Last reviewed

June 2026

Currently in effect

This Data Processing Agreement (“DPA”) supplements the Terms of Service between Customer (“Controller”) and Meridian (“Processor”) and governs Meridian’s processing of personal data contained within Customer Content routed through the API in the course of providing the contracted services. In the event of any conflict between this DPA and the Terms of Service with respect to the processing of personal data, this DPA shall govern.

Subprocessors

Meridian may engage subprocessors, including third-party inference providers, cloud infrastructure vendors, and telemetry-storage providers, to assist in delivering the contracted services. Meridian maintains a current list of subprocessors available to Customer upon request and will provide notice of any new subprocessor at least fourteen (14) days prior to engagement, during which Customer may object on reasonable data-protection grounds. All subprocessors are bound by data protection obligations no less protective than those set forth in this DPA.

Cross-Border Transfers

Where Customer Content is transferred outside the jurisdiction in which it originated, including transfers necessitated by Meridian’s multi-region edge routing architecture, such transfers will be governed by Standard Contractual Clauses or another legally recognized transfer mechanism applicable to the originating jurisdiction. Customer may specify regional routing constraints at the account or tenant level to limit the jurisdictions through which its requests are routed, subject to the latency and failover tradeoffs disclosed in the applicable documentation.

Security Audits

Meridian maintains a security program aligned with industry-standard frameworks and undergoes independent third-party security audits on at least an annual basis. Summary audit reports, including current SOC 2 Type II reporting where applicable, are made available to Customer under a mutual non-disclosure agreement upon written request. Customer may request a security questionnaire response or, for Enterprise-tier accounts, a scheduled audit call with Meridian’s security team, subject to reasonable scheduling and frequency limitations set forth in the applicable order form.

This DPA remains in effect for the duration of the underlying Terms of Service and survives termination to the extent necessary to govern the secure deletion or return of Customer Content as described in the Terms.

Questions?

For clarification on this document, contact our legal team at legal@meridian.dev.

Ready to route your first payload?

Get your first API key and start routing production traffic today.

Aquire $129

Aquire $129

Aquire $129

Create a free website with Framer, the website builder loved by startups, designers and agencies.