Miro uses third-party subprocessors to deliver its services, and the current list of subprocessors is maintained as a separate document at miro.com/legal/subprocessors-list/. This list may change over time as Miro adds or removes vendors.
This analysis describes what Miro's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Subprocessors have access to your data to help deliver Miro's services, and changes to the subprocessors list can affect where and how your data is processed, including in jurisdictions outside the EU or US.
Your personal data and board content may be shared with multiple third-party vendors listed on Miro's Subprocessors page. The list can change, so users and organizations with strict data residency requirements should monitor it for updates.
How other platforms handle this
We use cookies, web beacons, and other tracking technologies to collect information about your browsing activities on our website. We may use third-party analytics providers such as Google Analytics to help us understand how users interact with our website. We may also work with third-party advertis...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as web hosting, email delivery, analytics, marketing, advertising, payment processing, customer support, and data enrichment services. We may share your information with ad...
Mistral AI is authorized to process the Personal Data as Controller for the purposes of: Automated moderation, including abuse monitoring on our APIs (except, in this last case, when zero data retention has been activated), to enforce the Agreement.
Monitoring
Miro has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
(1) REGULATORY LANDSCAPE: Subprocessor obligations are governed by GDPR Article 28, which requires that subprocessors provide sufficient guarantees and are subject to contractual obligations equivalent to those in the controller-processor agreement. CCPA creates parallel service provider obligations for US-based subprocessors. (2) GOVERNANCE EXPOSURE: Medium. Maintaining a separate, living subprocessors document rather than embedding the list in the Privacy Policy creates monitoring obligations for compliance teams. Changes to subprocessors may trigger notification obligations under the DPA and may require updated transfer impact assessments. (3) JURISDICTION FLAGS: Subprocessors operating outside the EU or EEA without adequacy decisions require Standard Contractual Clauses or equivalent transfer mechanisms. Organizations with data residency requirements must verify that subprocessors can comply. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise DPAs should specify the notice period for subprocessor changes and the customer's right to object. Compliance teams should subscribe to or actively monitor the Subprocessors List for changes affecting their data categories. (5) COMPLIANCE CONSIDERATIONS: Vendor risk management programs should include periodic review of the Subprocessors List. Any newly added subprocessors processing special category data should trigger a supplementary transfer impact assessment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Subprocessors have access to your data to help deliver Miro's services, and changes to the subprocessors list can affect where and how your data is processed, including in jurisdictions outside the EU or US.
Your personal data and board content may be shared with multiple third-party vendors listed on Miro's Subprocessors page. The list can change, so users and organizations with strict data residency requirements should monitor it for updates.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Miro.