Privacy Policy.

This Privacy Policy ("Policy") describes how Meridian Dispatch ("Meridian Dispatch," "we," "us," or "our") collects, uses, discloses, retains, and otherwise processes information in connection with the Meridian Dispatch iOS application and any related services (collectively, the "Service").

By downloading, installing, accessing, or using the Service, you acknowledge that you have read, understood, and agree to this Policy and to our Terms of Service. If you do not agree, do not use the Service. Your continued use of the Service following any update to this Policy constitutes your acceptance of the updated Policy.

This Policy applies only to information processed by Meridian Dispatch. It does not apply to information processed by Apple, your email provider, or any other third party, including third parties whose links or services may be accessed through the Service.

For questions, contact: dispatch@meridiandispatch.com.

1. Acceptance and eligibility

You represent and warrant that:

• You are at least seventeen (17) years of age.
• You have the legal capacity to enter into a binding agreement.
• You will use the Service only for lawful, personal, non-commercial purposes consistent with these Terms.
• You will not forward to the Service, or otherwise transmit through the Service, any content that infringes another party's rights, contains malicious code, or violates any applicable law.

If you do not meet these requirements, you are not authorized to use the Service.

2. Information we collect

We may collect, generate, receive, or otherwise process the following categories of information ("Information"). The categories below are illustrative and not exhaustive; the Service may evolve, and this Policy will be updated to reflect material changes.

(a) Account and authentication information.

When you sign in via Sign in with Apple, Apple provides us with an opaque user identifier (the "sub" claim of the identity token), and may provide an authorization code we exchange with Apple for a refresh token used to revoke the association at your request. We do not request your name or email address through Sign in with Apple. We assign you a forwarding inbox address and a device token used to authenticate your app's requests.

(b) Forwarded reservation content.

When you forward an email to your assigned inbox address, our infrastructure receives the message, including the sender, subject line, body content, and any attachments (including PDFs). We process this content, including by transmitting it to our artificial intelligence service provider (currently Anthropic), to extract structured reservation details. We retain a structured derivative of the email contents (the parsed reservation fields, sender address, and subject line) for the life of your account so that the in-app Inbox view remains accurate and so that we can demonstrate the parse outcome of any email you forwarded. We do not retain the full original body text or attachment contents after parsing, except as may be present in transient caches and in routine system backups and audit logs described in Section 6 below.

(c) Subscription and transaction information.

If you become a paid member, Apple processes the transaction and provides us with verification of your subscription status. We do not receive your payment method, card number, or billing address.

(d) Device, usage, and diagnostic information.

We may collect technical information automatically generated through your use of the Service, including but not limited to: device tokens, IP address, request timestamps, app version, iOS version, device model, daily and aggregate counts of features used (such as artificial intelligence calls), error and crash diagnostics, and similar telemetry.

(e) Photo library content (on-device only).

The Service reads your iOS photo library locally on your device when you grant permission, including photo timestamps, GPS coordinates embedded in photo metadata, and image previews used for display in the journal. This information is processed on your device and is not transmitted to us. Apple's iCloud Photo Library may sync your photos between your own devices independently of the Service; we have no access to that sync.

(f) iCloud-synced trip data.

Your trips and journal entries may sync between your devices via Apple's iCloud (CloudKit). This data is encrypted and accessible only to you and to your devices. We do not have access to iCloud-synced data.

(g) Information from third parties.

We may receive information about you from service providers, fraud-prevention vendors, and others as reasonably necessary to operate, secure, and improve the Service.

(h) Aggregated and de-identified information.

We may create aggregated, anonymized, statistical, or de-identified data from any of the categories above. Such data does not identify you and is not subject to the restrictions of this Policy. We reserve the right to use, share, license, sell, or commercialize aggregated and de-identified information for any lawful purpose, including but not limited to research, analytics, product development, marketing, and disclosure to third parties, without additional notice or consent.

3. How we use Information

We may use Information for any lawful business purpose, including but not limited to:

• Operating, providing, maintaining, securing, debugging, and improving the Service;
• Authenticating users, issuing forwarding addresses, and routing forwarded reservations;
• Processing forwarded email content via artificial intelligence services to extract reservation details and generate editorial prose for the in-app journal;
• Processing subscription transactions and verifying entitlement;
• Enforcing per-user rate limits, usage quotas, and other abuse-prevention controls;
• Detecting, preventing, investigating, and responding to fraud, security incidents, abuse of the Service, and violations of our Terms of Service or applicable law;
• Communicating with you about the Service, including service announcements, security notices, and responses to your inquiries;
• Complying with legal obligations, including responding to subpoenas, court orders, and other lawful requests;
• Establishing, exercising, or defending legal claims;
• Engaging in research, product development, analytics, and other internal business purposes; and
• Any other purpose disclosed at the time of collection or otherwise reasonably related to the purposes above.

4. Sharing and disclosure of Information

We do not sell your personal information for advertising purposes, and we do not run advertising in the Service. Subject to that limitation, we may share or disclose Information as follows:

(a) Service providers and processors.

We share Information with vendors, contractors, and service providers that perform services on our behalf, including but not limited to: cloud infrastructure providers (currently Cloudflare); artificial intelligence and machine-learning processors (currently Anthropic); platform providers (Apple); crash and error reporting providers (currently Sentry); customer-support providers; analytics providers; payment processors; legal and accounting professionals; and similar providers we may engage from time to time. We require these providers to use Information only as necessary to perform the services we engage them for.

(b) Legal compliance and protection.

We may disclose Information when we believe in good faith that disclosure is appropriate to: (i) comply with applicable law, regulation, legal process, or governmental request; (ii) enforce our Terms of Service, including investigation of potential violations; (iii) detect, prevent, or address fraud, security, or technical issues; (iv) protect against harm to the rights, property, or safety of Meridian Dispatch, our users, or the public, as required or permitted by law; or (v) respond to claims or potential claims.

(c) Business transfers.

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Information may be sold, transferred, or otherwise shared as part of that transaction or potential transaction. The successor entity will be bound by this Policy unless and until it provides notice of a different policy.

(d) With your consent.

We may share Information for any other purpose with your consent.

(e) Aggregated and de-identified information.

As described in Section 2(h), we may share aggregated or de-identified information without restriction.

5. Cookies and tracking technologies

The Service is a native iOS application and does not use browser cookies. The Service does not engage in cross-app or cross-site tracking, does not request App Tracking Transparency (ATT) permission, does not use the Identifier for Advertisers (IDFA), and does not register any tracking domains. The Service does not use Apple's SKAdNetwork attribution framework.

6. Data retention

We retain Information for as long as we deem necessary for our legitimate business purposes, including but not limited to: providing the Service, complying with our legal obligations, resolving disputes, enforcing our agreements, preventing fraud and abuse, and operating routine system backups.

The specific retention periods we currently observe include:

• Account record and parsed forwarded confirmations: retained for the life of your account; the live record is deleted within thirty (30) days following your use of the in-app "Delete Account" function.
• Apple Sign in with Apple refresh tokens: retained for the life of your account; deleted with your account.
• Parse caches: typically expire automatically within twenty-four (24) hours.
• Daily quota counters: reset every UTC midnight.
• Routine system backups, archives, and audit logs: may contain residual copies of deleted records for up to ninety (90) days following the live deletion, after which they are overwritten in the ordinary course. In all cases, residual copies are fully purged from all systems within ninety (90) days following deletion.

You acknowledge that complete and immediate deletion from all systems, including third-party providers' systems and routine backups, may not be technically feasible, and you agree that retention consistent with this Section (with a ninety-day ceiling for residual copies) satisfies any deletion request.

7. Your rights and choices

(a) Account deletion.

The "Delete Account" function in the Service's Settings sheet initiates deletion of your account and parsed confirmations on our servers and, where we hold a valid refresh token, calls Apple's revocation endpoint to disassociate Sign in with Apple from the Service. Local data on your device is not deleted by this function; you may remove the app to delete on-device data.

(b) Sign-out without deletion.

The "Sign Out" function clears local credentials but does not delete your server-side record. Signing back in with the same Apple ID restores access.

(c) Photo library access.

