Privacy Policy

How Meridian Analytics, Inc. collects, uses, and protects your information.

Last updated: January 1, 2024

Meridian Analytics, Inc. ("Meridian," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or interact with our services.

1. Information We Collect

Information You Provide to Us

We collect information you provide directly to us, including:

  • Account Information: When you create an account, we collect your name, email address, company name, job title, and password.
  • Billing Information: When you subscribe to a paid plan, we collect payment information (credit card number, billing address). Payment processing is handled by Stripe, Inc., and we do not store full credit card numbers on our servers.
  • Communications: When you contact us for support, send us emails, or participate in surveys, we collect the content of those communications.
  • Integration Data: When you connect third-party services to Meridian, we collect data necessary to maintain those connections, such as API keys and OAuth tokens.

Information We Collect Automatically

When you use our services, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, actions taken within the platform, and interaction timestamps.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
  • Log Data: IP address, access times, referring URLs, and pages viewed.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies as described in our Cookie Policy.

Customer Data

Our platform processes marketing and analytics data on behalf of our customers ("Customer Data"). This data may include information about our customers' end users, such as device identifiers, browsing behavior, and conversion events. We process Customer Data solely as directed by our customers and in accordance with our data processing agreements.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information, including purchase confirmations and invoices
  • Send technical notices, updates, security alerts, and administrative messages
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage trends to improve user experience
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve our services and provide content and features that match your interests
  • Send promotional communications, such as information about products, services, and events offered by Meridian (you can opt out at any time)

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party service providers who perform services on our behalf, such as payment processing (Stripe), email delivery (SendGrid), cloud hosting (AWS), and analytics (internal tools only).
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
  • Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities.
  • Protection of Rights: We may disclose information when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • SOC 2 Type II certified infrastructure
  • Role-based access controls and audit logging
  • Employee security training and background checks

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. For more information about our security practices, visit our Security page.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. When you close your account, we will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal, regulatory, or legitimate business purposes. Customer Data retention periods are determined by your subscription plan and can be configured in your account settings.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can request that we correct inaccurate or incomplete personal data.
  • Deletion: You can request that we delete your personal data, subject to certain exceptions.
  • Portability: You can request a copy of your data in a structured, machine-readable format.
  • Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
  • Objection: You can object to the processing of your personal data for direct marketing purposes.
  • Withdrawal of Consent: Where we rely on consent for processing, you can withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@meridian.io. We will respond to your request within 30 days.

7. International Data Transfers

Meridian is based in the United States. If you are accessing our services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

8. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: