Privacy Policy

Effective date: March 19, 2026

Serenity Software (“we”, “us”, “our”) operates the Meridian application and the me.ridian.app website. This policy describes how we collect, use, and protect your information.

Information We Collect

Account Information

When you create a Meridian account we collect your email address and a securely hashed password. We do not store plaintext passwords.

Connected Accounts

Meridian integrates with third-party services (e.g. Google, Microsoft) using OAuth. We store encrypted OAuth tokens so we can synchronize your data. We never see or store your third-party passwords.

Synchronized Data

When you connect a service, Meridian synchronizes data such as calendar events, contacts, tasks, and messages. This data is encrypted and stored on our servers solely to provide the synchronization service.

Device Information

When using on-device AI features, basic device capability information (chip model, memory) is sent to our server to recommend an appropriate AI model. The AI model itself runs entirely on your device — your content is never sent to external AI services.

Usage Data

We collect minimal, anonymized usage analytics to improve the product. We do not sell or share this data with third parties.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Meridian
  • Synchronize your data across devices
  • Recommend compatible AI models for your hardware
  • Send important service-related communications
  • Detect and prevent abuse or security incidents

Data Storage and Security

  • All data is transmitted over TLS (HTTPS).
  • OAuth tokens are encrypted client-side before being stored on our servers. We cannot decrypt them.
  • Passwords are salted and hashed using industry-standard algorithms.
  • Our infrastructure runs on dedicated servers — we do not use multi-tenant cloud platforms.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law.

Third-Party Services

Meridian connects to third-party services only at your explicit request. Each connected service is governed by its own privacy policy. We only access the scopes you authorize during the OAuth flow.

Your Rights

You may at any time:

  • Access your data through the Meridian app
  • Disconnect any linked third-party service, which removes the stored tokens
  • Delete your account and all associated data by contacting us
  • Export your data upon request

Children’s Privacy

Meridian is not intended for use by anyone under the age of 13. We do not knowingly collect information from children.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use of Meridian after changes constitutes acceptance.

Contact

If you have questions about this privacy policy, contact us at privacy@ridian.app.