Data Handling

How Meridian handles, processes, and protects your data

Meridian is designed so that your data stays yours. This page explains how your data is processed, stored, and managed throughout the system.

Zero-Knowledge Architecture

Meridian’s server is designed so that even if the server were compromised, your data would remain safe. The server stores only encrypted data it cannot read. There are no server-side decryption keys, no backdoors, and no way for anyone – including Meridian’s team – to access your information.

On-Device Processing

Integration processing happens entirely on your device. This includes:

  • Fetching emails from your providers
  • Parsing calendar events
  • Refreshing OAuth tokens (client-side when possible)

The server acts as a sync relay, not a data processor. It passes encrypted data between your devices without inspecting or transforming it.

Your Data Rights

You have full control over your data at all times:

  • Access – Export your data at any time from within the app.
  • Disconnect – Remove any connected account and its associated data.
  • Delete – Permanently delete your account and all associated data from Meridian’s servers.

Data Retention

Sync changesets are retained for 30 days to support multi-device sync, then automatically deleted. This window ensures that all of your devices have time to receive updates, even if a device is offline for an extended period.

When you delete your account, all data is permanently removed from Meridian’s servers. This action is irreversible.

Third-Party Access

Meridian uses OAuth 2.0 to connect to your email, calendar, and contact providers. This means:

  • Meridian never stores your provider passwords.
  • Access tokens are encrypted and stored only on your devices.
  • You can revoke Meridian’s access from your provider’s settings at any time.

Children’s Privacy

Meridian is designed for users 13 years of age and older. We do not knowingly collect data from children under 13.

AI & Privacy

Meridian’s on-device AI model runs entirely locally on your Mac. Your data is never sent to cloud AI services, and the model is not trained on your data.

AI-generated embeddings used for search are stored encrypted alongside your other data, subject to the same end-to-end encryption protections described in the Encryption page.

← Previous Encryption