Privacy Policy - Data Usage & Connector Disclosures

What Data We Access

Google Services

Google Drive

  • We access files and folders you select during feed configuration
  • This includes file names, content, metadata (creation date, modified date, file type)
  • We only access folders and files you explicitly authorize

Gmail

  • We access email messages in your Gmail account
  • This includes email content, subject lines, sender/recipient information, timestamps
  • We have read-only access and cannot send, delete, or modify emails

Google Calendar

  • We access calendar events and their details
  • This includes event titles, descriptions, participants, times, and locations
  • We have read-only access and cannot create, modify, or delete events

Microsoft Services

SharePoint

  • We access documents in SharePoint libraries and folders you select
  • This includes file names, content, metadata, and folder structures
  • We only access libraries and folders you explicitly authorize

Outlook

  • We access email messages in your Outlook account
  • This includes email content, subject lines, sender/recipient information, timestamps
  • We have read-only access and cannot send, delete, or modify emails

Communication Platforms

Slack (Enterprise only)

  • We access channel messages and content you select
  • This includes message text, attachments, thread replies, user information
  • We have read-only access and cannot post, edit, or delete messages
  • We only access channels you explicitly authorize

File Storage Services

Dropbox

  • We access files and folders you select during configuration
  • This includes file names, content, metadata, and folder structures
  • We only access folders and files you explicitly authorize

Box

  • We access files and folders you select during configuration
  • This includes file names, content, metadata, and folder structures
  • We only access folders and files you explicitly authorize

Development Tools

GitHub (Pro+ only)

  • We access repository code, commits, and pull requests
  • This includes source code, commit messages, issue descriptions, file changes
  • We only access repositories you explicitly authorize
  • We have read-only access

Confluence (Pro+ only)

  • We access pages, spaces, and attachments you authorize
  • This includes page content, comments, attachments, and metadata
  • We have read-only access

How We Use Your Data

Primary Uses

  1. Intelligent Knowledge Search
    • We index and analyze your connected data sources
    • Content is processed to enable semantic search across your information
    • We extract entities (people, organizations, dates) for better search relevance
  2. Content Summarization
    • We generate summaries and insights from your connected content
    • Email threads, documents, and messages are analyzed for key information
    • Summaries help you quickly understand large volumes of information
  3. Contextual Responses
    • Your data is used to provide context-aware answers to your queries
    • We retrieve relevant documents, emails, and messages based on your questions
    • No data is shared with other users

Data Processing

  • Indexing: All content is indexed using Graphlit (our infrastructure partner)
  • AI Processing: Content is analyzed using AI models for entity extraction and summarization
  • Storage: Indexed content and metadata are stored securely in our systems
  • Encryption: All data is encrypted in transit (TLS) and at rest

What We DO NOT Do

  • We do not sell your data to third parties
  • We do not share your data with other users or organizations
  • We do not use your data to train AI models for other customers
  • We do not access data you haven't explicitly connected
  • We cannot modify or delete your original data in connected services (read-only access)
  • We do not provide your data to advertisers

Data Retention

  • Active Feeds: Content remains indexed while your feeds are active
  • Feed Deletion: When you delete a feed, associated content is removed within 30 days
  • Account Deletion: All your data is permanently deleted within 30 days of account closure
  • OAuth Tokens: Stored securely and deleted when you disconnect a service

Your Rights & Controls

You can:

  • Disconnect any service at any time from your dashboard
  • Delete specific feeds without disconnecting the entire service
  • Revoke access through the service provider (Google, Microsoft, etc.)
  • Request data deletion by contacting support
  • Export your data upon request
  • View what data is indexed through the Documents panel

Third-Party Services

We use:

  • Graphlit - Content indexing and feed management infrastructure
  • Supabase - Database and authentication services
  • All third-party services are SOC 2 compliant and maintain strict security standards

Compliance

  • GDPR Compliant - We respect European data protection rights
  • OAuth 2.0 - All integrations use industry-standard secure authentication
  • Minimal Permissions - We only request necessary scopes for functionality
  • User Consent - You explicitly authorize each connector integration

Changes to This Policy

We may update this policy to reflect new features or legal requirements. Users will be notified of material changes via email.

Contact

For privacy questions or data deletion requests, contact: sc@trymeridian.dev

Last Updated: October 13, 2025