App development policy

Security: Public apps must follow Miro security guidelines

User Experience: Every application must provide the best user experience. Applications and developers are prohibited from:

  • Degrading or compromising the performance of Miro services.
  • Using vulgar or obscene language or images. Your application must not contain or offer content that is violent, extreme, or inappropriate.
  • Offering sexually-oriented or adult content. Your application must not contain or offer content that a reasonable person considers pornographic or indecent.
  • Displaying inappropriate communications through your application. Examples of inappropriate communications include, but are not limited to, hate speech, shaming, and messages that promote harmful or illegal behavior.

Business: While using Miro Developer Platform APIs and SDKs, developers must agree to respect our business. Every application must behave in accordance with appropriate and accepted business conduct. As part of good business practices, applications and developers are prohibited from:

  • Circumventing Miro’s intended branding or limitations including, but not limited to, pricing, features, and access structures. You cannot use Miro APIs or SDKs to replicate or compete with Miro’s core products or services.
  • Advertising, including display ads, within the application experience. In addition, applications cannot use data or content from Miro in any advertisements, or for purposes of targeting advertisements or contacting users.

Design: Good design is an important part of product development. We want all users to enjoy a delightful experience. We support developers in their efforts to build applications that provide meaningful and relevant user experiences. Please provide your users with excellent, well-designed products. As part of good design practices, applications and developers are prohibited from:

  • Infringing on any intellectual property rights in your design. Your application is well-designed, high-quality, distinctive, and doesn’t misuse the Miro brand.
  • Changing the application’s look, feel, function, operation, or disclosures after Miro review. Any changes to these elements must be submitted again for review.

Use of Data: Protecting user data, statistics, analytics and other information (collectively, “Data”) is paramount at Miro and it must be for you too. You are responsible for good data stewardship practices. First and foremost, you have no independent rights to any Data. Your applications must not store any user's personal data and always retrieve current user Data at the time of use via Miro APIs.

In accordance with this, applications and developers are prohibited from:

  • Collecting, storing, and using Data without obtaining proper consent of the user.
  • Using Data to contact users. If you want to contact users outside of Miro, you must gain permission through a clear and separate permissions process. You can only contact users for emergencies in which the safety and security of the user is at risk and in compliance with the law.
  • Asking users to provide sensitive, private, and confidential personal information, such as credit card numbers or passwords, unless specifically necessary as part of the application’s legitimate function and purpose.
  • Renting, selling, or sharing Data with third parties under any circumstances.
  • Creating applications that encourage installers to circumvent or interfere with their own workplace and employer data, or with privacy and security policies.
  • Ignoring a user’s request for deletion. When a user deletes your application, or if you discontinue your application, you must delete all associated Data within 14 business days.
  • Combining Data with data gathered from other sources for any purposes unrelated to the use of the application.
  • Requesting and using scopes, also known as permissions, not required for your application’s functioning. Use only the appropriate and necessary scopes, and clearly define the need for scopes within your application’s description.
  • Failing to notify users about privacy and their Data. Your application must include a publicly-available and easily-accessible privacy policy that complies with applicable laws and that explains how the application collects, processes, and stores personal data. Your privacy policy must include, among other things, information about data storage, security controls, data retention, and individual rights.
  • Accessing Data for surveillance purposes. You cannot allow or assist any entity to conduct surveillance or obtain Data using your access to the Miro APIs.
  • Exploiting Data in a way not approved by Miro and not disclosed to and permitted by users.

Law and Safety: Applications should not create unsafe environments or hardships for users. Each application must comply with all applicable laws and legal requirements in all locations where it is made available to users. In addition, applications and developers are prohibited from:

  • Spamming, harassing, stalking, intimidating, or threatening users.
  • Allowing impersonation of users or otherwise allowing for false representations within the application.
  • Facilitating violations of the law.
  • Infringing on anyone’s intellectual property rights.
  • Representing that your application is authorized by or produced by another company or organization.
  • Allowing or facilitating financial transactions conducted in an insecure and unapproved manner.
  • Permitting use of your application by children under the age of 16.

Additional Requirements: Applications and developers must follow this policy, as well as other applicable guidelines and policies, including the Developer Terms of Use and Security Guidelines.

Data Breach: If Data is breached, exposed, or otherwise compromised through your application, you must immediately inform Miro at [email protected].


Did this page help you?