Privacy Policy

Meridian is a personal financial management tool built for Australian households. It is not a licensed financial adviser, credit provider, or regulated financial service. The application is operated by an individual for personal and household use.

For privacy enquiries, contact us at support@meridian.app.

We collect only the information necessary to provide and improve the service. This includes:

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Meridian application.
• To authenticate your identity and secure your account.
• To display your financial data back to you in a structured and useful way.
• To process subscription payments through our payment provider.
• To respond to your enquiries or support requests.
• To monitor the security and integrity of the application.

We do not use your financial data for profiling, advertising, or any purpose beyond providing the service you have requested.

We take the security of your personal and financial information seriously. Protective measures include:

• Encryption in transit — all communication between your browser and our servers is encrypted using industry-standard TLS protocols.
• Encryption at rest — data stored in our database is encrypted at the storage level.
• Personal data passphrase — sensitive personal fields (such as names and account labels) are additionally protected by a passphrase that only you know. This passphrase is never stored by us. If it is lost, those fields cannot be recovered.
• Access controls — your data is logically isolated to your household. No other user can access your records.
• Session security — sessions are managed using short-lived, HttpOnly cookies that are not accessible to browser scripts.

We do not sell, rent, or trade your personal information. We do not disclose your financial data to any third party for commercial purposes.

Limited disclosures occur only in the following circumstances:

• Infrastructure provider — our application is hosted on Amazon Web Services (AWS) in the Sydney (ap-southeast-2) region. AWS processes data on our behalf as a data processor and is bound by its own privacy commitments.
• Payment processor — subscription payments are handled by Stripe. Stripe receives your payment details and billing information only. Your financial data within Meridian is not shared with Stripe. We store only your subscription status and a Stripe customer reference.
• Legal requirement — we may disclose information where required to do so by applicable Australian law, a court order, or a lawful request by a government authority.

Under the Australian Privacy Act and the Australian Privacy Principles, you have the right to:

• Access your personal information — all data you have entered is accessible directly within the application.
• Correct inaccurate information — you may edit or delete any record at any time from within the application settings.
• Request deletion — you may request that your account and all associated data be permanently deleted. Contact us and we will action the request within 30 days.
• Request a copy — you may request a copy of your personal data in a structured, portable format by contacting us.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time by ceasing use of the application or requesting account deletion.

To exercise any of these rights, contact us at support@meridian.app.

We retain your personal information for as long as your account remains active and for a reasonable period thereafter to comply with legal obligations. When you request account deletion, all personally identifiable information is permanently removed within 30 days.

Anonymised or aggregated statistical data that does not identify any individual may be retained indefinitely for service improvement purposes.

Meridian uses session cookies that are strictly necessary for the application to function. These cookies do not track you across websites and are not used for advertising.

Your session cookie expires after 12 hours of inactivity. Any auxiliary session data related to data security expires after 8 hours and is removed upon logout.

We do not use third-party advertising cookies, analytics trackers, or cross-site tracking of any kind.

Meridian is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will notify you within the application prior to the changes taking effect. The effective date at the top of this page will reflect the date of the most recent revision.

Continued use of Meridian after any update constitutes your acceptance of the revised policy.

If you have a concern about how we have handled your personal information and we have not resolved it to your satisfaction, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

For any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact us: