Legal

Privacy Policy

Effective date: 16 June 2026

1. Introduction

This Privacy Policy explains how Meridian ("Meridian", "we", "us") collects, uses, and shares information when you use the Meridian platform, websites, and related services (the "Service"). It applies to visitors, account holders, and members of organizations that use Meridian. By using the Service, you agree to the practices described here.

2. Information we collect

We collect the following categories of information:

  • Account information — name, email address, organization, and authentication details you provide when you register or sign in (including via Google sign-in).
  • Initiative and product data — the content you create or upload, including initiatives, market signals, features, personas, project plans, and any repositories or boards you connect.
  • Usage and analytics data — pages viewed, actions taken, device and browser type, and approximate location, collected through product analytics (see below).
  • Billing data — plan, credit balance, and transaction records; payment card details are handled by our payment processors, not stored by us.
  • Communications — messages you send us, such as support requests.

3. Product analytics (PostHog)

We use PostHog for product analytics and session insights to understand how the Service is used and to improve it. PostHog may collect usage events, device and browser information, and session recordings. This data helps us diagnose issues, measure feature adoption, and prioritize improvements. We configure analytics to identify profiles only for signed-in users. You can limit collection through your browser settings and applicable opt-out mechanisms.

4. How we use information

We use the information we collect to:

  • provide, operate, and secure the Service, and run Astra and the value engine on your behalf;
  • authenticate users, process credits and billing, and provide support;
  • analyze usage and improve the performance, reliability, and design of the Service;
  • send service-related and, where permitted, product communications; and
  • comply with legal obligations and enforce our terms.

We use your initiative and product data to deliver the Service to you. We do not use it to train shared models for other customers.

5. Cookies and sessions

We and our providers use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and collect analytics. You can control cookies through your browser settings; disabling some cookies may affect functionality such as staying logged in.

6. Third parties and integrations

We share information with service providers who process it on our behalf — including cloud hosting, AI model providers, analytics (PostHog), email delivery, and payment processors — under contracts that require them to protect it. When you connect a third-party integration such as GitHub or Jira, data flows according to the permissions you grant. We may also disclose information to comply with law, enforce our terms, or protect rights and safety. We do not sell your personal information.

7. Data retention

We retain personal and product data for as long as your account is active and as needed to provide the Service, then for a reasonable period to comply with legal, accounting, and dispute-resolution obligations. When data is no longer needed, we delete or anonymize it. You can request deletion of your data as described below.

8. Your rights

Depending on your location, you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing or withdraw consent. You can exercise these rights, or ask us a privacy question, by emailing hello@getmeridian.tech. We will respond within the timeframes required by applicable law.

9. Security

We use technical and organizational measures designed to protect your information, including encryption in transit, access controls, and scoping of data to your organization. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

10. Children

The Service is not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law (for example, 13 or 16 depending on jurisdiction). If you believe a child has provided us personal information, contact us and we will delete it.

11. International transfers

We operate globally and may process and store information in countries other than your own, including where our providers are located. Where required, we use appropriate safeguards — such as standard contractual clauses — for cross-border transfers of personal data.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, for example by posting the updated policy with a new effective date or by notifying you in the Service. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

13. Contact

Questions about privacy or this policy? Email us at hello@getmeridian.tech.

LinkedIn X hello@getmeridian.tech