Legal Document

Privacy Policy

Effective: June 1, 2026 Last updated: July 11, 2026 Version: 2.0 Mazal Arc · Meridian Intel

Plain English summary: We collect only what we need to run the platform. Your uploaded documents are processed to answer your queries and are never sold, shared with advertisers, or used to train AI models. You control your data and can request deletion at any time.

Contents
  1. Who we are
  2. What we collect
  3. How we handle your documents
  4. PII scrubbing
  5. How we use your data
  6. Who we share data with
  7. Data retention
  8. Security
  9. Your rights
  10. Cookies and local storage
  11. AI models and third parties
  12. Children's privacy
  13. Changes to this policy
  14. Contact us

1. Who we are

Meridian Intel is a product of Mazal Arc, a technology company building at the intersection of business, tech, and community.

Meridian Intel is a zero-hallucination Retrieval-Augmented Generation (RAG) platform that allows users to upload documents and query them using natural language. The platform operates across fourteen domain fields including pharmaceutical compliance, legal, finance, research, and general enterprise use.

Contact: support@meridianintel.app

2. What we collect

Account information

Usage data

Technical data

What we do NOT collect

3. How we handle your documents

Core principle: Your documents are yours. They are processed to serve your queries and for no other purpose.

When you upload a document to Meridian Intel, the following happens:

  1. The document is received by our OCaml gateway and forwarded to our FastAPI processing worker
  2. Text is extracted from the PDF using pdfplumber
  3. The text is split into chunks using our recursive chunking algorithm (chunk size determined by your tier)
  4. PII scrubbing is applied before any data reaches an AI model (see Section 4)
  5. Chunks are embedded into vector representations and stored in ChromaDB under your user collection
  6. The original PDF file is not stored permanently — only the processed text chunks and their embeddings

Enclave tier isolation

Enclave (Enterprise) tier users receive per-user ChromaDB collection isolation. Your document chunks are stored in a collection accessible only to your user ID and are never co-mingled with other users' data.

Free and mid tiers

Ephemeral, Segment, Lattice, and Vector tier users share a ChromaDB collection namespace. Individual documents are tagged with your user ID and are not accessible to other users, but they are stored in a shared infrastructure environment.

4. PII scrubbing

Meridian Intel applies automatic PII scrubbing before any document content reaches an AI language model. This is a core architectural feature, not an optional add-on.

Category Default (General) Default (Pharma fields) User overridable
Email addressesScrubbedScrubbedYes
Phone numbersScrubbedNot scrubbedYes
Social Security NumbersScrubbedScrubbedYes
Credit card numbersNot scrubbedNot scrubbedYes
IP addressesNot scrubbedNot scrubbedYes
Passport numbersNot scrubbedNot scrubbedYes
Dates of birthScrubbedScrubbedYes
Physical addressesScrubbedScrubbedYes
Personal namesScrubbedScrubbedYes

Pharmaceutical field defaults are calibrated to preserve lot numbers, batch numbers, catalog IDs, and article numbers which would otherwise be incorrectly flagged by broad phone or numeric patterns.

PII scrubbing runs on query text, retrieved document chunks, and generated responses before any data is stored in query history.

5. How we use your data

DataPurposeLegal basis
Account emailAuthentication, support communicationContract performance
Document chunksAnswer your queriesContract performance
Query historyHistory sidebar, regression analysisLegitimate interest
Feedback ratingsImprove retrieval qualityLegitimate interest
Usage analyticsPlatform performance monitoringLegitimate interest
IP addressSecurity, rate limiting, fraud preventionLegitimate interest
Support ticketsResolve your support requestsContract performance

We never use your data to:

6. Who we share data with

We share data only with the following categories of third parties, and only to the extent necessary to operate the platform:

Third partyPurposeData shared
AWS SESWorkspace access verification emails (primary)Name and email address for one-time code delivery only
ResendWorkspace access verification emails (backup)Name and email address for one-time code delivery only — used if AWS SES is unavailable
GoogleGoogle SSO authentication and cloud AI fallback inference (AUTO mode)SSO: receives name and email via OAuth 2.0 identity flow. AI: scrubbed query text and scrubbed document chunks only — no raw PII reaches Gemini
OpenAICloud AI tertiary fallback inference (AUTO mode only)Scrubbed query text and scrubbed document chunks only — no raw PII reaches OpenAI
RailwayCloud infrastructure hostingAll platform data is hosted on Railway servers
CloudflareDNS and DDoS protectionNetwork traffic metadata only

We do not use advertising networks, analytics resellers, or social media tracking pixels.

7. Data retention

Data typeRetention period
Document chunks (Ephemeral tier)Session only — deleted on logout or session expiry
Document chunks (Segment / Lattice / Vector)Until you delete the document or close your account
Document chunks (Enclave)Per contract terms — default 12 months
Query historyLattice: 7 days · Vector: 90 days · Enclave: per contract
Account informationUntil account deletion + 30 days
Support tickets24 months
Billing records7 years (legal requirement)
Security logs90 days

8. Security

Meridian Intel is built with security as a core architectural concern, not an afterthought:

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it.

9. Your rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, email us at support@meridianintel.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

10. Cookies and local storage

Meridian Intel uses minimal browser storage:

Storage keyPurposeTypeExpires
rag_dark_modeRemember your light/dark preferencelocalStorageNever (until cleared)
rag_accentRemember your accent color choicelocalStorageNever (until cleared)
rag_font_sizeRemember your font size preferencelocalStorageNever (until cleared)
Workspace access token (JWT)Authentication sessionBrowser memory only (not persisted)8 hours

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required for essential platform functionality cookies under ePrivacy Directive exemptions.

11. AI models and third parties

Local inference (Mistral-7B)

By default, query processing uses a locally hosted Mistral-7B model running on Meridian Intel's infrastructure. Your document content and queries do not leave our servers during local inference.

Cloud inference (Gemini 2.5 Flash Lite & OpenAI gpt-4o-mini)

When local inference is unavailable or rate-limited, our AUTO Shield feature routes requests to Google's Gemini 2.5 Flash Lite API, then OpenAI gpt-4o-mini as a tertiary fallback. Users can also manually select any engine (Mistral, Gemini, or GPT) from the workspace menu, which disables the AUTO cascade and routes directly to the chosen engine. Only scrubbed text (after PII removal) is sent to any cloud provider. We do not send raw document content, account information, or identifiable user data to Google or OpenAI. Users who require a complete zero-cloud guarantee may enable local_only engine mode, which disables all cloud fallback entirely.

Google's use of data submitted via API is governed by the Google AI API Terms of Service. Google does not use API data to train its models by default.

No model training on your data

Neither Mazal Arc nor any third-party AI provider uses your uploaded documents or queries to train, fine-tune, or improve AI models. This applies to both local and cloud inference paths.

12. Children's privacy

Meridian Intel is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at support@meridianintel.app and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Continued use of the platform after changes take effect constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account by contacting us.

14. Contact us

Mazal Arc · Meridian Intel

For privacy questions, data requests, or concerns:

Email: support@meridianintel.app

GitHub: github.com/meridian-intel-platform

We aim to respond to all privacy-related inquiries within 30 days.