What we collect, why, and what we never do.
Effective 2026-05-20
The short version
Meridian is a research product from Sosa Research. The site is public; signing in is optional and only required to save settings or use the chat analyst. We do not run advertising, behavioural tracking, or third-party data brokers.
What we collect when you sign in
Authentication is via Google. When you sign in we receive your name, email address, and profile image from Google. We record each sign-in event (email, provider, timestamp) for account security and abuse detection.
If you use the chat analyst, your messages and the model responses are stored against your account so the conversation persists across sessions. If you adjust model assumptions, zone overrides, or oracle preferences, those settings are stored against your account.
What the public site collects
You can browse Meridian without signing in. Like any web server, our hosting provider records standard request metadata (IP address, timestamp, user agent) for the operation and security of the site. These logs are retained on a short rolling window by the provider and are not used for profiling.
We use Vercel Analytics for aggregate page traffic. It does not set third-party cookies and does not identify individual visitors.
Cookies
We use a small number of first-party, strictly-necessary cookies — not for advertising or cross-site tracking. When you sign in, an encrypted session cookie keeps you authenticated as you move between pages; without it you would be signed out on every navigation. We may also set a short-lived cookie to protect sign-in against cross-site request forgery.
Because these cookies are strictly necessary to deliver a feature you have requested (signing in), they are exempt from prior-consent requirements under the GDPR/ePrivacy framework. We set no analytics, advertising, or profiling cookies. If you never sign in, we set no cookies of our own. You can clear or block cookies in your browser at any time; doing so will sign you out and disable saved settings and chat history.
How we use it
Sign-in data is used to authenticate you and to operate the features you have requested (saved settings, chat history). Sign-in event logs are used to detect abuse. Aggregate analytics tell us which surfaces are read, never which person is reading them.
We do not sell, rent, or share your account data with third parties. We do not use your chat history to train external models.
Service providers
The site is hosted on Vercel. The database is operated by Supabase. Authentication uses Google OAuth. Forecasting models call xAI (Grok) and Google (Gemini) APIs. Each provider processes only what is necessary to deliver the feature you have used.
Retention
Account settings and chat history persist until you ask us to delete them or delete your account. Sign-in event logs are kept for 90 days. Hosting-provider request logs follow the provider's standard retention.
Your rights
You can ask us what we hold about you, ask us to correct it, or ask us to delete it. Send the request through the contact page.
Changes
If this policy changes, the effective date at the top of the page will change with it. Material changes will be noted here.