Privacy Policy

Meridian Capital Partners LLC, a Delaware limited liability company doing business as Meridian Nexus Labs ("Meridian," "we," "us," or "our"), is committed to protecting the privacy and security of the personal information we collect and process. This Privacy Policy describes how we collect, use, disclose, retain, and protect information in connection with the Meridian Nexus Labs Intelligence API, the website located at meridiannexus.io, and all related services (collectively, the "Service").

This Privacy Policy applies to all users of the Service, including visitors to our website, applicants to the Partner Alliance, registered API users, and any other individuals whose personal information we process in connection with the Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy should be read in conjunction with our Terms of Service. Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in the Terms of Service.

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you interact with the Service. This includes:

Partner Alliance Applications. When you submit an application to join the Partner Alliance, we collect your name, professional email address, organizational affiliation, job title, and a description of your intended use case. We may also collect additional information necessary to evaluate your application, including professional references, organizational credentials, and regulatory registrations.

Account Information. When you register for API access, we collect the information necessary to create and manage your account, including your name, email address, organizational affiliation, and billing information (if applicable).

Communications. When you contact us by email, through the Service, or by any other means, we collect the content of your communications and any information you choose to provide.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information about your device and usage, including:

API Usage Data. We log all API requests, including the endpoint accessed, request parameters, timestamp, API key used, response time, response status code, and the IP address from which the request originated. This data is essential to the operation of the Custody Journal and the Evidence Envelope integrity verification system.

Device and Browser Information. When you visit our website, we collect information about your device, including your IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.

Usage Information. We collect information about how you interact with our website, including pages viewed, time spent on pages, navigation paths, referring URLs, and click patterns.

Cookies and Similar Technologies. We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity. See Section 8 (Cookies and Tracking Technologies) for more information.

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including publicly available blockchain data, partner organizations within the Alliance, professional networking platforms, and identity verification services. We use this information to verify your identity, evaluate Partner Alliance applications, and improve the accuracy of our intelligence products.

We use the information we collect for the following purposes:

We do not use your personal information for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, except to the extent necessary for fraud detection and prevention in connection with the Service.

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers. We share information with third-party service providers who perform services on our behalf, including cloud hosting providers, analytics services, email delivery services, and payment processors. These service providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.

Partner Alliance Members. In the course of coordinated recovery efforts, we may share limited operational information with other Partner Alliance members, subject to the TLP classification restrictions described in the Terms of Service. We will not share your personal contact information with other Alliance members without your consent.

Legal and Regulatory Compliance. We may disclose your information to law enforcement agencies, regulators, courts, or other governmental authorities when we believe in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Meridian, our users, or the public.

Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your information may be transferred to the acquiring entity or successor, subject to the commitments made in this Privacy Policy.

With Your Consent. We may share your information with third parties when you have given us your explicit consent to do so.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements.

The Custody Journal and Evidence Envelope records are retained indefinitely because they serve as the authoritative evidentiary record of the Service's output. These records may be required for legal proceedings, regulatory inquiries, or public verification for an indeterminate period. The indefinite retention of these records is necessary for the legitimate operation of the Service and the protection of the legal rights of Meridian, its partners, and the victims of cryptocurrency fraud.

We implement and maintain commercially reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, disclosure, and destruction. These measures include:

Encryption. All data transmitted between your systems and the Service is encrypted using TLS 1.2 or higher. API credentials are stored using industry-standard cryptographic hashing. Evidence Envelope integrity hashes are computed using SHA-256.

Access Controls. Access to personal information is restricted to authorized personnel who require access to perform their job functions. All access is logged and auditable.

Infrastructure Security. The Service is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certified data centers. We employ network segmentation, intrusion detection systems, and regular vulnerability assessments.

Incident Response. We maintain an incident response plan that includes procedures for detecting, containing, investigating, and remediating security incidents. In the event of a data breach that affects your personal information, we will notify you and the relevant supervisory authorities in accordance with applicable law.

While we take reasonable precautions to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

7.1 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

Right of Access. You have the right to request a copy of the personal information we hold about you.

Right to Rectification. You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

Right to Erasure. You have the right to request that we delete your personal information, subject to certain exceptions. Please note that we may be unable to delete Custody Journal and Evidence Envelope records due to their evidentiary function and legal retention requirements.

Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal information in certain circumstances.

Right to Data Portability. You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller.

Right to Object. You have the right to object to the processing of your personal information based on our legitimate interests.

Right to Withdraw Consent. Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may request additional information to verify your identity before processing your request.

7.2 Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA"):

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purposes for collecting the information, and the categories of third parties with whom we shared the information.

Right to Delete. You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions.

Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing. We do not sell or share your personal information as those terms are defined under the CCPA.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, please contact us at [email protected] or call us at the number provided in Section 14. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf by providing written authorization.

7.3 Rights Under Other Jurisdictions

If you are located in a jurisdiction that provides additional privacy rights (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or other U.S. states with comprehensive privacy legislation), we will honor the applicable rights provided by your jurisdiction's law. Please contact us at [email protected] to exercise your rights.

We use cookies and similar tracking technologies to collect information about your browsing activity on our website. The types of cookies we use include:

We do not use advertising or marketing cookies. We do not engage in cross-site tracking or behavioral advertising.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you block strictly necessary cookies, you may not be able to access certain features of the Service. For more information about cookies and how to manage them, visit allaboutcookies.org.

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

If you are located in the EEA, the United Kingdom, or Switzerland, we will ensure that any transfer of your personal information to the United States is conducted in accordance with applicable data protection law. We rely on the following transfer mechanisms: (a) Standard Contractual Clauses approved by the European Commission; (b) the UK International Data Transfer Agreement or Addendum, as applicable; and (c) any other lawful transfer mechanism recognized under applicable law.

By using the Service, you acknowledge that your information will be transferred to and processed in the United States, which may have data protection laws that differ from those in your jurisdiction.

The Service processes publicly available blockchain data to generate intelligence products. This data includes blockchain transaction records, wallet addresses, smart contract interactions, and other information that is permanently and publicly recorded on distributed ledger networks.

Blockchain addresses and transaction data may, in certain circumstances, be linked to identified or identifiable individuals. To the extent that any blockchain data processed by the Service constitutes personal information under applicable law, we process such data on the basis of our legitimate interests in supporting the investigation and recovery of stolen digital assets, preventing and detecting fraud, and supporting law enforcement and regulatory compliance efforts.

We do not attempt to identify the individuals behind blockchain addresses except in the context of specific investigative engagements authorized by our partners and conducted in accordance with applicable law. Intelligence products that contain information potentially linked to identified individuals are classified under the Traffic Light Protocol and handled in accordance with the data handling requirements set forth in the Terms of Service.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that we have collected personal information from a child under 18, please contact us at [email protected].

Some web browsers transmit "Do Not Track" ("DNT") signals to the websites and other online services with which the browser communicates. There is currently no universally accepted standard for how companies should respond to DNT signals. We currently do not respond to DNT signals. However, as noted above, we do not engage in cross-site tracking or behavioral advertising.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our website with a revised "Last Updated" date and, where required by applicable law, by providing additional notice such as email notification or a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are located in the EEA and believe that our processing of your personal information violates applicable data protection law, you have the right to lodge a complaint with your local data protection supervisory authority.