Privacy Policy

Last updated February 24, 2026

What we collect (and what we don't)

We collect what we need to give you visa guidance: your email or phone number for authentication, nationality and travel details for visa lookups, and documents you upload for review. That's it.

We don't collect browsing history. We don't build advertising profiles. We don't sell your data. We never will.

How we use your data

Provide personalized visa guidance based on your profile.
Improve our accuracy by learning which visa rules change.
Send you updates if you opt in (email or WhatsApp).

We never use your data for advertising. We never sell it to third parties.

Where our knowledge comes from

Meridian combines three sources: AI models trained on public information, community contributions from visa experts who share real-world experience, and official government sources. We cross-reference these to give you accurate, up-to-date guidance.

How we protect your data

Privacy is in our architecture, not just our policy.

PII stripping — Before AI models see your data, we strip passport numbers, dates of birth, bank account numbers, phone numbers, and other sensitive identifiers.
Encryption at rest — Assessment answers, extracted document text, and phone numbers are encrypted in our database using ActiveRecord encryption.
Error tracking — Sentry PII collection is explicitly disabled. Errors are tracked without personal data.
Log filtering — Over 15 sensitive patterns (emails, phone numbers, passport numbers) are filtered from server logs.
Document storage — Documents you upload are stored securely in S3. Temporary copies sent to AI for text extraction are deleted immediately after processing. Your originals remain available in your vault until you delete them.

Third-party services

We use these services to run Meridian. Here's exactly what each one sees.

Service	Purpose	Data shared
Anthropic Claude	AI visa guidance	Anonymized queries (PII stripped)
OpenAI	Document text extraction	Document images (no personal context)
Voyage AI	Semantic search over visa rules	No personal data
PlainSignal (EU)	Privacy-first analytics	No cookies, no personal data
Sentry	Error tracking	PII collection disabled
Twilio / Meta WhatsApp	Messaging	Phone number, message content
Resend	Email	Email address
AWS S3	Document storage	Uploaded files (encrypted, deletable on request)
Render	Hosting	Standard server logs

Your rights

Under GDPR and similar privacy laws, you have the right to:

Access — Request a copy of all data we hold about you.
Deletion — Ask us to delete your account and all associated data.
Export — Download your data in a portable format.
Correction — Update or fix inaccurate information.

To exercise these rights, email us at founders@usemeridian.app.

Cookies

We use essential session cookies only — the minimum needed to keep you logged in. No tracking cookies, no advertising cookies. Our analytics provider (PlainSignal) is entirely cookie-free.

Contact

Questions about your privacy? Reach us at founders@usemeridian.app.