You may grant, restrict, or revoke photo-library access at any time in iOS Settings. The Service does not transmit photos or photo metadata to our servers; revoking access only affects on-device features.

(d) Subscription cancellation.

Manage or cancel your subscription in iOS Settings → Apple ID → Subscriptions, or via the in-app "Manage Subscription" link. Cancellation does not entitle you to a refund of fees already paid; refund eligibility is governed by Apple's policies.

(e) Your California privacy rights.

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), gives you specific rights regarding your personal information. We honor these rights regardless of whether we are technically required to do so.

• Right to know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
• Right to delete. You may request that we delete personal information we have collected from you, subject to certain exceptions (for example, where retention is necessary to complete a transaction, detect fraud, or comply with a legal obligation).
• Right to correct. You may request that we correct inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing. We do not sell your personal information, as that term is defined under California law, in exchange for monetary or other valuable consideration, and we do not "share" personal information for cross-context behavioral advertising. The transfers described in Section 4(c) (business transfers) and Section 2(h) (aggregated/de-identified information) are not "sales" or "sharing" within the meaning of the CCPA.
• Right to limit use of sensitive personal information. We do not use sensitive personal information beyond what is necessary to provide the Service or for purposes permitted by the CCPA without additional opt-in.
• Right to non-discrimination. We will not deny you the Service, charge you a different price, or provide a different level of quality because you exercised your CCPA rights.

How to exercise your California rights. Email dispatch@meridiandispatch.com with the subject line "California Privacy Request" and a clear description of the right you wish to exercise. We will acknowledge your request within ten (10) business days and substantively respond within forty-five (45) days, with a one-time forty-five (45) day extension permitted under the CCPA where reasonably necessary. We may need to verify your identity before fulfilling a request, typically by confirming control of the email address associated with your account, or by asking you to authenticate the request from within the app.

Authorized agents. You may designate an authorized agent to make a request on your behalf. The agent must provide written, signed authorization, and we may require you to verify your identity directly to confirm the request.

(f) Your EU/UK privacy rights.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") and equivalent laws give you rights to access, rectify, erase, restrict processing of, port, and object to processing of your personal data, and to withdraw consent where processing is based on consent. We process personal data on the following lawful bases: (i) contract (Article 6(1)(b)), to provide the Service you signed up for; (ii) legitimate interests (Article 6(1)(f)), for security, fraud prevention, abuse detection, internal analytics, and improvement of the Service, where those interests are not overridden by your interests or rights; and (iii) legal obligation (Article 6(1)(c)), to comply with applicable law. Where required, we rely on standard contractual clauses with our processors for international transfers. To exercise GDPR rights, email dispatch@meridiandispatch.com. You also have the right to lodge a complaint with your local data protection authority.

(g) Other jurisdictions.

Residents of other states or countries (including without limitation Virginia, Colorado, Connecticut, Utah, Texas, Quebec, Brazil) may have analogous rights under local law. We will honor verifiable requests under such laws on substantially the same basis as the CCPA and GDPR rights above.

8. Security

We implement administrative, technical, and physical safeguards reasonably designed to protect Information against unauthorized access, alteration, disclosure, or destruction, including HTTPS encryption in transit, cryptographic verification of authentication tokens, and storage of device credentials in iOS Keychain.

No method of transmission over the internet or electronic storage is one hundred percent secure. While we strive to use commercially acceptable means to protect Information, we cannot guarantee its absolute security and we expressly disclaim any such warranty. Your use of the Service is at your own risk. In the event of a security incident affecting your Information, we will notify affected users and applicable authorities to the extent required by, and in accordance with, applicable law.

9. Children's privacy

The Service is not directed to and is not intended for use by children under seventeen (17) years of age. We do not knowingly collect personal information from children under thirteen (13). If you believe a child under thirteen (13) has provided personal information to us, contact dispatch@meridiandispatch.com and we will take reasonable steps to delete such information from our records.

10. International transfers

The Service is operated from, and Information is processed in, the United States and other jurisdictions where we or our service providers maintain facilities. If you access or use the Service from outside the United States, you consent to the transfer of your Information to the United States and to processing in any jurisdiction where we operate, which may have different data-protection laws than your jurisdiction. Where required by applicable law, we implement appropriate transfer mechanisms, such as standard contractual clauses with our service providers.

