Privacy Policy

Effective Date: May 1st, 2025

1. Introduction

Arca Global Health Inc., doing business as Meridian ("Meridian," "we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered visualization platform ("the Service").

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, phone number, date of birth

• Profile Data: Preferences, goals, aesthetic interests

• Payment Information: Billing details, payment method (processed securely by third parties)

• Communication Records: Messages, support tickets, feedback

2.2 Photo and Biometric Data

• Uploaded Photos: Images you provide for visualization

• Facial Analysis Data: 3D mesh mapping, facial measurements, feature identification

• Generated Content: AI-created visualizations and modifications

• Usage Patterns: How you interact with visualizations and features

2.3 Technical Information

• Device Data: Device type, operating system, browser information

• Usage Analytics: App interactions, feature usage, session duration

• Location Data: IP address, general geographic location (if permitted)

• Performance Data: Load times, errors, technical diagnostics

2.4 Social and Sharing Data

• Shared Content: Visualizations shared with contacts

• Social Interactions: Comments, ratings, feedback on shared content

• Contact Lists: Friends/family you choose to share with (with consent)

• Professional Interactions: Communications with aesthetic professionals

3. How We Use Your Information

3.1 Service Provision

• Generate AI-powered visualizations of your photos

• Provide personalized recommendations and content

• Facilitate connections with aesthetic professionals

• Process payments and manage subscriptions

• Provide customer support and respond to inquiries

3.2 Service Improvement

• Improve AI algorithms and visualization quality

• Develop new features and functionality

• Analyze usage patterns to enhance user experience

• Conduct research and analytics (aggregated and anonymized)

• Test and optimize Service performance

3.3 Communication

• Send Service updates and important notices

• Provide promotional offers and new feature announcements

• Share educational content related to aesthetic procedures

• Respond to support requests and feedback

3.4 Safety and Security

• Verify user identity and prevent fraud

• Detect and prevent misuse of the Service

• Comply with legal obligations and law enforcement requests

• Protect intellectual property rights

4. Information Sharing and Disclosure

4.1 With Your Consent

• Content shared with contacts you specifically choose

• Information shared with professionals you connect with

• Third-party integrations you explicitly authorize

• Marketing communications you opt into

4.2 Service Providers

We may share information with trusted third parties who assist us:

• Cloud Storage Providers: Secure data storage and backup

• Payment Processors: Billing and payment handling

• Analytics Services: Service improvement and optimization

• Customer Support: Help desk and communication tools

• Security Services: Fraud prevention and data protection

4.3 Business Transfers

Information may be transferred in connection with:

• Merger, acquisition, or sale of assets

• Corporate restructuring or reorganization

• Bankruptcy or similar proceedings

• Users will be notified of any such transfers

4.4 Legal Requirements

We may disclose information when required by:

• Valid legal process or court order

• Law enforcement requests with proper authority

• Protection of our rights, property, or safety

• Prevention of fraud or illegal activity

• Compliance with regulatory requirements

4.5 Aggregated Data

We may share anonymized, aggregated data that cannot identify individuals:

• Industry reports and research

• Service improvement analytics

• Marketing and promotional materials

• Academic or scientific research

5. Data Security

5.1 Security Measures

• Encryption: Data encrypted in transit and at rest

• Access Controls: Limited access on need-to-know basis

• Authentication: Multi-factor authentication for sensitive operations

• Monitoring: Continuous security monitoring and threat detection

• Regular Audits: Security assessments and vulnerability testing

5.2 Photo Security

• Photos processed in secure, isolated environments

• Automatic deletion of processed images after specified periods

• No human review of photos except for reported violations

• Facial analysis data stored separately from identifiable information

5.3 Incident Response

• Established procedures for security incident response

• Prompt notification of users in case of data breaches

• Cooperation with law enforcement when appropriate

• Regular security training for employees

6. Your Privacy Rights

6.1 Access and Control

• Account Access: View and update your account information

• Data Portability: Download your data in common formats

• Sharing Controls: Manage who can see your content

• Communication Preferences: Control promotional communications

6.2 Data Rights (GDPR and Similar Laws)

• Right to Access: Request copies of your personal data

• Right to Rectification: Correct inaccurate information

• Right to Erasure: Request deletion of your data

• Right to Restrict Processing: Limit how we use your data

• Right to Object: Opt out of certain data processing

• Right to Data Portability: Transfer data to another service

6.3 California Privacy Rights (CCPA)

California residents have additional rights:

