Privacy Policy

Meridian Pulse (“we”, “us”, “our”) is committed to protecting the privacy and security of your personal information and business data. This Privacy Policy explains how we collect, use, store, and protect information when you use our website, platform, and services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

We use the information we collect to:

• Provide, maintain, and improve the Service, including computing business metrics, detecting anomalies, and generating insights
• Personalise your experience, including industry-specific benchmarks and Living Memory features
• Send you alerts, weekly digests, and other notifications you have opted into
• Process payments and manage your subscription
• Respond to your support requests and communications
• Ensure the security and integrity of the Service
• Comply with legal obligations
• Analyse usage patterns to improve the platform (in aggregate, anonymised form only)

Meridian Pulse uses artificial intelligence (Claude by Anthropic) to analyse your business data and generate insights. It is important to us that you understand how this works:

• Your data is processed solely to provide you with insights. It is not used to train, fine-tune, or improve any AI models.
• Your data is never shared with other clients. Each client's data is completely isolated.
• AI-generated insights are based only on your data. Industry benchmarks use anonymised, aggregated data and never expose individual business information.
• We use Anthropic's API with data processing agreements that ensure your data is not retained or used by Anthropic beyond processing your request.

We do not sell your personal information or business data. We share information only in the following limited circumstances:

• Service providers: We work with trusted third-party providers who help us operate the Service. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy.
• With your consent: We may share information with third parties when you explicitly authorise us to do so.

We take the security of your data seriously and implement industry-standard measures to protect it:

• All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Row-level security ensures complete data isolation between clients
• Authentication is handled through secure, industry-standard protocols
• Regular security audits and vulnerability assessments
• Automatic backups with point-in-time recovery
• Access to production systems is restricted and logged

While no method of transmission or storage is 100% secure, we continuously work to protect your information and promptly address any security concerns.

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

• Active accounts: Business data is retained for up to 24 months of historical data, depending on your plan.
• Cancelled accounts: Your data remains accessible for 30 days after cancellation. After this period, data is permanently deleted.
• Legal obligations: Certain data may be retained longer if required by law (e.g., billing records for tax purposes).

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Export: Request a machine-readable export of your data.
• Restriction: Request that we limit how we process your information.
• Objection: Object to certain types of processing, including direct marketing.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@meridian-pulse.com. We will respond within 30 days.

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you have subscribed to.
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service and ensuring security.
• Consent: Where you have given explicit consent, such as for marketing communications.
• Legal obligation: Processing necessary to comply with applicable laws.

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information — though we do not sell personal information
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@meridian-pulse.com.

We use cookies and similar technologies for:

• Essential cookies: Required for the Service to function (authentication, session management).
• Analytics cookies: Help us understand how the Service is used so we can improve it. These are anonymised and do not track you across other websites.

We do not use advertising cookies or share cookie data with advertisers. You can manage cookie preferences through your browser settings.

We use the following categories of third-party services to operate the platform:

• Hosting & infrastructure: Vercel (application hosting), Supabase (database and authentication)
• AI processing: Anthropic (Claude API for business insights)
• Integrations: Unified.to (third-party platform connections)
• Payments: Stripe (subscription billing and payment processing)
• Email: Resend (transactional email delivery)

Each provider is selected for their security practices and operates under data processing agreements that protect your information.

The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will notify you by email at the address associated with your account
• We will post the updated policy on this page with a new “Last updated” date
• Continued use of the Service after notification constitutes acceptance of the updated policy

If you have questions about this Privacy Policy, your data rights, or how we handle your information, please contact us:

We aim to respond to all privacy-related enquiries within 30 days.