11. Third-party services and links

The Service may contain links to or interact with third-party services (such as your email provider, Apple, the App Store, and third-party mapping services). We are not responsible for the privacy practices, content, security, or terms of those third parties. Your interactions with third-party services are governed by those parties' policies. We disclaim any liability arising from your use of, or interactions with, third-party services.

12. AS-IS; no warranty regarding Information

The Service, including any Information generated, parsed, displayed, or otherwise processed by the Service, is provided on an "AS IS" and "AS AVAILABLE" basis, without warranty of any kind, whether express, implied, statutory, or otherwise. We make no representation or warranty regarding the accuracy, completeness, reliability, timeliness, or suitability of any reservation parse, AI-generated description, trip-detection result, or other Information generated or displayed by the Service. You acknowledge that artificial intelligence systems may produce inaccurate, incomplete, or misleading results, and that you are solely responsible for verifying any reservation, date, location, or other detail before relying on it for travel or other purposes.

To the maximum extent permitted by applicable law, we disclaim all warranties, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and quiet enjoyment.

13. Limitation of liability

To the maximum extent permitted by applicable law, in no event shall Meridian Dispatch, its affiliates, officers, directors, employees, agents, licensors, or service providers be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to damages for lost profits, lost data, loss of goodwill, missed travel, or substitute services, arising out of or related to: (i) your use of, inability to use, or reliance on the Service or any Information processed by the Service; (ii) any unauthorized access to or alteration of your Information; (iii) any third-party conduct or content on the Service; or (iv) any other matter relating to the Service.

To the extent the foregoing disclaimer is not enforceable, our total cumulative liability arising out of or related to the Service or this Policy shall not exceed the greater of (a) the amount you have paid us for the Service in the twelve (12) months preceding the event giving rise to the claim, or (b) one hundred U.S. dollars ($100). The limitations in this Section apply even if a remedy fails of its essential purpose. Some jurisdictions do not allow limitation of certain damages; in such jurisdictions, the foregoing limitations apply to the fullest extent permitted by law.

14. Indemnification

You agree to indemnify, defend, and hold harmless Meridian Dispatch and its affiliates, officers, directors, employees, agents, and service providers from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (i) your use or misuse of the Service; (ii) your violation of this Policy or our Terms of Service; (iii) your violation of any applicable law; (iv) the content you forward, transmit, or otherwise submit through the Service, including any content that infringes a third party's rights; or (v) your violation of the rights of any third party.

15. Changes to this Policy

We may update this Policy at any time, in our sole discretion. If we make material changes, for example, expanding the categories of Information we collect, the purposes for which we use Information, or the parties with whom we share Information, we will provide notice through the Service, by email (if we have a contact address for you), or by updating the "Last updated" date at the top of this Policy with reasonable advance notice prior to the effective date. Non-material changes (such as clarifying language or correcting errors) may be made without prior notice. Your continued use of the Service after the effective date of any update constitutes your acceptance of the updated Policy.

16. Governing law and dispute resolution

This Policy is governed by the laws of the State of New York, United States, without regard to conflict-of-laws principles. Any dispute arising out of or related to this Policy or your use of the Service shall be resolved exclusively in accordance with the dispute-resolution provisions of our Terms of Service, which include mandatory binding arbitration and a waiver of class-action rights. Please review our Terms of Service carefully.

17. Severability; no waiver; entire agreement

If any provision of this Policy is held invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. Our failure to enforce any provision is not a waiver of that provision or of our right to enforce it later. This Policy, together with our Terms of Service and any other agreements expressly incorporated by reference, constitutes the entire agreement between you and us with respect to the subject matter hereof and supersedes all prior or contemporaneous communications and proposals.

18. No third-party beneficiaries

Except as expressly provided herein, this Policy does not confer any rights, remedies, or benefits on any person or entity other than you and Meridian Dispatch.

19. Assignment

You may not assign or transfer your rights or obligations under this Policy without our prior written consent. We may assign or transfer our rights and obligations under this Policy at any time without notice or consent.

20. Contact