M

Meridian

Know where you are. Know what's next.

Privacy Policy

Meridian Privacy Policy

Last updated: April 2026

Who we are

Meridian is owned and operated by Praxu Digital (ABN 42 517 459 323), Perth, Western Australia. This policy applies to the Meridian platform at meridian.praxu.net. Questions about this policy or requests about your personal information can be directed to [email protected]. We will respond within 30 days.

What we collect and why

When you create an account we collect your name, email address, and password. Your password is never stored in readable form. It is hashed using bcrypt before it is saved and cannot be recovered by anyone, including us.

When you set up your organisation we collect the organisation name and sector. When you use the platform we store your assessment responses, notes, and any documents you upload as evidence against an assessment area.

If you choose to save an AI provider key in your profile, that key is encrypted using a dedicated secret that exists only on our server. It is decrypted in memory only at the moment it is used for an API call and is never written to a log file, never transmitted to any third party, and never visible to us in readable form.

We also store your timezone and display preferences so the platform works the way you expect it to.

What we do not collect

We do not run advertising. We do not use analytics tools. We do not track your behaviour across other websites. We do not sell, share, or disclose your information to any third party for any commercial purpose.

Where your data is stored

All data is stored on servers located in Australia. Your assessment data, evidence files, and account information do not leave Australia.

Your evidence documents

Documents you upload as evidence are stored on our servers and associated with your assessment. They are retained for as long as your assessment exists. When an assessment is deleted all associated evidence files are permanently removed from our servers. When you delete your account all data associated with your organisation is permanently removed if you are the last member.

AI provider keys

If you save an Anthropic or OpenAI key, it is encrypted at rest using a key that is separate from all other application secrets. It is used only to make API calls on your behalf. It is never logged, never stored in session, never transmitted in readable form, and never used for any purpose other than the AI analysis you request. You can remove your saved key at any time from your profile page.

Logs

Our application logs record technical diagnostic information to help us identify and fix problems. Logs may include your user ID, organisation ID, and error messages. Logs do not contain your name, email address, document content, or AI provider keys. Log files are stored on the same Australian server as the application.

How long we keep your data

We keep your data for as long as your account is active. When you delete your account your personal information and all organisation data is permanently deleted from our systems. Expired invitation records are pruned weekly. Session data expires after 120 minutes of inactivity.

Your rights under the Australian Privacy Principles

You have the right to access the personal information we hold about you, to request correction of inaccurate information, and to request deletion of your information. To exercise any of these rights contact [email protected]. We will respond within 30 days.

If you believe we have not handled your personal information appropriately you may contact the Office of the Australian Information Commissioner at oaic.gov.au.

Changes to this policy

If we make material changes to this policy we will update the date at the top of this page. We encourage you to review this policy periodically.