Independently verified · May 2026

Your data is A+ encrypted - and you don't have to take our word for it.

Every scanner below is run by a third party. Click any badge to re-run the scan against the live Meridian infrastructure - no login required, no cooperation from us needed.

A+

SSL Labs

TLS & transport encryption. A+ on all 4 Meridian domains · TLS 1.3 · HSTS preload.

Verify on ssllabs.com →
A+

Mozilla Observatory

Web security headers. A+ on marketing surfaces (125/130) · app surface upgrading to A+ Q3.

Verify on mozilla.org →

AES-256 at rest

Every document, every database row, every backup · rotating keys.

Multi-tenant isolation

PIPEDA · BC PIPA · GDPR. Tenant-id enforced on every query - Firm A can't see Firm B's data.

Our iron-clad data promise

Your client data is yours. Period.

The #1 concern every RCIC has before adopting new technology. We built Meridian around this principle from day one.

  • We will never copy, store, or access your client information without your explicit written permission.
  • Your client conversations belong to you and your firm alone. We understand the CICC Code of Professional Conduct and the rules around consultant-client privilege.
  • Even our own engineering team cannot view your data without your written authorization.
  • When you subscribe, you control exactly who sees what. Full stop.

Never shared. With anyone.

Your client data is never shared with third parties. Not advertisers. Not analytics companies. Not partners. Not anyone.

Consent-gated access

Documents encrypted at rest with per-tenant keys (AES-256-GCM, HKDF-derived). Staff access requires an owner-approved consent session with one-click revoke - every action audit-logged.

CICC & RCIC compliant

Built to meet the CICC Code of Professional Conduct and RCIC regulatory requirements. Compliance baked into every layer.

100% data ownership

Export anytime. Delete anytime. Cancel anytime and everything goes with you. No lock-in contracts, no hostage games.

Encrypted at every step

TLS 1.3 in transit, AES-256 at rest. Tenant-level encryption keys. No cross-contamination between firms. Ever.

PIPEDA compliant

Fully compliant with PIPEDA's 10 fair information principles and provincial privacy legislation, including BC and Alberta PIPA.

Where we stand

Honest compliance status.

What's in place today, and what's on the roadmap - labelled plainly.

72-hour breach notification Annual security audits CASL compliant SOC 2 Type II · roadmap (target Q4 2026) Architected for 99.9% uptime · no formal SLA during beta

Read our complete Privacy Policy, Terms of Service, or browse the full Legal & Trust Center.

Questions about your data? Ask directly.

Security is the first thing every RCIC asks about. We'll walk you through tenant isolation, audit logs, and the data-export tooling on a real account.

Request a Demo

Tell us about your practice. We'll set up a 30-minute walkthrough showing Meridian on a real case.

Thank you!

We've received your request and will be in touch shortly.