

Added May 9, 2026 Standard Seen across 223 platforms

Low — 2 provisions

Cookies and Tracking Technologies Compare →

Miro uses cookies and similar tracking technologies on its website and platform. The policy references a separate Cookies Policy governing the types of cookies used and the controls available to users.

Added May 7, 2026 Standard Seen across 251 platforms
Marketing Communications Compare →

Miro may use your contact information and usage data to send marketing communications about its products and services. Users typically have the ability to opt out of marketing emails through an unsubscribe link or account settings.

Added May 9, 2026 Standard Seen across 178 platforms