Meridian Platform – Enterprise Privacy Policy

Applies to the Meridian Platform administrative portal, the Meridian Member Mobile App and any white-labeled member mobile app (including the app distributed for Genesis), the meridianplatform.com website, and related services.
Effective Date: March 1, 2026 | Last Updated: May 16, 2026 Provider: Meridian Platform LLC, a Florida limited liability company (“Meridian Platform,” “Meridian,” “we,” “us,” or “our”)
Canonical URL: https://meridianplatform.com/privacy-policy.html | Contact: info@meridianplatform.com

1. Scope

This Privacy Policy describes how Meridian Platform LLC, a Florida limited liability company, collects, uses, discloses, retains, and protects information through the Meridian Platform, including the web-based administrative portal (the “Portal”), the Meridian Member Mobile App and any white-labeled instance of that mobile application (collectively, the “Mobile App”), the meridianplatform.com website, application programming interfaces, notifications, support channels, and related services (collectively, the “Platform”).

The Mobile App may be distributed under a customer organization’s brand. For example, the Mobile App may appear in the Apple App Store and Google Play under the Genesis brand. This Privacy Policy applies to those white-labeled instances as well, because Meridian Platform is the operator of the Mobile App and the entity that collects and processes information through it.

This Privacy Policy is intended to be the single canonical privacy disclosure linked from the Apple App Store and Google Play listings for the Mobile App, from the meridianplatform.com website, and from any white-label client website that links to the Mobile App.

2. Our Role; Relationship with Customer Organizations

Meridian Platform provides the Platform to customer organizations such as brokers, plan administrators, third-party administrators, healthcare providers, consultant pharmacists, insurance carriers, and employers (each, a “Customer Organization”). A Customer Organization’s name, logo, or branding may appear within the Platform or the Mobile App where the Platform has been white-labeled for that Customer Organization.

Meridian Platform — Privacy Policy | Attorney-review draft | Confidential | Page 2 of Depending on the context, a Customer Organization may determine why and how certain information is processed, and Meridian Platform may process information as a service provider, processor, subcontractor, or business associate. Where a Customer Organization controls a user account or records, certain privacy requests may need to be coordinated with that Customer Organization.

Where HIPAA applies, the applicable Notice of Privacy Practices and Business Associate Agreement (“BAA”) issued by the Customer Organization may also govern use and disclosure of Protected Health Information (“PHI”), and the BAA controls Meridian Platform’s use and disclosure of PHI to the extent it conflicts with this Privacy Policy.

3. Information We Collect or Process

3.1 Account and Identity Information

Name, email address, phone number where provided, username, encrypted password or other authentication credentials, organization affiliation, role, permissions, account status, preferences, and support contact details.

3.2 Member, Enrollment, Benefit, and Claims Information

Member identifiers, plan or eligibility information, enrollment details, claim records, claim status, provider information, service details, settlement or reimbursement information, and related administrative notes.

3.3 Uploaded Documents and Communications

Claim forms, receipts, prescriptions, invoices, enrollment documents, messages, support requests, attachments, and other information submitted by Authorized Users or Customer Organizations.

3.4 System, Security, and Usage Information

Login activity, IP address, device type, operating system, browser or app version, session records, audit trails, access logs, feature usage, error logs, crash reports, diagnostics, and security events.

4. App-Specific Data Collection (Mobile App)

This section describes what the Mobile App collects, processes, and shares. It is kept consistent with Apple App Privacy disclosures and the Google Play Data safety form. If the build, third- party SDK inventory, or feature set changes, this section and the app-store disclosures will be updated together.

4.1 Data the Mobile App Collects

Category What is collected Purpose
Account information Name, email, member identifier, access organization, role, login credentials, authentication status Account creation, sign-in, access control, support, security, and member workflow administration
Health, claims, benefit, and enrollment information Claim status, service details, provider details, plan/member records, documents users upload or Customer Organizations provide Claims administration, benefit workflow support, member support, and secure communications
User-submitted documents and media Images, PDFs, receipts, prescriptions, forms, or other files the user selects To upload documentation for claims, enrollment, support, or related administrative workflows
Device and app diagnostics Device model, operating system, app version, IP address, crash logs, error logs, performance data Security, fraud prevention, troubleshooting, debugging, reliability, and app improvement
Push notification data Push token, notification preferences, delivery metadata To send account, security, claim, support, or service notifications

4.2 Data the Mobile App Does Not Collect

The Mobile App does not collect or use the following data unless this Privacy Policy and the corresponding app-store disclosures are updated in advance:

  • precise or approximate device location;
  • device contacts or address book;
  • advertising identifiers used for cross-app tracking or targeted advertising;
  • full payment card numbers (no in-app card payments are processed by Meridian Platform);
  • biometric templates (device-level biometric unlock, where offered, is handled entirely by the device operating system; Meridian Platform does not receive or store biometric data);
  • microphone or audio recordings;
  • health-sensor data from HealthKit, Google Fit, or similar SDKs.

4.3 Permissions the Mobile App Requests

Where the Mobile App offers features that require operating-system permissions, the permission is requested at the moment the user invokes the feature and a purpose string is shown. Typical permissions include:

  • Camera and photo library — only when the user chooses to upload a document, receipt, prescription, or photo of a claim form;
  • Files — only when the user chooses to upload a file from device storage or a cloud drive;
  • Notifications — only if the user opts in to receive push notifications;
  • Device-level biometric unlock — only if the user enables in-app biometric sign-in. Permissions may be revoked at any time in the device operating-system settings.

5. How We Collect Information

  • Directly from Authorized Users when they create an account, submit forms, upload documents, send messages, request support, or use Platform features;
  • From Customer Organizations that authorize access, configure accounts, provide member or claims data, or administer benefit workflows;
  • Automatically through the Platform, including logs, cookies or similar website technologies, app diagnostics, device data, and security monitoring;
  • From integrated systems and authorized third parties, such as identity providers, claims systems, hosting providers, notification services, support tools, and Customer- Organization-designated integrations.

6. How We Use Information

We use the information described above to:

  • provide, operate, maintain, secure, and support the Platform;
  • create and manage accounts, authenticate users, assign permissions, and prevent unauthorized access;
  • support healthcare claims administration, enrollment administration, document management, communications, and related workflows;
  • deliver app notifications, service messages, security alerts, support responses, and operational communications;
  • monitor system performance, fix bugs, improve reliability, maintain audit logs, and detect misuse or fraud;
  • comply with legal, regulatory, contractual, audit, tax, accounting, security, and dispute- resolution obligations;
  • enforce applicable terms, Customer Organization agreements, privacy obligations, and security requirements.

7. HIPAA, PHI, and Sensitive Data

The Platform may process PHI and other sensitive information. Where HIPAA applies, Meridian Platform will use and disclose PHI only as permitted by the applicable BAA, Customer Organization instructions, and law. Customer Organizations are responsible for determining whether they have authority to disclose PHI to the Platform and for configuring appropriate user access.
Authorized Users should not submit sensitive personal information unless it is necessary for a legitimate Platform purpose and they are authorized to provide it.

8. How We Share Information

We do not sell personal information or Customer Data, and we do not share personal information or Customer Data for cross-context behavioral advertising.

We may share information as needed to provide and secure the Platform, comply with obligations, and support authorized workflows, including with:

  • Customer Organizations and their authorized users, based on configured permissions and workflow needs;
  • authorized participants involved in claims, enrollment, benefit administration, or member support, such as brokers, plan administrators, healthcare providers, carriers, consultant pharmacists, and service administrators;
  • service providers and subprocessors that host, secure, analyze, support, monitor, or maintain the Platform under contractual confidentiality and security obligations;
  • integrated third-party systems designated or approved by a Customer Organization;
  • government, regulatory, law-enforcement, or legal-process recipients where required or permitted by law;
  • professional advisors, insurers, auditors, and transaction counterparties in connection with legal, compliance, financing, merger, acquisition, or corporate transactions, subject to confidentiality.

9. Account Deletion and Data Deletion Requests

If you created an account on the Platform, you may request deletion of that account through any of the paths below.

9.1 How to Request Account Deletion

  • In the Mobile App: Settings → Delete Account.
  • Via Email: View account-deletion for instructions
  • Through your Customer Organization: If your account was issued by an employer, plan administrator, broker, provider, or other Customer Organization, that organization may also need to be involved to validate authority, preserve required records, or terminate access.

9.2 Verification and Processing

We may need to verify the request, confirm authority, coordinate with the applicable Customer Organization, and preserve information needed for security, fraud prevention, claims administration, legal compliance, audit, dispute resolution, or contractual obligations. If we deny or limit a deletion request, we will provide an explanation where required by law.

