Privacy Policy
Effective: June 2026
1. Who We Are
Meridian (“Meridian,” “we,” “us”) is operated by Daedalus Data Labs, LLC. This policy explains what we collect, how we use it, and the choices you have.
2. Information We Collect
We collect only what is needed to run the Service:
- Account information. When you sign in with Apple, Google, or Facebook, we receive your name, email address, and (where provided) profile photo. If you use Sign in with Apple's private email relay, we receive only the relay address.
- Subscription status. Whether you are on the free or Edge plan. Payments are processed by Apple (in-app purchases on iOS) or Stripe (on the web); we never receive or store your card or financial-account numbers.
- Content you create. Watchlists and price alerts you set up in the app.
- Brokerage data (only if you link an account). If you connect a brokerage, we retrieve read-only account and holdings information through our aggregation provider, SnapTrade. We never receive your brokerage username or password, and access tokens are encrypted at rest (AES-256-GCM).
- Push token. If you enable notifications, we store a device push token so we can deliver price alerts.
- Technical. A session cookie (issued by NextAuth.js) to keep you signed in.
- Aggregate usage signals. We record anonymous, aggregate counts of which tickers are viewed or added to watchlists across all users, to surface trends (for example, “most researched”). These counts are not linked to your identity and contain no information that identifies you.
3. How We Use Your Information
We use your information to authenticate you, provide and personalize the app's analytical features, deliver alerts you request, process your subscription, and respond to support requests. We do not sell or rent your personal information, and we do not share it with third parties for advertising. We do not send marketing email without your consent.
4. How Brokerage Linking Works
Brokerage connections are read-only and powered by SnapTrade. Meridian cannot place trades, move money, or access your brokerage login credentials. You can disconnect a linked brokerage at any time in the app, which revokes our read access. Deleting your account also removes linked-account data.
5. Market Data Sources
Market and company data are retrieved from third-party providers, including Financial Modeling Prep, Finnhub, and the U.S. Securities and Exchange Commission (SEC/EDGAR). We do not share your personal data with these providers; data retrieved from them is used solely to power the app's analytical features and remains the property of its respective providers.
6. Service Providers
We rely on a limited set of processors to operate the Service: Supabase (database hosting), Vercel (application hosting), Apple and Stripe (payments), RevenueCat (in-app purchase management), and SnapTrade (brokerage aggregation). Each processes data only as needed to provide its service and under its own terms.
7. Cookies and Storage
We use a session cookie to keep you signed in and local device storage for your preferences (such as theme). We do not use third-party advertising or cross-site tracking cookies, and we do not track individual behavior across sessions for advertising.
8. Data Retention and Deletion
We retain your data for as long as your account is active. You may delete your account and all associated data at any time from the Profile screen, or by emailing us. Upon deletion, your records (including any linked-account data, watchlists, alerts, and push tokens) are permanently removed within 30 days, except where retention is required by law.
9. Security
All data is transmitted over HTTPS. Brokerage access tokens are encrypted at rest using AES-256-GCM. Server credentials (API keys, service-role keys) are stored as server-side environment variables and are never exposed to the client. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
10. Your Rights
Depending on where you live, you may have rights to access, correct, or delete your personal information, and to object to or restrict certain processing (for example, under the GDPR or the CCPA/CPRA). You can exercise access and deletion directly in the app or by contacting us. We do not sell personal information.
11. Children
Meridian is not directed to, and is not intended for use by, anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
12. Changes to This Policy
We may update this policy from time to time. Changes will be reflected on this page with a new effective date. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
13. Contact
Questions about this policy may be directed to contact@daedalusdatalabs.com.