Meridian

Data Protection

Security, retention, and merchant transparency

This page describes Meridian's current operational posture for data minimization, retention, encryption, and merchant transparency for AI chat edits, storefront customization, and reporting. It is meant to support merchant due diligence and protected customer data review workflows.

Effective March 31, 2026MeridianContact via getmeridian.app@gmail.com

Data minimization

Meridian is intended to process only the information needed to authenticate the merchant, deliver AI chat edit workflows, apply supported storefront block customizations, and render requested dashboard reporting.

Dashboard reporting is built around aggregated Shopify-native reporting outputs. Meridian's current policy is to avoid requesting direct customer identity fields unless a feature genuinely requires them and the access has been reviewed.

Retention controls

Meridian runs a scheduled retention sweep every 6 hours in the background worker. During that sweep, expired theme-editor guide sessions are deleted and older terminal background job records are removed from Meridian's application database after 30 days.

The active guide-session retention baseline is 7 days or less depending on the session's explicit expiry time. Chat threads and AI customization records are retained while merchants continue using those workflows and for a reasonable period afterward to support undo, troubleshooting, and service continuity.

Encryption and access control

Meridian's operational expectation is that production traffic is encrypted in transit with HTTPS/TLS and that production databases and storage providers apply encryption-at-rest controls.

Access to operational data should be restricted to authorized staff and service accounts that need the data to run, secure, or support the product.

  • Scoped Shopify permissions are used to limit access to store resources.
  • Background jobs and worker endpoints require authenticated internal requests.
  • Operational records should be reviewed and retained only as long as needed for support, debugging, or service delivery.

Merchant transparency

Meridian should disclose what data it processes and why through merchant-facing documentation such as the privacy policy, app listing materials, and in-product support resources.

If Meridian begins using additional protected customer data or protected customer fields, this page and the privacy policy should be updated before relying on that processing in production.