// Trust & Security Report

    UizardApp ApS (d/b/a Uizard; trading as "Uizard Technologies"; acquired by Miro / RealtimeBoard Inc. in May 2024) logo

    UizardApp ApS (d/b/a Uizard; trading as "Uizard Technologies"; acquired by Miro / RealtimeBoard Inc. in May 2024)

    AI-powered UI/UX design tool for wireframes, mockups, and prototypes (uizard.io / app.uizard.io); includes Autodesigner 2.0 (text-to-prototype generation), Screenshot Scanner, Wireframe Scanner, and a Miro-embedded "prototype in Miro" integration. Tiered as Free, Pro, Business, and Enterprise.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (compliance posture, self-declared)
    HELD

    "Uizard's legal processing framework is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (the 'GDPR')" and the Danish Act No. 502 of 23 May 2018; the policy documents data-subject rights (access, rectification, erasure, portability, objection) and cross-border transfer safeguards (SCCs / Art. 42 certification / BCRs).

    Verify on uizard.io
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type I/II)
    NOT CONFIRMED

    No public evidence. No trust center, security page, or SOC 2 mention was found on uizard.io, the Uizard privacy policy, terms of service, or the Uizard Help Center article on security/privacy.

    source: uizard.io
    ISO 27001
    NOT CONFIRMED

    No public evidence on uizard.io. Note: parent company Miro (trust.miro.com) holds ISO 27001, but no vendor-domain statement confirms the Uizard product/infrastructure is within Miro's certification scope, so this cannot be attributed to Uizard.

    source: uizard.io
    HIPAA
    NOT CONFIRMED

    No public evidence. No HIPAA mention or BAA offering found on uizard.io, the privacy policy, terms of service, or the help center. Uizard is a design/prototyping tool not marketed for handling protected health information.

    source: uizard.io
    PCI DSS
    NOT CONFIRMED

    No public evidence of a Uizard-held PCI DSS attestation. Payment processing is handled by a third-party processor (Stripe, referenced as a sub-processor in the privacy policy); Uizard itself does not appear to directly handle cardholder data.

    source: uizard.io
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence on uizard.io. Parent company Miro announced ISO 42001 certification for its own platform, but no vendor-domain statement extends this to the Uizard product.

    source: uizard.io
    CSA STAR
    NOT CONFIRMED

    No public evidence. Not mentioned on any uizard.io page reviewed.

    source: uizard.io
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not mentioned on any uizard.io page reviewed; Uizard is not marketed toward US federal government customers.

    source: uizard.io

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    Not publicly specified on uizard.io; company is Danish (Copenhagen-headquartered, now c/o Miro) and privacy policy is governed by EU/Danish law, but no explicit data-residency commitment (e.g. EU-only hosting) was found.

    Tier-dependent. Per the Terms of Service: designs, prototypes, design systems, wireframes and screenshots uploaded by Free and Pro plan users 'may be used for the purpose of fine-tuning and training machine learning AI models,' with 'reasonable efforts to anonymize and aggregate' the data. Business and Enterprise plan customer data is explicitly excluded: 'design of graphical user interfaces, prototypes, design systems, design files, wireframes, screenshots created and uploaded by customers of the Business and Enterprise plans are not utilized for fine-tuning and training machine learning AI models.' No opt-out is documented for Free/Pro tiers other than upgrading plan; no separate DPA was found publicly.

    // Security controls

    Encryption in transit

    Support article states the site/app uses "SSL and HTTPS" for data transmission. No detail on TLS version.

    support.uizard.io

    Encryption at rest

    n/a - not verified. No public statement found on encryption-at-rest standards.

    uizard.io

    Vulnerability disclosure

    Security issues can be reported to security@uizard.io; support article references a possible bounty available on direct contact with the Security Team, but no formal public bug bounty program page was found.

    support.uizard.io

    Internal security governance

    Privacy policy references internal "Information Security Requirements" governing personal-data processing, but does not publish the standard or framework these requirements are based on.

    uizard.io

    Sub-processors

    Privacy policy names IT hosting providers, technical support providers, group companies, Stripe (payments), Google Analytics (analytics), and Zendesk/Intercom (customer support) as data recipients; no full public sub-processor list/registry page found.

    uizard.io

    // Products & data scope

    Uizard FreeIndividual UI/UX design and prototyping

    data: Design files, wireframes, screenshots, prototypes

    Per ToS, uploaded design content may be used to fine-tune/train Uizard's AI models (with anonymization efforts).

    Uizard ProIndividual/small-team UI/UX design and prototyping

    data: Design files, wireframes, screenshots, prototypes

    Same AI-training posture as Free tier per ToS: content may be used for model training.

    Uizard BusinessTeam UI/UX design and prototyping

    data: Design files, wireframes, screenshots, prototypes

    ToS explicitly excludes Business plan customer data from AI model training.

    Uizard EnterpriseLarge-org UI/UX design and prototyping

    data: Design files, wireframes, screenshots, prototypes

    ToS explicitly excludes Enterprise plan customer data from AI model training; likely the tier where custom security/DPA terms would be negotiated, but no public enterprise security page was found.

    Uizard in MiroAI prototyping embedded in Miro's collaborative whiteboard

    data: Prototype content created inside Miro boards

    Cross-promoted on uizard.io homepage ("Create prototypes in Miro, powered by Uizard"). Governed by Miro's own trust/security posture where the feature runs inside Miro; distinct from the standalone uizard.io product evaluated here.

    // What to watch

    • No trust center or dedicated security page found on uizard.io as of verification date.
    • Host/parent-vendor ambiguity: Uizard was acquired by Miro (May 2024) and the privacy policy address is 'c/o Miro,' and Miro's own trust center advertises SOC 2 Type II, ISO 27001, and ISO 42001 -- but no vendor-domain (uizard.io) statement confirms the standalone Uizard product/app is within scope of Miro's certifications. Do not display Miro's certs as Uizard's without a vendor-domain confirmation.
    • AI-training tier contradiction risk for buyers: Free/Pro plan uploads may be used to train AI models per the ToS, while Business/Enterprise are excluded. This is a material, non-obvious distinction that should be surfaced in any listing, not buried.
    • A generic web-search summarization tool returned an unsourced claim that Uizard is 'HIPAA Compliant, PCI Compliant, SOC 2 Compliant, GDPR Compliant, ISO 27001 Compliant, FedRamp Compliant, and CSA Star Level 1 Compliant' -- this claim has NO vendor-domain source and was rejected as a likely hallucination/over-claim. Flagging so it is not reintroduced by a future pass trusting secondary aggregators.

    // At a glance

    Pricing model

    Freemium SaaS: Free, Pro, Business, Enterprise tiers (per-seat, annual/monthly)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on UizardApp ApS (d/b/a Uizard; trading as "Uizard Technologies"; acquired by Miro / RealtimeBoard Inc. in May 2024)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    uizard.io

    > Browse all vendor trust reports