We built Meridius to help you build better habits — not to harvest your data. This policy explains what we collect, why we collect it, and what we never touch. We've written it in plain language on purpose.
What we collect
Meridius collects only what is necessary to make the app work for you:
Email address — used to create and authenticate your account. Required to sign in.
Display name — optional. You can use the app without one. Shown to your accountability partner if you set one up.
Habit data — the names of your habits, their completion timestamps, and your current streak counts.
Weekly reflection text — your written responses to the three weekly reflection prompts. Stored privately on your account.
Push notification token — a device-level token from Apple used to send you reminders you've opted into. Never used for marketing.
Accountability partner relationships and messages — if you invite a partner, we store that relationship and any encouragement messages sent between you.
Usage analytics — interactions such as feature use, habit completions, and subscription events, stored in your account to help us understand how the app is used and improve it over time. This data never leaves our own infrastructure.
What we don't collect
If you connect Apple Health features in the future, that data stays on your device. Meridius does not read, store, or transmit Apple Health data to any server.
How we use your information
We use the information we collect for the following purposes:
Authentication — to verify your identity and keep your account secure.
Data storage — to save your habits, completions, and reflections so they persist across sessions and devices.
Streak calculation — to compute and display your current and longest streaks accurately.
Push notifications — to send you habit reminders and weekly reflection prompts you've opted into.
Subscription management — to validate your subscription status and unlock paid features.
AI coaching insights — for Apex subscribers, to generate personalized coaching based on your habit completion patterns.
We do not use your habit data or reflection text to train machine learning models. Your words are yours.
Who we share data with
We work with a small number of trusted service providers to operate Meridius. Here's exactly who has access to what:
Our database and authentication provider. Your account data and habit data are stored in Supabase-managed infrastructure in the EU and US, encrypted at rest and in transit.
Handles subscription management and receipt validation. RevenueCat receives your anonymous app user ID and Apple purchase receipts to verify your subscription status.
Apple's Push Notification service delivers the reminders you've opted into. Apple receives your device token but not the content of your habits.
For Apex subscribers, we send habit completion data to Google's Gemini AI to generate personalized coaching insights. This data is not used by Google to train models. See Google's privacy policy.
We use Google Analytics 4 on our website (meridius.app) to understand how visitors find and use the site. GA4 collects anonymized usage data such as pages visited, referral source, and general device type. No personal identifiers from the app are shared with GA4. Analytics cookies are only set if you accept them via our cookie consent banner. See Google's privacy policy.
Website analytics
Our website at meridius.app uses Google Analytics 4 (GA4) to collect anonymous, aggregated usage data — such as which pages are visited, how visitors arrive at the site, and general device and browser information. This helps us understand what's working and where to improve.
GA4 runs in consent mode. When you first visit the site, analytics cookies are blocked by default. You will see a consent banner giving you the choice to accept or decline. If you decline, GA4 collects only cookieless, anonymized data with no persistent identifiers. If you accept, a standard analytics cookie (_ga) is set to help us distinguish returning visitors.
No data from the Meridius iOS app is connected to or shared with Google Analytics. Website analytics and app data are entirely separate.
You can withdraw cookie consent at any time by clearing your browser's local storage for meridius.app.
Your rights and choices
You are in control of your data:
Delete your account — from Settings, you can permanently delete your account and all associated data. Deletion is completed within 30 days.
Export your data — request a full export of your data from within settings or by emailing privacy@meridius.app.
Opt out of notifications — revoke notification permissions at any time in iOS Settings.
Remove your accountability partner — disconnect from your partner at any time from within the app.
Data security
All data transmitted between Meridius and our servers is encrypted using TLS. Data stored in our database is encrypted at rest. We follow industry best practices to protect your information from unauthorized access, disclosure, or destruction.
If you discover a security vulnerability, please report it to privacy@meridius.app. We take every report seriously and will respond promptly.
Children's privacy
Meridius is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with their information, please contact us at privacy@meridius.app.
Contact us
Questions about this policy or your data? Write to us at privacy@meridius.app. We're a small team and we read every message.