Miro
Legal Bases for AI
The policy explicitly mentions 'AI features', 'technologies like AI', and 'predictive models' in several sections, clearly indicating the use of AI within its services.
This data may be combined using technologies like AI, and may include aggregate-level data.
If you use Miro’s AI features pursuant to our Terms of Service, Services Data also includes data associated with your interaction with these technologies.
To provide, improve, and personalize our Services, including AI Features (see here for a description of AI Features), and Websites.
For example, we make Services suggestions based on historical use and predictive models, identify organizational trends and insights, customize your experience of the Services, or to create and develop new features and products.
Combining data using AI technologies.
This data may be combined using technologies like AI, and may include aggregate-level data.
Personalizing services and customizing user experience.
To provide, improve, and personalize our Services, including AI Features
Recommending templates and making service suggestions based on historical use and predictive models.
For example, to recommend Miro Space or Board templates that are relevant to you, we may use information such as the frequency and time period you engage with certain features and tools in our Service, and infer the relevance of related templates to you.
Developing, testing, and providing search, learning, and productivity tools, and identifying organizational trends and insights.
To develop, test and provide search, learning and productivity tools and additional features. Miro tries to make the Services as useful as possible. For example, we make Services suggestions based on historical use and predictive models, identify organizational trends and insights, customize your experience of the Services, or to create and develop new features and products.
The AI is primarily used for personalization, recommendations, and service improvement, which generally has a medium impact on users. There is no explicit mention of automated decision-making that could lead to significant legal or similar effects on individuals.
The policy explicitly states that 'AI features may share limited data with Microsoft' for specific purposes.
The policy states that 'Services Data' (which includes Personal Data) and 'Customer Content' (which may include Personal Data) are used to 'provide, improve, and personalize our Services, including AI Features' and to make 'suggestions based on historical use and predictive models.' This implies training AI models with personal data to achieve these functionalities.
If you use Miro’s AI features pursuant to our Terms of Service, Services Data also includes data associated with your interaction with these technologies.
Customer Content that is Personal Data will be used by Miro in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement, to provide and improve the Services, and as required by applicable law.
To provide, improve, and personalize our Services, including AI Features... we may use information such as the frequency and time period you engage with certain features and tools in our Service, and infer the relevance of related templates to you.
we make Services suggestions based on historical use and predictive models, identify organizational trends and insights, customize your experience of the Services, or to create and develop new features and products.
The policy explicitly states that 'Services Data' (which includes 'Activity data' and 'Service metadata' about user interactions) and 'data associated with your interaction with these technologies' (AI features) are used to 'provide, improve, and personalize our Services' and to build 'predictive models' and 'suggestions.' This directly indicates training on user interactions.
If you use Miro’s AI features pursuant to our Terms of Service, Services Data also includes data associated with your interaction with these technologies.
When a User interacts with the Services, metadata is generated to provide additional context about their use of the Services. For example, Miro logs the Organizations, boards, people, features, content and links that you view or interact with, as well the types of files shared and any Third-Party Services that you use.
For example, to recommend Miro Space or Board templates that are relevant to you, we may use information such as the frequency and time period you engage with certain features and tools in our Service, and infer the relevance of related templates to you.
we make Services suggestions based on historical use and predictive models, identify organizational trends and insights, customize your experience of the Services, or to create and develop new features and products.
The policy does not explicitly mention using publicly available content (outside of user-generated content within the service) for AI training.
The policy explicitly states that data related to AI features may be shared with Microsoft, implying sharing for the purpose of enabling or monitoring AI features, which could involve training or improving models by the third party.
For example, the AI features may share limited data with Microsoft in connection with the use of the AI features and to monitor compliance with codes of conduct.
Miro presents a comprehensive privacy policy and supports key user rights like GDPR and CCPA, offering a data request form and a dedicated privacy email. However, the reported 'Deterministic Score' of 0/70 is a significant red flag, suggesting substantial underlying privacy issues or a disconnect between stated policy and actual practice. Data sharing with business partners for marketing purposes also introduces moderate privacy risks.
Recommended Actions
Thoroughly review Miro's privacy policy, paying close attention to data sharing practices with third parties and marketing partners.
Utilize available privacy controls within your Miro account to manage data sharing preferences and opt out of non-essential marketing communications.
Exercise caution when sharing sensitive or confidential information on collaborative boards, as it may be accessible to other users within your organization or third parties.
Consider contacting Miro's privacy team (privacy@miro.com) for clarification regarding the 'Deterministic Score' and to understand their actual data handling practices.