9.3 Data That May Remain After Deletion

Deleting an account does not necessarily delete all claims, healthcare, enrollment, transaction, audit, backup, or Customer-Organization-controlled records. Some records may be retained where required or permitted by law, HIPAA, plan administration obligations, Customer Organization contracts, security needs, fraud prevention, financial reporting, audit requirements, dispute resolution, or backup integrity. Where retained, access will be restricted and data will be retained only as necessary for the applicable purpose.

Uninstalling the Mobile App is not the same as deleting your account. To delete the account itself, use one of the paths above.

10. Retention

We retain information for as long as necessary to provide the Platform, support Customer Organizations, maintain claims administration records, comply with legal and regulatory requirements, enforce agreements, resolve disputes, maintain security, and preserve audit logs. Retention periods vary based on data type, Customer Organization instructions, legal obligations, and whether the data is PHI, claims data, account data, logs, backups, or support data.

11. Security

Meridian Platform uses commercially reasonable administrative, technical, and physical safeguards designed to protect information processed through the Platform. These safeguards may include access controls, encryption in transit and at rest where appropriate, logging and monitoring, secure hosting practices, least-privilege access, incident response procedures, and vendor security controls.

No method of transmission or storage is completely secure. Where required by law or contract, Meridian Platform will notify affected Customer Organizations of a security incident affecting their data without undue delay, in accordance with applicable BAA and law.

12. Cookies and Website Technologies

The meridianplatform.com website may use cookies, pixels, local storage, server logs, and similar technologies for site functionality, security, analytics, support, preference management, and performance. If marketing cookies, advertising pixels, or cross-context tracking technologies are added in the future, this Privacy Policy and any cookie banner or consent mechanism will be updated before deployment.

13. Your Choices

  • Update profile or account information in the Platform where available;
  • Control Mobile App permissions such as camera, photos, files, biometrics, and notifications through device operating-system settings;
  • Opt out of non-essential communications where required, or where the Platform provides an unsubscribe mechanism. Transactional communications related to account security or claim status may still be sent;
  • Request access, correction, or deletion under Section 9 or under applicable law (see Section 14).

14. State Privacy Rights (U.S.)

Depending on your state of residence, you may have rights under state privacy laws such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), and similar laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states. These rights may include:

  • the right to know what personal information is collected and how it is used and shared;
  • the right to access a copy of your personal information;
  • the right to request correction of inaccurate personal information;
  • the right to request deletion of personal information, subject to legal and operational exceptions;
  • the right to opt out of the sale or sharing of personal information (Meridian Platform does not sell personal information or share it for cross-context behavioral advertising);
  • the right not to receive discriminatory treatment for exercising any of these rights;
  • the right to designate an authorized agent to submit a request on your behalf.

To exercise these rights, contact us using Section 17. We will verify your identity and may need to coordinate with the applicable Customer Organization. Many records related to claims and benefits administration are controlled by a Customer Organization (which may be acting as the covered entity under HIPAA), and we will direct your request accordingly where appropriate.

HIPAA-protected information. Where your information is PHI, your rights are primarily governed by HIPAA and the applicable Customer Organization’s Notice of Privacy Practices, not the CCPA/CPRA or similar state privacy laws. Contact the applicable Customer Organization to exercise HIPAA rights.

15. Children

The Mobile App and the meridianplatform.com website are not directed to children under 13, and Meridian Platform does not knowingly collect personal information directly from children under 13 through the Mobile App or website. Where the Platform processes information about a covered dependent (including a minor) as part of authorized benefits or claims administration, that information is processed at the direction of, and under the authority of, the applicable Customer Organization, and is subject to applicable law (including HIPAA) and contractual safeguards.

16. International Processing

Information may be processed in the United States and other jurisdictions where Meridian Platform, Customer Organizations, service providers, or integrated systems operate. Where required, Meridian Platform will use appropriate contractual, technical, and organizational safeguards for cross-border transfers.

17. Changes to This Privacy Policy

Meridian Platform may update this Privacy Policy from time to time. Material changes may be communicated through the Platform, on the meridianplatform.com website, in the Mobile App, by email, or by another reasonable method. The “Effective Date” and “Last Updated” fields at the top of this Privacy Policy will be updated to reflect any changes. The most current version will be available at https://meridianplatform.com/privacy-policy.html.

18. Contact

Questions or requests about this Privacy Policy, privacy rights, account deletion, or data practices may be directed to:

Meridian Platform LLC
Email: info@meridianplatform.com
Web: https://meridianplatform.com
Mailing address: 110 Washington Avenue, Miami Beach, FL 33139, USA