Security & Compliance
Meridian infrastructure is built around data minimization, client-approved boundaries, and operational review.
Public Form Flow
This public website uses Web3Forms for initial inquiry processing. We do not store sensitive legal or medical data through these public forms. All inquiry data is encrypted in transit and at rest using standard cloud provider encryption (TLS 1.3 and AES-256).
Approved Scripts & Boundaries
Deployment-specific responders only use scripts explicitly approved by the client. These scripts are designed to capture fit without providing advice, triage, or professional clearance.
Data Minimization
We enforce strict "do-not-collect" rules for clinical details, legal strategy, payment cards, and passwords. Meridian responders are trained to deflect restricted data entries.
Access & Retention
Access to client intake logs is restricted to authorized Meridian partners and client representatives via MFA-secured endpoints. Default retention for recovery logs is 30 days unless a client-specific deletion policy is active.
AI Worker Disclosure
Where AI workers are used to assist with qualification, Meridian maintains a "human-in-the-loop" transcript QA layer. We do not train models on private client workflow data.
Incident Notice Posture
In the event of a suspected data incident affecting client infrastructure, Meridian provides notice to the primary client contact within 24 hours of discovery.
Note: Meridian provides infrastructure and operational support. Clients remain responsible for their own professional obligations, regulated board compliance, and final approval of all automated or operated responses.