Privacy Policy

1. Introduction

Meridian Energy Pty Ltd (ABN placeholder) ("Meridian", "we", "us", or "our") is committed to protecting the privacy of individuals who interact with our platform and services. This Privacy Policy describes how we collect, use, disclose, and store personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By accessing or using the Meridian platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

We collect the following categories of personal information:

• Account information: Name, email address, company name, job title, and phone number provided during registration or when requesting a demo.
• Usage data: Information about how you interact with the platform, including pages viewed, features used, session duration, and actions taken within the application.
• Technical data: IP address, browser type, operating system, device identifiers, and referral URLs collected automatically when you access our website or platform.
• Payment information: Billing address and payment method details processed through our third-party payment processor. We do not store full credit card numbers on our servers.
• Communications: Records of correspondence when you contact our support team, provide feedback, or participate in surveys.
• Customer data: Data you upload to the platform, such as production data, cost estimates, and economic models. While this data may not constitute personal information, we treat it with the same level of care and security.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Meridian platform and our services.
• To process transactions and send related information, including purchase confirmations and invoices.
• To communicate with you, including responding to enquiries, providing customer support, and sending service-related notifications.
• To send marketing communications where you have opted in to receive them. You may opt out at any time.
• To monitor and analyse usage patterns to improve the user experience, performance, and reliability of our platform.
• To detect, prevent, and address technical issues, security incidents, and fraudulent activity.
• To comply with legal obligations and enforce our Terms of Service.

4. Data Storage and Security

All data is hosted on Amazon Web Services (AWS) in the Sydney region (ap-southeast-2). Your data does not leave Australian jurisdiction unless you explicitly choose otherwise.

We implement industry-standard security measures to protect your personal information, including:

• AES-256 encryption at rest for all stored data, including backups and database snapshots.
• TLS 1.3 encryption for all data in transit.
• Role-based access control (RBAC) with least-privilege enforcement.
• Multi-factor authentication (MFA) for all internal and customer accounts.
• Daily automated backups with 30-day retention stored in a geographically separate AWS availability zone within Australia.
• Regular vulnerability assessments and penetration testing by accredited third parties.

While we take all reasonable steps to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

5. Third Parties

We may share personal information with the following categories of third parties:

• Service providers: Third-party companies that perform services on our behalf, such as cloud hosting (AWS), payment processing (Stripe), email delivery, and analytics. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Legal and regulatory: Government authorities, regulators, or law enforcement agencies where required by law, court order, or regulatory obligation.
• Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity on our website. These include:

• Essential cookies: Required for the platform to function correctly, including session management and authentication.
• Analytics cookies: Used to understand how visitors interact with our website, helping us improve the user experience. We use privacy-focused analytics tools.
• Preference cookies: Used to remember your settings and preferences, such as language and display options.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the platform.

7. Your Rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the following rights:

• Access: You may request access to the personal information we hold about you.
• Correction: You may request that we correct any inaccurate or incomplete personal information.
• Complaint: If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).
• Opt out: You may opt out of receiving marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.

If you are located in the Asia-Pacific region outside of Australia, local privacy laws may grant you additional rights. Please contact us for information specific to your jurisdiction.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. When you close your account or request deletion, we will delete or anonymise your personal information within 90 days, except where we are required to retain it for legal, regulatory, or audit purposes.

Customer data uploaded to the platform (production data, economic models, etc.) is deleted within 30 days of account termination unless you request earlier deletion or an extended retention period.

Audit logs are retained for the life of your subscription plus 12 months to support compliance and audit requirements.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or through a prominent notice on the platform prior to the changes taking effect. Your continued use of the platform after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us: