Legal Document
Plain English summary: We collect only what we need to run the platform. Your uploaded documents are processed to answer your queries and are never sold, shared with advertisers, or used to train AI models. You control your data and can request deletion at any time.
Meridian Intel is a product of Mazal Arc, a technology company building at the intersection of business, tech, and community.
Meridian Intel is a zero-hallucination Retrieval-Augmented Generation (RAG) platform that allows users to upload documents and query them using natural language. The platform operates across fourteen domain fields including pharmaceutical compliance, legal, finance, research, and general enterprise use.
Contact: support@meridianintel.app
Core principle: Your documents are yours. They are processed to serve your queries and for no other purpose.
When you upload a document to Meridian Intel, the following happens:
pdfplumberEnclave (Enterprise) tier users receive per-user ChromaDB collection isolation. Your document chunks are stored in a collection accessible only to your user ID and are never co-mingled with other users' data.
Ephemeral, Segment, Lattice, and Vector tier users share a ChromaDB collection namespace. Individual documents are tagged with your user ID and are not accessible to other users, but they are stored in a shared infrastructure environment.
Meridian Intel applies automatic PII scrubbing before any document content reaches an AI language model. This is a core architectural feature, not an optional add-on.
| Category | Default (General) | Default (Pharma fields) | User overridable |
|---|---|---|---|
| Email addresses | Scrubbed | Scrubbed | Yes |
| Phone numbers | Scrubbed | Not scrubbed | Yes |
| Social Security Numbers | Scrubbed | Scrubbed | Yes |
| Credit card numbers | Not scrubbed | Not scrubbed | Yes |
| IP addresses | Not scrubbed | Not scrubbed | Yes |
| Passport numbers | Not scrubbed | Not scrubbed | Yes |
| Dates of birth | Scrubbed | Scrubbed | Yes |
| Physical addresses | Scrubbed | Scrubbed | Yes |
| Personal names | Scrubbed | Scrubbed | Yes |
Pharmaceutical field defaults are calibrated to preserve lot numbers, batch numbers, catalog IDs, and article numbers which would otherwise be incorrectly flagged by broad phone or numeric patterns.
PII scrubbing runs on query text, retrieved document chunks, and generated responses before any data is stored in query history.
| Data | Purpose | Legal basis |
|---|---|---|
| Account email | Authentication, support communication | Contract performance |
| Document chunks | Answer your queries | Contract performance |
| Query history | History sidebar, regression analysis | Legitimate interest |
| Feedback ratings | Improve retrieval quality | Legitimate interest |
| Usage analytics | Platform performance monitoring | Legitimate interest |
| IP address | Security, rate limiting, fraud prevention | Legitimate interest |
| Support tickets | Resolve your support requests | Contract performance |
We never use your data to:
We share data only with the following categories of third parties, and only to the extent necessary to operate the platform:
| Third party | Purpose | Data shared |
|---|---|---|
| AWS SES | Workspace access verification emails (primary) | Name and email address for one-time code delivery only |
| Resend | Workspace access verification emails (backup) | Name and email address for one-time code delivery only — used if AWS SES is unavailable |
| Google SSO authentication and cloud AI fallback inference (AUTO mode) | SSO: receives name and email via OAuth 2.0 identity flow. AI: scrubbed query text and scrubbed document chunks only — no raw PII reaches Gemini | |
| OpenAI | Cloud AI tertiary fallback inference (AUTO mode only) | Scrubbed query text and scrubbed document chunks only — no raw PII reaches OpenAI |
| Railway | Cloud infrastructure hosting | All platform data is hosted on Railway servers |
| Cloudflare | DNS and DDoS protection | Network traffic metadata only |
We do not use advertising networks, analytics resellers, or social media tracking pixels.
| Data type | Retention period |
|---|---|
| Document chunks (Ephemeral tier) | Session only — deleted on logout or session expiry |
| Document chunks (Segment / Lattice / Vector) | Until you delete the document or close your account |
| Document chunks (Enclave) | Per contract terms — default 12 months |
| Query history | Lattice: 7 days · Vector: 90 days · Enclave: per contract |
| Account information | Until account deletion + 30 days |
| Support tickets | 24 months |
| Billing records | 7 years (legal requirement) |
| Security logs | 90 days |
Meridian Intel is built with security as a core architectural concern, not an afterthought:
In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, email us at support@meridianintel.app. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.
Meridian Intel uses minimal browser storage:
| Storage key | Purpose | Type | Expires |
|---|---|---|---|
rag_dark_mode | Remember your light/dark preference | localStorage | Never (until cleared) |
rag_accent | Remember your accent color choice | localStorage | Never (until cleared) |
rag_font_size | Remember your font size preference | localStorage | Never (until cleared) |
| Workspace access token (JWT) | Authentication session | Browser memory only (not persisted) | 8 hours |
We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required for essential platform functionality cookies under ePrivacy Directive exemptions.
By default, query processing uses a locally hosted Mistral-7B model running on Meridian Intel's infrastructure. Your document content and queries do not leave our servers during local inference.
When local inference is unavailable or rate-limited, our AUTO Shield feature routes requests to Google's Gemini 2.5 Flash Lite API, then OpenAI gpt-4o-mini as a tertiary fallback. Users can also manually select any engine (Mistral, Gemini, or GPT) from the workspace menu, which disables the AUTO cascade and routes directly to the chosen engine. Only scrubbed text (after PII removal) is sent to any cloud provider. We do not send raw document content, account information, or identifiable user data to Google or OpenAI. Users who require a complete zero-cloud guarantee may enable local_only engine mode, which disables all cloud fallback entirely.
Google's use of data submitted via API is governed by the Google AI API Terms of Service. Google does not use API data to train its models by default.
Neither Mazal Arc nor any third-party AI provider uses your uploaded documents or queries to train, fine-tune, or improve AI models. This applies to both local and cloud inference paths.
Meridian Intel is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at support@meridianintel.app and we will delete it promptly.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Continued use of the platform after changes take effect constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account by contacting us.
Mazal Arc · Meridian Intel
For privacy questions, data requests, or concerns:
Email: support@meridianintel.app
GitHub: github.com/meridian-intel-platform
We aim to respond to all privacy-related inquiries within 30 days.