MeridianMeridian.

Privacy Policy

Last updated May 18, 2026

This Privacy Policy explains how Get Meridian Health, Inc., a Delaware corporation (“Meridian,” “we,” “us,” or “our”) collects, uses, and shares information when you use Meridian. It is written for users in the United States. Health information is sensitive, so we keep what we collect narrow and tied to providing the Service.

1. Information we collect

  • Account information. Your email address, used for passwordless sign-in. We do not store a password.
  • Health content you submit. The reports, files, and questions you provide, and the AI analysis generated from them.
  • People you add. If you keep records for a family member or someone in your care, the first name and relationship you enter, and the reports you associate with them.
  • Service data. Basic technical and usage data needed to operate the Service securely, such as session identifiers and rate-limit counts.

We do not ask for, and you should not submit, government identification numbers, financial account numbers, or insurance identifiers. We do not knowingly collect information from anyone under 18.

2. How we use information

  • to produce your analysis and operate the Service;
  • to keep your reports organized and private to your account;
  • to provide an optional clinician review when you request one;
  • to secure the Service, enforce usage limits, and prevent abuse; and
  • to comply with law and respond to your requests.

We do not sell your data. We do not share your data for cross-context behavioral advertising. We do not use your health content to train our own models or to advertise to you.

3. Service providers we use

We rely on a small set of providers to run the Service. They process information on our behalf to provide their service to us, not for their own marketing:

  • AI providers: Anthropic, OpenAI, and Google receive the content you submit in order to generate analysis. They process it to return a response and under their applicable terms.
  • Infrastructure: Supabase (authentication and database), Vercel (hosting), and Resend (transactional email such as sign-in links and review notifications).

We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer, in which case we will continue to protect the information consistent with this Policy.

4. Retention and deletion

We keep your account and health content until you delete it or ask us to delete it, or until it is no longer needed to provide the Service. Deleting a person from your records permanently deletes their associated reports and analyses. We may retain limited records where required by law or to resolve disputes. Backups and provider logs may persist for a short period before being overwritten.

5. Security

We use reasonable administrative and technical safeguards to protect your information, and our providers maintain their own security programs. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

6. Your US privacy rights

Depending on where you live, including under the California Consumer Privacy Act as amended by the CPRA, you may have the right to:

  • know what personal information we hold about you;
  • access or receive a copy of it;
  • correct inaccurate personal information;
  • delete your personal information; and
  • not receive discriminatory treatment for exercising these rights.

Because we do not sell personal information or share it for cross-context behavioral advertising, there is nothing to opt out of in that respect. To make a request, email privacy@getmeridian.health. We will verify your request using the email associated with your account before acting on it. You may use an authorized agent where the law allows.

7. HIPAA and regulatory posture

Meridian is a consumer informational product. It is not a HIPAA covered entity and is not a substitute for care from a HIPAA-covered provider. Information you submit to Meridian is governed by this Policy, not by HIPAA.

8. Children

Meridian is intended for adults. We do not knowingly collect personal information from children under 18. If you believe a child has provided us information, contact privacy@getmeridian.health and we will delete it. Records you keep about a minor in your care, as their parent or guardian, are managed by you under the Terms of Use.

9. Changes to this Policy

We may update this Policy from time to time. If we make material changes we will update the date above and, where reasonable, give notice in the Service. Your continued use after changes take effect means you accept the updated Policy.

10. Contact

Get Meridian Health, Inc. is a Delaware corporation. For privacy questions or to exercise your rights, contact privacy@getmeridian.health. Written notices may be sent to our registered agent, Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, New Castle County, Delaware 19713, United States.