Privacy Policy
Published for transparency and procurement review. For privacy & data protection inquiries, email privacy@meridianverity.com.
Meridian Verity Group LLC Privacy Policy
Evidence-first privacy posture for a no-tracking-by-default website and enterprise licensing workflows
| Document ID | MVG-PRIVACY-1.0.4 |
|---|---|
| Version | 1.0.4 |
| Effective date | 2026-02-21 |
| Status | Public |
| Classification | Website policy (B2B / procurement oriented) |
| Primary contact | privacy@meridianverity.com |
1. Plain-language summary (non-binding)
We built this site to run without analytics and advertising trackers by default.
We collect the minimum information needed to operate the site securely and respond to licensing / procurement inquiries.
We do not sell personal information.
Enterprise products and services are governed by the customer agreement and (where applicable) a Data Processing Addendum (DPA).
If something is unclear, we default to a conservative interpretation that protects people downstream and minimizes data exposure.
2. Who we are
“Meridian Verity Group”, “MVG”, “we”, “us”, and “our” refer to Meridian Verity Group LLC, a Wyoming limited liability company (“MVG”). For procurement KYB and anti‑phishing channels, see the company descriptor: /.well-known/mvg-company.json (automation envelope: /.well-known/mvg-company.dsse.json; detached signatures policy). Detached signature (PGP): /.well-known/mvg-company.json.asc.
Contact (privacy & data protection): privacy@meridianverity.com
3. Scope
This Policy applies to personal data we handle when you visit our website(s) we operate (the “Site”).
It also applies when you contact us (for example, licensing diligence, procurement, security reviews, or research collaboration).
If you use enterprise products, proofs, SDK/CLI tools, pilots, or other services we provide (the “Services”), additional terms may apply, including a DPA when we process personal data as a processor.
4. Definitions
“Personal Data” means information that identifies or relates to an identifiable natural person (or equivalent definition under applicable law).
“Customer Content” means data, content, or materials submitted to the Services by or on behalf of a customer.
“Evidence artifacts” means audit- or verification-oriented outputs such as receipts, reason codes, proofs, permits, or logs (which may include pseudonymous identifiers and cryptographic digests).
5. Information we collect
5.1 Information you provide
Business contact information (name, email, company, role, country).
Communications (messages you send us; attachments you provide).
Procurement and diligence information you choose to share.
Security report content you provide (reproduction steps, affected components, logs if safe).
Please do not send sensitive personal data (e.g., government IDs, health data) unless we explicitly request it and provide a secure channel.
5.2 Information collected automatically (site operations & security)
IP address, user agent, requested URLs, referrer (if provided), timestamps, and response codes.
Security and integrity signals used to detect abuse, prevent fraud, and maintain availability.
We do not deploy third-party advertising trackers and we do not run behavioral profiling on the Site by default.
5.3 Information processed in the Services (enterprise context)
Authorized user identifiers (e.g., admin/user email or ID).
Operational security and enforcement logs associated with permits, receipts, and fail-closed decisions.
Evidence artifacts that may contain pseudonymous identifiers and cryptographic commitments.
Customer Content to the extent it contains personal data (as configured and instructed by the customer).
We design for privacy-preserving verification where feasible (e.g., evidence handles and selective disclosure instead of broad payload disclosure). Evidence artifacts are designed to minimize personal data exposure and may rely on cryptographic commitments or pseudonymous identifiers where feasible.
6. How we use personal data
To operate, secure, and maintain the Site and Services.
To respond to licensing, procurement, and data protection inquiries.
To provide demos, evaluations, pilots, and partner engagements.
To prevent abuse, fraud, and unauthorized access.
To comply with legal obligations and enforce our rights.
We do not sell personal data. We do not use personal data for targeted advertising.
6.1 Model training / AI usage
Unless explicitly agreed in writing, we do not use confidential Customer Content to train generalized models.
We may use de-identified and aggregated operational metrics to improve reliability and security, to the extent permitted by law and contract.
7. Legal bases (EEA/UK/Switzerland where applicable)
Contract performance (to respond to requests and provide Services).
Legitimate interests (security, abuse prevention, business communications).
Legal obligations (compliance, recordkeeping).
Consent (only when required, such as optional cookies or marketing where applicable).
8. How we share personal data
Service providers (e.g., hosting/CDN, security tooling) under confidentiality and appropriate processing terms.
Professional advisors (legal, auditors) under confidentiality.
Authorities when required by law or to protect rights, safety, and security.
A successor entity in a merger, acquisition, or restructuring (subject to notice and applicable law).
We do not share personal data with third parties for their own marketing purposes.
9. Cookies and tracking
Our default posture is no tracking by default. See our Cookie Policy for details.
10. International transfers
We may process and store personal data in countries different from where you live.
Where required, we use appropriate transfer safeguards (for example, Standard Contractual Clauses) and apply contractual and technical protections.
11. Data retention
We retain personal data only as long as necessary for the purposes described in this Policy, including security and business recordkeeping.
Retention periods vary by data type and context (Site vs. enterprise Services). Enterprise retention may be specified in the customer agreement or DPA.
12. Security
We maintain an information security program designed to protect personal data and evidence artifacts against unauthorized access, disclosure, alteration, and destruction.
No system is perfectly secure. We design for adversarial review and fail-closed defaults in high-stakes contexts.
13. Your rights and choices
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing.
Where processing is based on consent, you may withdraw consent at any time.
If you are in a jurisdiction with opt-out rights (e.g., sale/sharing), note that we do not sell personal data.
To exercise rights: contact privacy@meridianverity.com.
14. Children
The Site and Services are not directed to children, and we do not knowingly collect personal data from children.
15. Changes to this Policy
We may update this Policy by posting an updated version on the Site and updating the “Last updated” date.
16. Contact
Privacy & data protection: privacy@meridianverity.com
Address: 30 N Gould St STE N, Sheridan, WY 82801.
Change log
v1.0.1 - Contact routing standardized to privacy@meridianverity.com.