Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

PrivateMetrics Group Inc. (“PrivateMetrics,” “we,” “our”) is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, store, and share data when you use the Meridian platform, FundSim Lab, our website, and related services (the “Services”).

1. Information We Collect

a. Information You Provide

  • Account data: Name, email address, organization, role, and credentials when you register or request a demo
  • Contact form submissions: Name, email, organization, role, interest, and message content
  • Platform data: Portfolio data, fund information, documents, and configurations you upload to the Meridian platform
  • Lead capture: Name, email, and organization when accessing gated content such as platform previews

b. Automatically Collected Data

  • Usage data: Pages visited, features used, simulation parameters, and interaction patterns
  • Device data: Browser type, operating system, screen resolution, and device identifiers
  • Network data: IP address, approximate geographic location, and referring URL
  • Cookies: Session cookies for authentication and analytics cookies for service improvement (see Section 6)

2. How We Use Your Information

  • Provide, maintain, and improve the Services
  • Authenticate users and enforce access controls
  • Respond to inquiries and demo requests
  • Send service-related notifications (outage alerts, feature updates, billing)
  • Generate aggregated, anonymized analytics to improve platform performance
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and respond to lawful requests

3. Data Isolation & Security

We take the security of your data seriously. Key measures include:

  • Tenant isolation: Each organization's data is isolated via organization-scoped row security across all shared tables. No cross-tenant data access is possible. Dedicated deployment can be scoped per Enterprise engagement.
  • Encryption: Data is encrypted in transit (TLS); database encrypted at the cloud platform level; stored credentials encrypted with Fernet at the application level.
  • Access controls: Role-based access control (RBAC) with audit logging for all data access
  • Infrastructure: Hosted on SOC 2–audited cloud providers (Vercel, Railway) with platform-managed redundancy
  • AI data handling: Your data is never used to train AI models. AI features process data in real-time and do not retain inputs or outputs beyond the session.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Cloud hosting (Railway, Vercel), email delivery (Resend), and payment processing partners who are contractually bound to protect your data
  • Legal requirements: When required by law, regulation, legal process, or governmental request
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice
  • With your consent: When you explicitly authorize sharing with a third party

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. After account termination, you may request a data export within 30 days. We delete or anonymize your data within 90 days of termination unless retention is required by law. Contact form submissions and lead capture data are retained for up to 24 months.

6. Cookies & Tracking

We use the following categories of cookies:

  • Essential cookies: Required for authentication and core functionality (always active)
  • Analytics cookies: Help us understand how visitors use the site to improve the experience (can be opted out)

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences through your browser settings.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@privatemetrics.ai. We will respond within 30 days.

8. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

9. International Data Transfers

If you access the Services from outside the United States, your data may be transferred to and processed in the United States. We implement appropriate safeguards, including standard contractual clauses, to protect data transferred internationally.

10. Children's Privacy

The Services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification at least 30 days before taking effect. The “Last Updated” date at the top reflects the most recent revision.

12. Contact

For privacy-related inquiries, contact us at: