Privacy policy

Last updated: April 18, 2026 · Version 2.0

Short version: what Meridian knows about you depends on how you use it. Visitors who never sign in stay completely local. If you sign in with Google, we verify your identity and store your profile on our servers. Premium members have additional scheduling data stored server-side. We never sell your data.

1. Who we are

Meridian is a scheduling tool maintained by TouchSplit.IO Team. This policy covers everyone who interacts with the app hosted at this domain, whether you browse without signing in, sign in with Google, or use Premium features as an invited team member.

2. Information we collect

Meridian has three usage tiers. What we collect depends on which tier applies to you.

2a. Unauthenticated visitors (demo / offline mode)

None at the application layer. Specifically:

• The app does not set cookies of any kind.
• The app does not use analytics, telemetry, or error-tracking services.
• Data you enter (name, timezone, availability, collaboration hours, team members you import) is stored only in your browser's localStorage. We never receive, transmit, or keep a copy of it on any server.
• Body text fonts (Manrope, Inter) are bundled into the app — no third-party requests for those.
• Icon font (Material Symbols) is loaded from Google Fonts (fonts.googleapis.com / fonts.gstatic.com). This means your browser sends your IP address and User-Agent to Google when the page loads. Google states that it does not use this data for tracking or advertising; see the Google Fonts Privacy FAQ for details.

2b. Signed-in users (Google Sign-In)

When you sign in with Google, your browser obtains a Google ID token and sends it to our server. We verify this token against Google's public signing keys to confirm your identity. On every subsequent sign-in the same verification happens: your Google token is re-checked against both Google and our own records.

We store the following from your Google profile:

• Google user identifier — a unique ID assigned by Google
• Display name
• Email address
• Profile picture URL (if provided by Google)

We also store data you provide or that is generated by the app:

• Timezone — set by you in the app
• Account tier and status — free or premium, active / expired / trial, and associated dates
• Workspace memberships — which workspaces you belong to and your role in each

2c. Premium members

Premium members who use the server-connected experience have the following additional data stored:

• Availability entries — day and time range, plus an optional private label and color visible only to you
• Workspace data — workspace name, description, member count, and ownership
• Invitation records — invite codes you create or accept, their creation date, usage count, and expiry
• Collaboration windows — your preferred meeting-time ranges
• Calendar sync metadata — which external calendar is connected, sync status, and last sync timestamp. We do not store the contents of your calendar events (titles, descriptions, attendees, or locations). Events are reduced to bare time ranges (date, start time, end time) before anything is saved.

3. Data security

• All data stored on our servers is protected by encryption at rest — it is automatically encrypted before being written to disk and decrypted only when accessed by our application.
• All communication between your browser and our servers is encrypted in transit via HTTPS / TLS.
• Calendar OAuth tokens (for Google Calendar or Outlook sync) are stored encrypted on the server. Your browser never sees or stores these tokens.

4. What we do not do

• We do not sell, rent, or share your personal data with third parties.
• We do not use your data for advertising or behavioral profiling.
• We do not store the contents of your calendar events — only bare time ranges are retained after processing.

5. Transport-level logs (CDN)

The site is delivered via Amazon CloudFront. As a matter of transport, CloudFront edge servers process each request's IP address and user-agent string in order to return a response. We do not enable standard CloudFront access logs on this distribution, and no logs are retained by us. AWS's own operational practices are governed by the AWS Privacy Notice.

6. Export files

When you export your availability as a .meridian file, the file is generated entirely in your browser and downloaded to your device. We never receive a copy. You own the file and are responsible for how you store and share it. If you import files from others, those files are parsed locally — nothing leaves your browser.

7. Third-party links

These pages link to an external LinkedIn profile. LinkedIn's own privacy practices apply once you follow that link. No LinkedIn widgets or scripts are embedded in this app — a plain link is all you encounter until you choose to click it.

8. Children

This site is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children.

9. California residents

We do not sell or share personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals by default. This project does not meet the thresholds of a "covered business" under the California Consumer Privacy Act (CCPA/CPRA), but we aim to respect its spirit regardless.

10. EU / UK / Canada / Brazil residents

Under GDPR, UK GDPR, PIPEDA, and LGPD, the controller is TouchSplit.IO Team (contact via LinkedIn, linked in the footer). For unauthenticated visitors, processing is limited to what happens in your browser. For signed-in users, the lawful basis for processing is performance of the service you requested (GDPR Art. 6(1)(b)). You retain full rights of access, rectification, erasure, and portability — see section 11 for how to exercise them.

11. Data deletion

Unauthenticated / offline users: all data lives in your browser. Use the built-in Reset your data option in the profile menu to clear all local availability, team members, and workspace data immediately.

Signed-in and Premium users: to delete all data stored on our servers, contact us via the link in section 13. Upon receiving your request, we will remove your account and all associated data from our systems.

12. Changes to this policy

We may update this policy as the app evolves. The "Last updated" date above reflects the most recent revision. Material changes will be reflected by bumping the version number.

13. Contact

For privacy-related questions, reach out via LinkedIn.