Miro uses third-party subprocessors to deliver its services, and the current list of subprocessors is maintained as a separate document at miro.com/legal/subprocessors-list/. This list may change over time as Miro adds or removes vendors.
This analysis describes what Miro's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Subprocessors have access to your data to help deliver Miro's services, and changes to the subprocessors list can affect where and how your data is processed, including in jurisdictions outside the EU or US.
Removal of specific subprocessor disclosure provision replaced by broader 'Third-Party Data Sharing', potentially reducing transparency on vendor chain.
View full change record →Your personal data and board content may be shared with multiple third-party vendors listed on Miro's Subprocessors page. The list can change, so users and organizations with strict data residency requirements should monitor it for updates.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
Monitoring
Miro has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: Subprocessor obligations are governed by GDPR Article 28, which requires that subprocessors provide sufficient guarantees and are subject to contractual obligations equivalent to those in the controller-processor agreement. CCPA creates parallel service provider obligations for US-based subprocessors. (2) GOVERNANCE EXPOSURE: Medium. Maintaining a separate, living subprocessors document rather than embedding the list in the Privacy Policy creates monitoring obligations for compliance teams. Changes to subprocessors may trigger notification obligations under the DPA and may require updated transfer impact assessments. (3) JURISDICTION FLAGS: Subprocessors operating outside the EU or EEA without adequacy decisions require Standard Contractual Clauses or equivalent transfer mechanisms. Organizations with data residency requirements must verify that subprocessors can comply. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise DPAs should specify the notice period for subprocessor changes and the customer's right to object. Compliance teams should subscribe to or actively monitor the Subprocessors List for changes affecting their data categories. (5) COMPLIANCE CONSIDERATIONS: Vendor risk management programs should include periodic review of the Subprocessors List. Any newly added subprocessors processing special category data should trigger a supplementary transfer impact assessment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Subprocessors have access to your data to help deliver Miro's services, and changes to the subprocessors list can affect where and how your data is processed, including in jurisdictions outside the EU or US.
Your personal data and board content may be shared with multiple third-party vendors listed on Miro's Subprocessors page. The list can change, so users and organizations with strict data residency requirements should monitor it for updates.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Miro.