Miro
Based exclusively on public evidence • 20 criteria (Privacy + AI)
Last review: 13 Feb 2026
AI Trust Summary
Safer Alternatives
Higher-rated software in the same category
Attention Points in AI (2)
AI criteria that require attention. Buy the Premium Analysis to see all 2 criteria.
AI data retention (prompts and responses) is not disclosed
AI training opt-out option not available
Source: vendor public documents
Compliances in AI (3)
AI criteria the company meets. Buy the Premium Analysis to see all 3 criteria.
Use of artificial intelligence clearly disclosed in policies
AI features clearly identified with their purposes
Automated AI decisions explained in an understandable way
Source: vendor public documents
Highlights in Privacy (3)
Most relevant criteria for this category. Buy the Premium Analysis to see all 3 criteria.
Data controller and processor roles clearly defined
Data controller identity and contact clearly disclosed
Processing purposes clearly listed by data category
Source: vendor public documents
Conformance analysis (20)
AI data retention (prompts and responses) is not disclosed
Reference: ISO/IEC 42001 (8.2) + ISO/IEC 27701 (7.4.6)
AI training opt-out option not available
Reference: ISO/IEC 42001 (8.3) + ISO/IEC 29100 + EU AI Act
Use of artificial intelligence clearly disclosed in policies
Reference: ISO/IEC 42001 (7.4)
Source: vendor public documents
Follow this company and access all 20 criteria
Track score changes, get alerts on policy updates, and view the full conformance analysis
Don't miss any update
Sign up to follow this company and track changes in privacy and AI scores
Why trust the AITS Index: Open Community Audit
Public transparency, peer review and open evidence trails — all verifiable by the community
Trust guarantees
Peer review
users, professionals and experts confirm or contest items online.
Public history
vendor and index changes are versioned and accessible.
Participate
Evidence, confirmations and contestations
participate in the collaborative validation of AITS criteria
Miro Communication and Collaboration: Privacy and Security Insights
Clear Data Roles Enhance User Trust
Miro excels in defining the roles of data controller and data processor, which is crucial for users concerned about data privacy. This clarity helps users understand who is responsible for their data and how it is managed. With an AITS Privacy Score of 83%, Miro demonstrates a commitment to transparency, ensuring that users can hold the appropriate parties accountable. This is particularly important for organizations that must comply with regulations like GDPR and LGPD, as clear definitions can aid in demonstrating compliance.
Transparent Data Processing Purposes
Another strength of Miro is its clear listing of data processing purposes categorized by data type. This means users can easily identify how their information will be used, which is essential for informed consent under privacy laws. Knowing the specific purposes helps users make better decisions about what data they choose to share. This transparency is a significant advantage for businesses that prioritize data governance and compliance with standards such as ISO 27701.
Undefined Retention Periods Raise Concerns
Despite its strengths, Miro has notable weaknesses that users should be aware of. One significant issue is the lack of defined retention periods for boards and interactions. Without clear guidelines on how long data is stored, users may inadvertently expose sensitive information longer than necessary. This can be particularly problematic for organizations handling personal data under GDPR, which mandates that data should not be kept longer than necessary for its intended purpose.
Lack of Opt-Out for AI Training
Another critical weakness is the absence of an option for users to opt-out of AI training. This means that any data shared could be used to improve Miro's AI capabilities without explicit user consent. For users concerned about their data being utilized in this manner, it poses a risk to their privacy and control over personal information. Organizations should consider this when evaluating Miro, especially if they are bound by strict data protection regulations.
Practical Guidance for Enhanced Privacy
To mitigate the risks associated with Miro's undefined retention periods, users should implement internal data management policies. Regularly review and delete boards and interactions that are no longer needed. Additionally, consider using Miro's settings to limit the sharing of sensitive information. Users should also stay informed about any updates to Miro's privacy policies, as changes may impact how their data is handled.
Alternatives and Precautions
For users particularly concerned about AI training and data retention, exploring alternative collaboration tools that offer more robust privacy controls may be beneficial. Look for platforms that provide clear options for opting out of AI training and have defined data retention policies. Always ensure that any tool you choose aligns with your organization's compliance requirements under GDPR, LGPD, and ISO 27701. Regular audits of your data practices can also help maintain compliance and protect user privacy.
Other Communication and Collaboration software
Dive into in-depth research and analysis of each player
Source: vendor public documents
Analyzed Sources
Public documents used in the audit of Miro:
Evidence, confirmations and contestations
participate in the collaborative validation of AITS criteria
Scope & Limitations
TrustThis/AITS assessments are based exclusively on publicly available information, duly cited with date and URL, following the AITS methodology (privacy & AI transparency).
The content is indicative in nature, intended for screening and comparison, not replacing internal audits.
TrustThis/AITS does not perform invasive tests, does not access vendor technology environments and does not process customer personal data. Conclusions reflect only the vendor's public communication at the date of collection.
Source: vendor public documents