Legal
01
When you create an account, we collect your email address and, optionally, your display name. If you sign in with Apple or Google, we receive the email address and name associated with that account.
The core of Meridian is the travel content you create: destinations (cities you have visited, are planning to visit, or wish to visit), trips (date ranges and notes for each visit), places (restaurants, museums, spots you tag within a city), and any notes you write. This data is stored securely and synced to your device so the app works offline.
When you add photos to Meridian, we store them in private cloud storage. If your photos contain GPS metadata, we read that data to automatically tag photos to nearby places. We do not alter or strip your original photo files. See Section 4 for full details.
Meridian requests location access to centre the map on your current position when you open the app. We do not request background location access. Your current location is used only in the moment — it is not stored on our servers.
If you share a destination, trip, or place with another person, we create a secure share token linked to your account. When a recipient opens a share link, we record it in their account so they can access it later. No identifying information about you is shared with recipients beyond your display name.
We do not use third-party analytics or crash reporting SDKs. We do not track your behaviour within the app.
If you subscribe to Meridian Pro, the purchase is processed by Apple. We use RevenueCat to verify your subscription status. RevenueCat receives a pseudonymous user identifier — not your payment details. We never see or store your credit card information.
02
| Data | Purpose |
|---|---|
| Email and name | Account authentication, password reset, and identifying you within the app |
| Travel data | Displaying your journal, syncing across sessions, enabling offline use |
| Photos | Displaying your travel memories; GPS metadata used for automatic place-tagging |
| Location (live) | Centring the map on your position when you open the app |
| Share tokens | Delivering shared content to recipients; managing revocation |
| Subscription status | Determining access to Pro features |
We do not use your data to train machine learning models. We do not use your data for advertising. We do not sell your data to any third party.
03
Meridian is built on a small set of trusted infrastructure providers. Each receives only the data necessary to perform their specific function.
| Service | Provider | What They Receive |
|---|---|---|
| Database and authentication | Supabase | Your account, travel data, and photos (stored in a private bucket) |
| Offline sync | PowerSync | Sync metadata; your actual data lives in Supabase |
| Maps | Mapbox | Map tile requests; your IP address while using the map |
| Place search | Google Places API | Search queries you type when adding a new place |
| Subscriptions | RevenueCat | A pseudonymous user ID and your subscription entitlement status |
| Payments | Apple (App Store) | All payment processing; we never see your card details |
| Hosting and CDN | Cloudflare Pages | Website requests; standard access logs |
Each of these providers operates under their own privacy policies. We choose providers with strong data protection practices.
04
Meridian requests access to your photo library to let you add photos to your travel journal. You may grant full access or limited access (selecting specific photos). We only prompt for permission when you take an action that requires it — never on app launch.
Many photos taken on a smartphone contain GPS coordinates embedded in the file. When you add a photo to Meridian, we read those coordinates to automatically match the photo to a nearby place in your journal (within 150 metres). The coordinates are stored alongside the photo record so the match can be recalculated if needed. We do not share this data with third parties beyond our infrastructure providers.
Photos you add are uploaded to a private, secure storage location. Your photos are not publicly accessible — they can only be viewed by you, through the app.
Meridian stores a reference to your device photos locally so you can view them while offline. If network access is unavailable when you add a photo, the upload is queued and completed automatically when connectivity is restored.
05
Meridian includes an optional feature to share destinations, trips, or places with other people via a link. Here is how it works:
We may disclose your data if required by law or to protect the rights, safety, or property of our users or the public — for example, in response to a valid legal process.
06
We take the security of your data seriously. Your content is encrypted in transit and stored securely in the cloud — only you can access your journal, your photos, and your notes. Your login credentials are protected using iOS hardware-level encryption and are never stored in a way that could be exposed through a device backup.
Photos you add are stored in a private location that cannot be accessed by anyone else, and are only ever loaded through secure, time-limited links generated specifically for you.
No system is completely immune to risk, and we cannot guarantee absolute security. If you believe you have found a security issue, please contact us at support@meridianjournal.world and we will address it promptly.
07
We retain your data for as long as your account is active. You can delete your account at any time from the Profile section of the app. When you delete your account:
Deletion is permanent. Once your account is deleted, your data cannot be recovered — we do not offer account restoration or data recovery.
To request deletion of your data without deleting your account, or for any other data request, contact us at support@meridianjournal.world.
08
Meridian is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.
09
Depending on where you live, you may have rights over your personal data. These include:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request that we correct inaccurate data |
| Deletion | Request deletion of your personal data (or delete your account directly in the app) |
| Portability | Request your data in a structured, machine-readable format |
| Objection / Restriction | Object to or request restriction of certain processing |
| Opt-out of sale | We do not sell your data — this right is already satisfied |
These rights apply to users in the European Economic Area (GDPR), the United Kingdom (UK GDPR), California (CCPA/CPRA), and other jurisdictions with applicable privacy law. To exercise any of these rights, contact us at support@meridianjournal.world. We will respond within 30 days.
If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.
10
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. If the changes are significant, we will notify you within the app. Continued use of Meridian after an update constitutes acceptance of the revised policy.
11
The Meridian team is here to help. If you have any questions about this Privacy Policy or how we handle your data, please reach out — we read every email.