Privacy Policy
Last updated: May 15, 2026
MeridianGrid is a business data integration and analytics service. We process customer data only to provide, secure, support, and improve the service our customers configure.
This Privacy Policy explains what information MeridianGrid collects and processes when you visit our site, create an account, invite team members, connect third-party platforms, import data, transform data, query data, or export data to destinations such as Google Sheets or BigQuery.
Information We Process
Account and user information
We store information needed to create and administer MeridianGrid accounts, including user name, last name, email address, Firebase authentication identifier, subscription or workspace membership, account membership, role, status, invitation email address, invitation role, invite status, and related timestamps.
Workspace, account, and configuration information
We store customer-configured workspace information such as subscription name, account name, source definitions, connected platform names, selected report types, source identifiers, advertiser or remote account identifiers, field definitions, custom fields, semantic mappings, saved dashboard or explore views, export configuration, schedules, deletion requests, job status, and operational timestamps.
Customer data from connected platforms
When a customer connects a source, MeridianGrid imports and stores the data needed for that source and the reports the customer selects. Depending on the integration, this may include advertising performance data, campaign names and IDs, ad set and ad IDs, clicks, impressions, spend, conversions, conversion value, currency, country, device, landing page dimensions, spreadsheet headers and cell values, CRM object IDs and selected CRM properties, affiliate or partner conversion data, and other rows returned by the connected platform for the configured report.
Google Sheets sources can contain arbitrary spreadsheet content chosen by the customer. CRM and commerce integrations may contain personal data if the customer chooses to connect sources that include it. Customers are responsible for ensuring they have the rights and permissions to process the data they connect to MeridianGrid.
Credentials, OAuth tokens, and API keys
When a customer connects a third-party platform, MeridianGrid may store OAuth access tokens, refresh tokens, ID tokens, API tokens, basic-auth credentials, service account JSON, scopes, token expiry, provider account ID, project ID, client email, and related secret metadata. Secret values are stored server-side in managed secret storage. Public API responses are designed to return credential metadata, not raw token or secret material.
MeridianGrid also supports API keys for service access. We store API key names, scope, key prefix, key hash, status, creation time, last-used time, expiration time, and revocation time. We do not store the raw API key after creation.
Usage, logs, and diagnostics
We process operational information such as request activity, authentication method, API key usage time, ingestion jobs, export runs, query runs, queue message IDs, row counts, latency, data scanned, success and failure counts, error messages, and security or abuse-prevention signals. These records help operate, debug, secure, and measure the service.
Cookies and Browser Storage
MeridianGrid uses an essential backend session cookie for authenticated app sessions. The cookie is configured as an HttpOnly secure session cookie and is used to authenticate requests to the MeridianGrid API. Because it is HttpOnly, it is not available to JavaScript running in the browser.
The MeridianGrid app also uses browser storage for product functionality. Local storage may cache non-authoritative app/API data with an expiration time so screens can load efficiently. Session storage may temporarily remember OAuth flow state, such as the account being connected to Google Sheets, while the OAuth redirect completes.
We do not use these cookies or browser storage entries to sell personal data or to run third-party advertising. If we add non-essential analytics, advertising, or tracking cookies later, we will update this policy and provide any required controls.
How We Use Information
- Provide the MeridianGrid service, including authentication, account administration, source connections, ingestion, transformations, analytics queries, exports, schedules, and deletion workflows.
- Validate, refresh, and use connected credentials only for integrations and destinations configured by the customer.
- Show product metadata such as connected account names, report schemas, fields, source status, job progress, saved views, and export status.
- Secure the service, prevent abuse, enforce access controls, verify sessions, audit API key use, and investigate errors or unauthorized activity.
- Provide customer support, troubleshoot reliability issues, and communicate service or account notices.
- Improve product quality, performance, and reliability using operational metrics and aggregated usage information.
- Comply with legal obligations, enforce agreements, and protect the rights and safety of MeridianGrid, customers, users, and others.
Connected Platform Data
MeridianGrid accesses third-party platform data only after a customer authorizes or configures the connection. The exact data accessed depends on the platform, the permissions granted, and the sources, report types, date ranges, fields, and destinations selected by the customer.
For advertising platforms such as Meta Ads, Google Ads, and Search Ads 360, MeridianGrid is designed to process reporting and performance data for configured ad accounts and reports. For Google Sheets, MeridianGrid may read spreadsheet metadata and selected sheet values, and may write exported data to spreadsheets the customer configures. For CRM, affiliate, commerce, warehouse, or future integrations, MeridianGrid processes the categories of data needed to run the integration selected by the customer.
Google API Services User Data
If you connect a Google account, MeridianGrid may request Google OAuth permissions such as openid, email, profile, and Google Sheets access. MeridianGrid uses Google user data to identify the connected Google account, read spreadsheet metadata and selected spreadsheet values, validate selected spreadsheets or tabs, refresh authorized access, and write customer-configured exports to Google Sheets.
MeridianGrid does not sell Google user data. MeridianGrid does not use Google user data for advertising. MeridianGrid does not use Google user data to train generalized AI or machine learning models. MeridianGrid's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
How We Share Information
We do not sell customer data. We share information only as needed to operate MeridianGrid, provide integrations requested by customers, comply with law, or protect rights and safety.
- Infrastructure and operations providers, including cloud hosting, databases, storage, queues, logging, secret storage, monitoring, and security services.
- Authentication providers used to sign users in and verify sessions.
- Email or messaging providers used for service notices, invitations, and support communications.
- Third-party platforms and destinations that customers choose to connect, but only to perform the requested import, refresh, validation, query, or export.
- Professional advisers, authorities, or other parties where required by law or necessary to enforce agreements or protect MeridianGrid, customers, users, or others.
Security
We use administrative, technical, and organizational safeguards designed to protect customer data. These include account-based access controls, subscription and account membership checks, server-side session verification, API key hashing, server-side secret storage, limited credential exposure in API responses, and operational controls for background jobs and deletion workflows.
No internet service can guarantee perfect security. Customers should use strong authentication, limit access to authorized team members, remove users who no longer need access, and revoke third-party credentials that should no longer be used.
Retention and Deletion
We retain account, workspace, integration, customer data, logs, and operational records for as long as needed to provide the service, maintain security and auditability, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type, customer configuration, backup cycle, and legal or operational need.
Customers may request deletion of account data, connected credentials, integration metadata, or customer data by contacting us. Where deletion is supported by the product, we delete or disconnect the requested data from active systems, subject to legal, security, backup, and operational retention limits. Third-party platform access can also be revoked directly in the relevant platform's app or account settings.
International Processing
MeridianGrid and its service providers may process information in countries other than where you are located. When we transfer personal data internationally, we use safeguards appropriate to the data and transfer, as required by applicable law.
Your Choices and Rights
Depending on your location and relationship with MeridianGrid, you may have rights to access, correct, delete, export, restrict, or object to certain processing of personal data. Customers can also manage team access, remove users, delete credentials, disconnect sources, revoke API keys, and request data deletion.
If your data was processed by MeridianGrid on behalf of a MeridianGrid customer, please contact that customer first. We may need to route requests through the customer because they control the connected sources and customer data they process with MeridianGrid.
Children
MeridianGrid is a business service and is not directed to children. We do not knowingly collect personal data from children.
Changes to This Policy
We may update this Privacy Policy as MeridianGrid, our integrations, or legal requirements change. The updated version will be posted on this page with a new last updated date.
Contact
For privacy questions, data requests, or deletion requests, contact integrations@meridiangrid.io.