Legal

Privacy Policy

Last updated: June 11, 2026

Meridian ("we," "us," or "our") operates meridianfin.io. This policy describes what information we collect when you use our platform, how we use it, and the choices you have. We built Meridian to surface public-market intelligence — not to harvest your personal data.

1. Information We Collect

Account information

When you create an account you provide an email address and a password (handled entirely by Supabase Auth — see Section 4). You may optionally set a display name. We do not ask for your real name, phone number, date of birth, or payment information (there is no paid subscription today).

You may sign in via Google OAuth. In that case, Supabase receives your Google account email address, a unique identifier, and basic public profile details (your display name and profile picture URL), which we use only to show your name and avatar inside the app. We do not receive your Google password or contact list, and we do not request any Google data beyond this basic profile scope.

Watchlist and preferences

To personalise your experience, we store the ticker symbols you add to your watchlist, the signal categories you follow, your notification channel preferences (email on/off, frequency), and your alert type settings. This data lives in our Supabase database associated with your user ID.

Usage analytics

We use Plausible Analytics — a cookieless, privacy-first analytics service. Plausible does not use cookies, does not track you across websites, and does not collect personally identifiable information. It aggregates page-view counts, referrer sources, and general geographic region (country-level) from your IP address without storing the IP itself. No advertising profiles are built. You can verify this at plausible.io/privacy.

We also send Plausible named product-interaction events — for example, that a ticker symbol was added to a watchlist, or that a signal page was viewed — together with non-identifying event properties such as the ticker symbol or feature name involved. These events are not associated with your name, email address, or account identity.

Marketing attribution cookies

When you arrive at Meridian via a link that carries campaign parameters (UTM) or from an external referrer, we set two first-party cookiesmeridian_attr_first (retained up to 1 year) and meridian_attr_last (retained up to 30 days) — recording the source and campaign of your first and most recent visit. Equivalent values may be mirrored in your browser's local storage. We use this solely to understand which marketing channel a signup came from. These cookies contain no personal information beyond the referring source, are not shared with third parties, do not track you across other websites, and are not used for advertising.

Technical request data

Standard web server logs may capture your IP address, browser user-agent string, and the URLs you request. These logs are used solely for security and operational purposes (e.g. detecting abuse, diagnosing errors) and are not used for advertising or sold to third parties.

2. Information We Do Not Collect

  • We do not place advertising cookies or third-party tracking cookies on your device. (The only cookies we set ourselves are the two first-party attribution cookies described in Section 1; your sign-in session is kept in your browser's local storage, not in a cookie.)
  • We do not build advertising profiles or share data with ad networks.
  • We do not sell, rent, or trade your personal data to any third party.
  • We do not collect payment card numbers, bank account details, or financial account credentials.
  • We do not collect data about your portfolio holdings or brokerage accounts.
  • We do not use third-party social media tracking pixels.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your account and keep your session secure.
  • Store and display your watchlist and notification preferences.
  • Send account-related emails such as email verification and, if you opt in, signal alerts.
  • Understand which features are useful and improve the platform (via aggregate Plausible data).
  • Detect and prevent fraud, abuse, and unauthorised access.
  • Comply with applicable law.

We do not use your data for behavioural advertising.

4. Service Providers

We work with the following third-party processors. Each processes your data only to the extent necessary to provide the service described.

  • Supabase — authentication, database storage, and API infrastructure. Your account credentials and all stored user data (watchlist, preferences, profile) reside in Supabase's managed Postgres database. Supabase complies with SOC 2 Type II and GDPR. See supabase.com/privacy.
  • Google — if you use "Sign in with Google," Google processes your authentication as described in Google's privacy policy.
  • Plausible Analytics — cookieless aggregate analytics, described in Section 1. No personal data is shared.
  • Coinbase Developer Platform (CDP) — if you choose to pay for certain developer API requests using the x402 protocol, payment verification and settlement are processed through Coinbase's x402 facilitator on the Base network. We never receive or store your wallet's private keys; on-chain transactions are public by the nature of the blockchain. This applies only to paid API usage — the web platform involves no payments.

5. Data Retention

We retain your account information and preferences for as long as your account is active or as needed to provide the service. If you request deletion of your account (see Section 6), we will remove your personal data within a reasonable timeframe, except where we are required to retain it for legal or security purposes (e.g. fraud-prevention logs).

Aggregate, anonymised analytics data (Plausible) is not linked to individual users and is retained indefinitely.

6. Your Rights

You have the right to access, correct, or delete the personal data we hold about you. To exercise these rights, or to ask us to stop processing your data, contact us at the address in Section 10. We will respond within a reasonable timeframe.

As a Singapore-incorporated company, we handle personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA), including its access and correction obligations.

If you are in the European Economic Area or the United Kingdom, you may also have rights under the GDPR or UK GDPR, including the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you may have rights under the CCPA/CPRA, including the right to know what personal information we collect and the right to request deletion.

7. Security

We take reasonable technical and organisational measures to protect your personal information, including using HTTPS for all data in transit and relying on Supabase's security infrastructure for data at rest. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Children

Meridian is not directed at children under 13 years of age, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected such information, please contact us so we can delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via a notice on the platform or by email to registered users.

10. Contact

Questions about this policy or requests to access, correct, or delete your data can be sent to:

Email: [email protected]

TokenNova PTE. LTD.
Registered in Singapore