• Know what personal information is collected

• Know whether personal information is sold or disclosed

• Say no to the sale of personal information

• Access personal information

• Equal service and price regardless of privacy choices

6.4 Exercising Your Rights

To exercise privacy rights:

• Use in-app privacy controls and settings

• Contact us at contact@trymeridian.co

• Submit requests through our privacy portal

• Verify identity for security purposes

7. Data Retention

7.1 Retention Periods

• Account Data: Retained while account is active plus 2 years

• Photos: Deleted after 365 days unless saved by user

• Generated Visualizations: Retained per user settings

• Usage Analytics: Aggregated data retained indefinitely

• Legal Compliance: Some data retained as required by law

7.2 Deletion Process

• Automatic deletion based on retention schedules

• User-initiated deletion through account settings

• Secure destruction methods for all deleted data

• Some backup copies may persist for limited periods

8. International Data Transfers

8.1 Global Service

• Service operates globally with data processing in multiple countries

• Data may be transferred to countries with different privacy laws

• Appropriate safeguards implemented for international transfers

• Users consent to such transfers by using the Service

8.2 Transfer Safeguards

• Standard contractual clauses for data protection

• Adequacy decisions from relevant authorities

• Certification schemes and codes of conduct

• Regular review of transfer mechanisms

9. Children's Privacy

9.1 Age Restrictions

• Service not intended for children under 18

• We do not knowingly collect data from children

• Parental consent required for users under 18

• Immediate deletion if child data discovered

9.2 Parental Rights

Parents of minor users may:

• Review their child's information

• Request deletion of child's data

• Refuse further collection of child's information

• Contact us with privacy concerns

10. Third-Party Services

10.1 External Links

• Service may contain links to third-party websites

• This Privacy Policy does not apply to external sites

• Users should review third-party privacy policies

• We are not responsible for third-party practices

10.2 Professional Services

• Aesthetic professionals have their own privacy policies

• Information shared with professionals is subject to their policies

• We recommend reviewing professional privacy practices

• Professional services are independent of Meridian

11. Changes to Privacy Policy

11.1 Updates

• Privacy Policy may be updated periodically

• Material changes will be prominently notified

• Continued use constitutes acceptance of changes

• Previous versions available upon request

11.2 Notification Methods

• Email notification to registered users

• In-app notifications and alerts

• Website posting of updated policy

• Push notifications for significant changes

12. Contact Information

12.1 Privacy Questions

For privacy-related questions or concerns:

• Legal Entity: Arca Global Health Inc. (dba Meridian)

• Email: contact@trymeridian.co

• Mail: 169 Madison Ave STE 15152, New York, NY 10016

• Phone: [Insert Phone Number]

12.2 Data Protection Officer

Our Data Protection Officer can be reached at:

• Email: contact@trymeridian.co

• Mail: 169 Madison Ave STE 15152, New York, NY 10016

12.3 Regulatory Authorities

Users may also contact relevant data protection authorities:

• EU users: Local data protection authority

• UK users: Information Commissioner's Office (ICO)

• California users: California Attorney General's Office

13. Additional Jurisdictional Information

13.1 European Union

• Lawful basis for processing under GDPR Article 6

• Special category data processed under Article 9

• Representative in EU: [Insert Details if Required]

• Transfer mechanisms comply with Chapter V

13.2 United Kingdom

• Processing complies with UK GDPR and Data Protection Act 2018

• Representative in UK: [Insert Details if Required]

• Transfer mechanisms comply with UK adequacy decisions

13.3 Other Jurisdictions

• Compliance with local privacy laws where Service is offered

• Local representatives appointed where required

• Regular review of jurisdictional requirements

Last Updated: May 1st, 2025

This Privacy Policy is designed to be comprehensive and compliant with major privacy regulations. Please have it reviewed by qualified legal counsel before implementation.