Every scanner below is run by a third party. Click any badge to re-run the scan against the live Meridian infrastructure - no login required, no cooperation from us needed.
TLS & transport encryption. A+ on all 4 Meridian domains · TLS 1.3 · HSTS preload.
Verify on ssllabs.com →Web security headers. A+ on marketing surfaces (125/130) · app surface upgrading to A+ Q3.
Verify on mozilla.org →Every document, every database row, every backup · rotating keys.
PIPEDA · BC PIPA · GDPR. Tenant-id enforced on every query - Firm A can't see Firm B's data.
The #1 concern every RCIC has before adopting new technology. We built Meridian around this principle from day one.
Your client data is never shared with third parties. Not advertisers. Not analytics companies. Not partners. Not anyone.
Documents encrypted at rest with per-tenant keys (AES-256-GCM, HKDF-derived). Staff access requires an owner-approved consent session with one-click revoke - every action audit-logged.
Built to meet the CICC Code of Professional Conduct and RCIC regulatory requirements. Compliance baked into every layer.
Export anytime. Delete anytime. Cancel anytime and everything goes with you. No lock-in contracts, no hostage games.
TLS 1.3 in transit, AES-256 at rest. Tenant-level encryption keys. No cross-contamination between firms. Ever.
Fully compliant with PIPEDA's 10 fair information principles and provincial privacy legislation, including BC and Alberta PIPA.
What's in place today, and what's on the roadmap - labelled plainly.
Read our complete Privacy Policy, Terms of Service, or browse the full Legal & Trust Center.
Security is the first thing every RCIC asks about. We'll walk you through tenant isolation, audit logs, and the data-export tooling on a real account.