Privacy Policy
Effective 1 January 2026
Information We Collect
Account information (name, email, organization), product telemetry (pages viewed, queries run), and communications you send us. We do not sell personal information.
How We Use It
To operate the services, secure them against abuse, support customers, and improve our products. Aggregate, de-identified usage data may be published in transparency reports.
Legal Bases (GDPR)
We process personal data under contract (delivering services), legitimate interest (security, product improvement), and consent (newsletters, optional analytics).
Sharing
We share data with vetted infrastructure subprocessors (cloud hosting, email, error tracking). The current subprocessor list is available on request.
Retention
Account data is retained while your account is active and for 12 months after closure for legal and audit purposes. Telemetry logs are retained 90 days.
Your Rights
You may access, correct, export, or delete your personal data. EU/UK residents have full GDPR rights; California residents have CCPA rights. Contact privacy@meridian-initiative.org.
International Transfers
Where data is transferred outside your region, we rely on Standard Contractual Clauses or equivalent safeguards.
Security
Encryption in transit and at rest, least-privilege access, annual third-party penetration tests, and a published incident response policy.
Cookies
We use strictly necessary cookies by default. Optional analytics cookies are off until you opt in.
Privacy enquiries: privacy@meridian-initiative.org