// Trust & Security Report
UizardApp ApS (d/b/a Uizard; trading as "Uizard Technologies"; acquired by Miro / RealtimeBoard Inc. in May 2024)
AI-powered UI/UX design tool for wireframes, mockups, and prototypes (uizard.io / app.uizard.io); includes Autodesigner 2.0 (text-to-prototype generation), Screenshot Scanner, Wireframe Scanner, and a Miro-embedded "prototype in Miro" integration. Tiered as Free, Pro, Business, and Enterprise.
Certifications held
1
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on uizard.io“"Uizard's legal processing framework is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (the 'GDPR')" and the Danish Act No. 502 of 23 May 2018; the policy documents data-subject rights (access, rectification, erasure, portability, objection) and cross-border transfer safeguards (SCCs / Art. 42 certification / BCRs).”
> Show 7 unconfirmed / not-held certifications
source: uizard.ioNo public evidence. No trust center, security page, or SOC 2 mention was found on uizard.io, the Uizard privacy policy, terms of service, or the Uizard Help Center article on security/privacy.
source: uizard.ioNo public evidence on uizard.io. Note: parent company Miro (trust.miro.com) holds ISO 27001, but no vendor-domain statement confirms the Uizard product/infrastructure is within Miro's certification scope, so this cannot be attributed to Uizard.
source: uizard.ioNo public evidence. No HIPAA mention or BAA offering found on uizard.io, the privacy policy, terms of service, or the help center. Uizard is a design/prototyping tool not marketed for handling protected health information.
source: uizard.ioNo public evidence of a Uizard-held PCI DSS attestation. Payment processing is handled by a third-party processor (Stripe, referenced as a sub-processor in the privacy policy); Uizard itself does not appear to directly handle cardholder data.
source: uizard.ioNo public evidence on uizard.io. Parent company Miro announced ISO 42001 certification for its own platform, but no vendor-domain statement extends this to the Uizard product.
source: uizard.ioNo public evidence. Not mentioned on any uizard.io page reviewed.
source: uizard.ioNo public evidence. Not mentioned on any uizard.io page reviewed; Uizard is not marketed toward US federal government customers.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
Not publicly specified on uizard.io; company is Danish (Copenhagen-headquartered, now c/o Miro) and privacy policy is governed by EU/Danish law, but no explicit data-residency commitment (e.g. EU-only hosting) was found.
Tier-dependent. Per the Terms of Service: designs, prototypes, design systems, wireframes and screenshots uploaded by Free and Pro plan users 'may be used for the purpose of fine-tuning and training machine learning AI models,' with 'reasonable efforts to anonymize and aggregate' the data. Business and Enterprise plan customer data is explicitly excluded: 'design of graphical user interfaces, prototypes, design systems, design files, wireframes, screenshots created and uploaded by customers of the Business and Enterprise plans are not utilized for fine-tuning and training machine learning AI models.' No opt-out is documented for Free/Pro tiers other than upgrading plan; no separate DPA was found publicly.
// Security controls
Encryption in transit
Support article states the site/app uses "SSL and HTTPS" for data transmission. No detail on TLS version.
support.uizard.ioEncryption at rest
n/a - not verified. No public statement found on encryption-at-rest standards.
uizard.ioVulnerability disclosure
Security issues can be reported to security@uizard.io; support article references a possible bounty available on direct contact with the Security Team, but no formal public bug bounty program page was found.
support.uizard.ioInternal security governance
Privacy policy references internal "Information Security Requirements" governing personal-data processing, but does not publish the standard or framework these requirements are based on.
uizard.ioSub-processors
Privacy policy names IT hosting providers, technical support providers, group companies, Stripe (payments), Google Analytics (analytics), and Zendesk/Intercom (customer support) as data recipients; no full public sub-processor list/registry page found.
uizard.io// Products & data scope
data: Design files, wireframes, screenshots, prototypes
Per ToS, uploaded design content may be used to fine-tune/train Uizard's AI models (with anonymization efforts).
data: Design files, wireframes, screenshots, prototypes
Same AI-training posture as Free tier per ToS: content may be used for model training.
data: Design files, wireframes, screenshots, prototypes
ToS explicitly excludes Business plan customer data from AI model training.
data: Design files, wireframes, screenshots, prototypes
ToS explicitly excludes Enterprise plan customer data from AI model training; likely the tier where custom security/DPA terms would be negotiated, but no public enterprise security page was found.
data: Prototype content created inside Miro boards
Cross-promoted on uizard.io homepage ("Create prototypes in Miro, powered by Uizard"). Governed by Miro's own trust/security posture where the feature runs inside Miro; distinct from the standalone uizard.io product evaluated here.
// What to watch
- No trust center or dedicated security page found on uizard.io as of verification date.
- Host/parent-vendor ambiguity: Uizard was acquired by Miro (May 2024) and the privacy policy address is 'c/o Miro,' and Miro's own trust center advertises SOC 2 Type II, ISO 27001, and ISO 42001 -- but no vendor-domain (uizard.io) statement confirms the standalone Uizard product/app is within scope of Miro's certifications. Do not display Miro's certs as Uizard's without a vendor-domain confirmation.
- AI-training tier contradiction risk for buyers: Free/Pro plan uploads may be used to train AI models per the ToS, while Business/Enterprise are excluded. This is a material, non-obvious distinction that should be surfaced in any listing, not buried.
- A generic web-search summarization tool returned an unsourced claim that Uizard is 'HIPAA Compliant, PCI Compliant, SOC 2 Compliant, GDPR Compliant, ISO 27001 Compliant, FedRamp Compliant, and CSA Star Level 1 Compliant' -- this claim has NO vendor-domain source and was rejected as a likely hallucination/over-claim. Flagging so it is not reintroduced by a future pass trusting secondary aggregators.
// At a glance
Pricing model
Freemium SaaS: Free, Pro, Business, Enterprise tiers (per-seat, annual/monthly)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on UizardApp ApS (d/b/a Uizard; trading as "Uizard Technologies"; acquired by Miro / RealtimeBoard Inc. in May 2024)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
uizard.io