Privacy & Security

Meridian is designed to keep your data private. Here’s how.

On-Device AI

All AI processing happens on your Mac using your Apple Silicon hardware. Your emails, tasks, and calendar data are never sent to an external service for AI processing. There is no cloud AI component. Your data is not used to train any models.

Encryption

• In transit — All communication between the Meridian app and our servers uses TLS encryption
• At rest — Your synced data is encrypted on our servers
• OAuth tokens — Your provider credentials (Google, Microsoft) are encrypted client-side before being stored. Our servers cannot read them

What Our Servers Can See

Our servers store encrypted data blobs to enable multi-device sync. The server handles metadata like timestamps and entity types to manage the sync process, but the contents of your messages, tasks, and contacts are encrypted.

What Our Servers Cannot See

• The content of your emails
• The details of your calendar events
• Your task descriptions or notes
• Your contact information
• Your OAuth tokens to connected providers

Your Data Rights

You have full control over your data:

• Access — View all data Meridian has synced at any time within the app
• Disconnect — Remove any connected provider and stop syncing
• Export — Request an export of your data
• Delete — Permanently delete your account and all associated data

Data Retention

If you delete your account, your data is permanently removed. Sync changesets are automatically cleaned up after 30 days once all your devices have received them.

Third-Party Services

Meridian connects to third-party providers (Google, Microsoft) only with your explicit authorization via OAuth 2.0. You can revoke this access at any time from within Meridian or from your provider’s security settings.

Children’s Privacy

Meridian is not intended for users under 13 years of age.

More Details

For the full legal documents, see our Privacy Policy and Terms of Service.