Legal

Privacy Policy

Last updated: 3 May 2025

This policy covers the Meridian app and the website at meridianapp.co.uk, operated by Novus Studio LTD, a company registered in England and Wales. Novus Studio LTD is the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Questions? Email contact@novusstudio.co.

The short version: Meridian uses your location to navigate and to show your position to convoy members you invite. We use HERE Maps for routing. We don't sell your data to anyone, ever.

1. What we collect

Location

Meridian needs your precise GPS location to navigate and to share your position with convoy members. We collect this only while the app is active — or, if you grant background permission, while a convoy is running. We don't store your location history on our servers after a convoy ends.

Convoy data

When you're in a convoy, we process your real-time latitude, longitude, bearing, speed, display name, and a timestamp. This data is shared live with other members of the same convoy and deleted from our servers within 24 hours of the convoy ending.

Voice

The AI Voice Co-pilot processes your speech on-device using your device's built-in speech recognition. We don't record, store, or send your voice to our servers.

Music playback

The Now Playing feature reads your current track title, artist, and play/pause state from your device's local media session. It stays on your screen only — nothing is transmitted to us.

Account

If you create a Meridian account, we store your chosen username, display name, and email address. Passwords are hashed using industry-standard algorithms and are never readable by us.

Crash reports and diagnostics

We may collect anonymised crash reports to fix bugs and improve stability. These contain no personal information and cannot be linked back to you.

Payments

Subscription payments are handled entirely by Apple (App Store) or Google (Google Play). We never see or store your card details.

2. Why we process it

Contract performance — to deliver the navigation and convoy features you asked for
Legitimate interests — to keep the app stable, secure, and improving
Consent — for precise location access (your device asks you) and optional marketing emails
Legal obligation — where the law requires it

3. How we use it

Showing your position on the map and routing you turn-by-turn
Sharing your live position with convoy members you've joined
Processing voice commands locally on your device
Managing your account and Meridian Plus subscription
Fixing crashes and improving the app via anonymised diagnostics
Responding to support requests

4. Third-party services

HERE Technologies

Map tiles and route calculations go through HERE's servers. HERE processes this under their own privacy policy — see here.com/privacy.

Cloud infrastructure

Real-time convoy sync runs on cloud infrastructure. Providers operate under data processing agreements and have no rights to use your data for their own purposes.

Apple and Google

In-app purchases are managed by Apple and Google per their platform policies.

5. Who we share it with

We don't sell, rent, or trade your data. The only circumstances where we share it:

Convoy members — your live position and display name are shared only with people in a convoy you've actively joined
Infrastructure providers — acting as processors under contract, no independent use
Legal requirements — where required by law or to protect our users
Business transfer — in a merger or acquisition, with appropriate notice to you

6. How long we keep it

Live convoy location — deleted within 24 hours of a convoy ending
Account data — kept while your account is active; deleted within 30 days of a verified deletion request
Anonymised diagnostics — up to 12 months

7. Security

All data in transit is encrypted via TLS. We review our security practices regularly. No system is perfectly secure, but we take this seriously.

8. Your rights under UK GDPR

You have the right to access, correct, delete, restrict, or port your data — and to object to processing based on legitimate interests. To exercise any of these, email contact@novusstudio.co. We'll respond within 30 days.

You can also complain to the Information Commissioner's Office at ico.org.uk.

9. Children

Meridian isn't directed at children under 13. If you think a child has given us their data, contact us and we'll delete it.

10. International transfers

Most processing happens in the UK and EEA. Where data moves outside these regions (e.g. HERE's global infrastructure), we ensure appropriate safeguards — including standard contractual clauses approved by the UK ICO — are in place.

11. Cookies

The Meridian website uses only strictly necessary cookies. No advertising cookies, no cross-site tracking. The mobile app uses no cookies at all.

12. Changes

We'll notify you of material changes via an in-app notice or email. The revision date is always at the top of this page.

13. Contact

Privacy matters: contact@novusstudio.co
General support: contact@novusstudio.co
Novus Studio LTD, registered in England and Wales