Skip to content

Legal

Security Disclosure

Last updated May 2026

We welcome reports from security researchers. This policy explains how to report a vulnerability responsibly, what’s in scope, and the safe-harbor protections you have when you act in good faith.

Report to

security@meridiancloud.app

In scope

App, API, mobile app, and meridiancloud.app sites

Safe harbor

Good-faith research is authorized and protected

Response

Acknowledged within a few business days

1. Reporting a vulnerability

If you believe you have found a security vulnerability in Meridian Cloud, please report it to security@meridiancloud.app. Include enough detail for us to reproduce the issue: affected URL or endpoint, steps to reproduce, and any proof-of-concept.

Please report privately and give us a reasonable opportunity to fix the issue before any public disclosure. Do not share the details with others until we confirm it is resolved.

2. Our commitment

We will acknowledge your report, keep you updated on our progress, and let you know when the issue is resolved. We aim to acknowledge new reports within a few business days.

We will not pursue or support legal action against researchers who act in good faith and follow this policy.

3. Scope

In scope: the Meridian Cloud application, the API, the mobile app, and our customer-facing marketing and documentation sites under meridiancloud.app.

Out of scope: denial-of-service attacks, social engineering or phishing of our staff or customers, physical attacks, spam, issues in third-party services we do not control, and findings that require a compromised device or already-privileged account.

4. Safe harbor

Activity conducted in line with this policy is considered authorized. We will not treat good-faith research as a violation of our terms, and we will work with you to understand and resolve the issue quickly.

To stay in safe harbor: only interact with accounts you own or have explicit permission to test, do not access or modify other customers’ data, avoid privacy violations and service disruption, and do not exfiltrate data beyond the minimum needed to demonstrate the issue.

5. Guidelines

Use test data wherever possible. Stop testing and report immediately if you encounter any personal data belonging to another customer.

Do not run automated scanners at a volume that degrades the Service. Do not attempt to access, alter, or destroy data that is not yours.

6. Security contact

Email security@meridiancloud.app for all security reports and questions. For general privacy inquiries, use privacy@meridiancloud.app.

This is a plain-language policy for an early-access product and is not a substitute for legal advice. It does not create a formal bug-bounty program or guarantee a reward. For how we handle your data, see our Privacy Policy and Data Processing Addendum.