Legal
Privacy Policy
Last updated: 06.13.2026 · Effective: 06.13.2026
Template notice: This document is a working template prepared for Meridian SEO, LLC. It is not legal advice. Before publication, have it reviewed by a licensed attorney in your jurisdiction, fill in every [BRACKETED FIELD], and confirm compliance with applicable laws (GDPR, CCPA, state privacy laws).
1. Who We Are
Meridian SEO, LLC ("Meridian SEO, LLC," "we," "us," "our") operates the AI website generation platform available at https://www.meridianseo.ai (the "Service"). Our principal place of business is 157 Columbus Ave Floor 4, New York, NY 10023, New York. You can reach us at info@meridianseo.ai or .
2. What This Policy Covers
This policy explains what information we collect when you use the Service, how we use it, who we share it with, how long we keep it, and what choices you have. It applies to information collected through our dashboard, generated client websites we host on your behalf, and our customer support channels.
3. Information You Provide
Account information
- Name, email address, business name, and password (stored as a salted hash)
- Billing information processed by our payment partners (we never store full card numbers — see Section 6)
- Optional profile information you choose to add
Project content
- URLs you submit for ingestion (existing websites, listings)
- Media files you upload (images, video, audio) — see Section 9 for handling
- Voice recordings submitted to our Whisper-powered intake feature
- Color, branding, copy, and configuration choices you make
- API keys you provide under our Bring-Your-Own-Key (BYOK) program (encrypted; see Section 5)
Communications
Messages you send to support, feedback you submit, and survey responses.
4. Information We Collect Automatically
- Device and usage data — IP address, browser type, operating system, pages viewed, timestamps, referring URLs
- Cookies and similar technologies — see our Cookie Policy [LINK]
- Performance telemetry — generation duration, error rates, anonymized usage metrics to improve the Service
- Visiting companies (first-party analytics) — on our own site and on client websites we host, we identify the organizations that visit at the company level only, derived from network information. We do not identify individual people, we do not store visitor IP addresses for this purpose, and we honor Do‑Not‑Track.
5. Information About AI Processing
The Service uses third-party AI providers including OpenAI (GPT-4o, Whisper, text-to-speech), Groq (Llama-3 inference), and others. When you generate a website:
- Your project inputs (voice transcripts, niche, audience description) are sent to these providers as prompt context
- Outputs are returned to us, stored under your account, and used to build your generated website
- We pass BYOK API calls directly through to the provider you specified — your provider holds those usage records
- We do not use your project content to train third-party models. We require this contractually from each provider where their terms permit
Voice recordings are transcribed by OpenAI Whisper and the audio is deleted from our servers within thirty days of transcription unless you request earlier deletion.
6. Payment Information
Payments are processed by Stripe and PayPal. We do not store full card or bank details — only a payment-method identifier returned by the processor. Refer to Stripe's privacy policy and PayPal's privacy policy.
7. How We Use Your Information
- To provide, operate, and maintain the Service
- To generate, host, and deploy the websites you build
- To process payments and manage your subscription
- To send transactional messages (receipts, deployment notifications, billing alerts)
- To send marketing communications (only with your consent, and you may unsubscribe at any time)
- To detect, prevent, and investigate fraud, abuse, and content-policy violations
- To comply with legal obligations
- To improve the Service through aggregated, de-identified analytics
8. Content Moderation
We refuse to generate websites for certain prohibited categories including cannabis retail, alcohol retail, sex shops, and firearms sales. Requests in these categories are flagged for human review and we may retain the flagged content for audit purposes for up to twelve months. See our Terms of Service for the full list.
9. Media Upload Handling
Files you upload (images, video, audio) are scanned for malware, sanitized to remove embedded metadata that could leak personal information (EXIF location data, author tags), and stored in encrypted Supabase Storage buckets with row-level security. Files are accessible only to you and to the generation pipeline.
10. Who We Share Information With
- Sub-processors who help us run the Service: Supabase (database + storage), Vercel (hosting), Railway (workers), Cloudflare (CDN/WAF), OpenAI, Groq, Stripe, PayPal, GitHub. Each is contractually bound to confidentiality and security obligations
- Authorities when required by valid legal process
- Successors in connection with a merger, acquisition, or asset sale, with notice to you
We do not sell your personal information, and we do not share it for cross-context behavioral advertising as defined under CCPA / CPRA.
11. How Long We Keep Information
- Account data: while your account is active, plus thirty days after closure
- Generated websites and project assets: while your subscription is active, plus thirty days after cancellation
- Voice recordings: up to thirty days after transcription
- Billing records: seven years (US tax retention)
- Audit logs: twelve months (security and compliance)
- Moderation flags: twelve months
12. Your Rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your information (subject to legal retention requirements)
- Port your information to another service in a structured format
- Object to or restrict certain processing
- Withdraw consent at any time where processing relies on consent
- Lodge a complaint with a supervisory authority
To exercise these rights, email info@meridianseo.ai with the subject line "Privacy Rights Request." We respond within thirty days.
13. International Transfers
We are based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. Where required (e.g., from the EEA, UK, or Switzerland), we rely on Standard Contractual Clauses or equivalent safeguards with our sub-processors.
14. Children
The Service is not directed to children under sixteen. We do not knowingly collect personal information from children under sixteen. If you believe we have, contact us and we will delete it.
15. Security
We use encryption in transit (TLS 1.2+), encryption at rest (AES-256), row-level security on user data, multi-factor authentication for administrative access, and quarterly third-party security review. No system is perfectly secure, but we take security seriously and we will notify you of any breach affecting your information as required by law.
16. Changes to This Policy
We may update this policy from time to time. Material changes will be notified by email and through the dashboard at least thirty days before they take effect, except where a shorter notice is required by law.
17. Contact
Questions, requests, or complaints regarding this policy:
Meridian SEO, LLC
Email: info@meridianseo.ai
Phone:
Address: 157 Columbus Ave Floor 4, New York, NY 10023, New York