Meridian: Privacy Policy

Last updated: June 14, 2026

Data controller: Aubora SASU (société en formation), France, represented by its founder, Arthur Franco, while the company is in formation.
Contact: contact@cerno.me

This Privacy Policy (the “Privacy Policy”) describes how Aubora SASU, a French société par actions simplifiée unipersonnelle currently in formation (“we,” “us,” “our,” or the “Company”), which publishes and operates the Meridian mobile application (“Meridian,” the “App,” or the “Service”), collects, uses, maintains, and discloses information about you (“you” or “your”) when you use the App. It is written to satisfy the European General Data Protection Regulation (the “GDPR”) and the French Loi Informatique et Libertés (the “LIL”), and is published as a standalone page so you can read it before and at any point during your use of the App. Section 8 explains how these practices relate to United States law (including HIPAA and the California, Virginia, Colorado, and Connecticut privacy statutes), and Section 7 addresses European national laws beyond the GDPR. A separate Terms of Use and Health Disclaimer accompany it; this Privacy Policy governs data, those documents govern use.

A few defined terms used throughout this Privacy Policy. The “Company,” “we,” “us,” and “our” mean Aubora SASU (société en formation), France, represented by its founder, Arthur Franco, until the company is registered. “Meridian,” the “App,” and the “Service” mean the Meridian iOS application. “You” and “your” mean the natural person using the App. “On your device” means stored locally in the App's database on the iPhone or iPad you use, never transmitted to us. An “Estimate” (and “Estimates”) means the mathematical, illustrative pharmacokinetic value the App computes from the times and doses you enter; it is a model output, not a measurement of any substance in your body.

The short version

Your medication and well-being data stays under your control. Everything you enter stays on your device, and we operate no servers, run no analytics, show no ads, ship no third-party tracking, and have no way to see or access what you record. There are no accounts and no login. One optional connection is off by default: if you turn on Apple Health, Meridian writes your daily mood to your own Apple Health as a State of Mind entry and can pre-fill your mood from a State of Mind you logged elsewhere, all on your device under Apple Inc.'s terms, with nothing sent to us. The current version of Meridian offers no synchronization between your own devices. If a future version offers optional iCloud synchronization, your data will move only through your own private Apple iCloud account, and we still will not be able to read it. You can view, edit, export, and delete your data yourself, at any time, inside the app.

The full policy below sets out the legal detail. Read it before you record health data.

1. Who is responsible for your data (the controller)

The data controller is Aubora SASU, a French société par actions simplifiée unipersonnelle currently en formation (in the process of being incorporated), represented by its founder, Arthur Franco. Until the company is registered with the Registre du commerce et des sociétés, it has no legal personality of its own. During this period the controller's responsibilities are carried by Arthur Franco personally, acting on behalf of Aubora SASU (société en formation). Once Aubora SASU is registered, it will take up (reprise) the processing described here and become the controller in its own name, and this policy will be updated to reflect its registration details.

You can reach the controller for any question about this policy or your data by email at contact@cerno.me, or by post at: Arthur Franco, Aubora SASU (société en formation), [postal address], France.

We have not appointed a Data Protection Officer. We are not required to: we operate no large-scale monitoring of users (Article 37(1)(b) GDPR), and we carry out no large-scale processing of special categories of data on our side (Article 37(1)(c) GDPR), because your health data never reaches us and stays on your device. You can use the contact points above for any privacy matter.

2. What data the app handles

Meridian only handles what you choose to enter:

The medications you add (name, type, your chosen dose, color, and any label-to-equivalent conversion you set).
The threshold bands you configure (for example the level below which a dose is marked a “crash,” your “sweet spot” range, and the “too much” ceiling), expressed in d-amphetamine-equivalent milligrams, together with any separate per-class thresholds and reminder levels, and the day window you set for how the day is displayed.
The doses you log (which medication, the amount in milligrams, and the date and time).
The optional “how it felt” journal: your ratings of focus, energy, mood, crash, sleep, and appetite, plus any free-text note.
The pharmacokinetic estimates Meridian computes from your dose entries to draw its curves.

This is data concerning your health, which is a special category of personal data under Article 9 of the GDPR. We treat it as sensitive. It is stored only on your device, in the app's local database.

Meridian does not ask for your name, email, account, contacts, location, advertising identifiers, or any device identifier used for tracking. We collect none of these.

3. Where your data lives, and who can see it

By design, your data stays on your device in a local store, and nowhere else. We run no servers. We receive no copy. We have no remote database, no backups of your data, and no technical means to read it. No third party receives it from us, because there is nothing for us to send.

iCloud synchronization (not offered in the current version). The current version of Meridian offers no synchronization: your data exists only on your device. If a future version offers optional iCloud synchronization, it will be off by default and will only turn on if you enable it. Your data will then be synchronized through your own private Apple iCloud account, so that your devices stay in step. In that case Apple Inc. (and Apple Distribution International Ltd. for users in Europe) will act as a data processor for that synchronization, under Apple's own terms, on the infrastructure of your personal iCloud. We will still not be a recipient of your data: we will not be able to see, retrieve, or access anything synchronized in this way, and you will be able to turn synchronization off at any time in Settings. We will update this policy when synchronization becomes available.

The precise role Apple plays for content held in your personal iCloud depends on Apple's developer and iCloud terms, which you accept directly with Apple. We point you to Apple's privacy documentation for how Apple handles iCloud data.

Apple Health (optional, off by default). Meridian's connection to Apple Health (HealthKit) is optional and off by default. It does nothing with Apple Health unless you turn on “Sync mood with Apple Health” in Settings. When, and only when, you enable it and grant permission in the system prompt, Meridian syncs your daily mood with your own Apple Health store, in both directions: it writes that day's mood rating as an iOS 18 State of Mind entry, and it can read the most recent State of Mind you logged elsewhere (for example in Apple's Health app, or another well-being app) to pre-fill your rating for the day, which you are free to change or ignore. The read excludes entries Meridian itself wrote, so there is no feedback loop. All of this stays in your own Apple Health store on your device, under Apple Inc.'s terms; we receive nothing, we never see your Apple Health data, and you can turn the sync off at any time in Settings, after which Meridian neither reads nor writes Apple Health. Apple Health holds health data, a special category under Article 9 of the GDPR (see section 4); turning the sync on is your explicit, informed choice. Meridian also offers optional Shortcuts and Siri actions (built with Apple's App Intents), for example to log a dose or to read your current estimated level. These actions run on your device and operate only on the data already stored there; using them sends nothing to us. If you choose to build a Shortcut or automation that passes Meridian's data to another app or service, that flow is your choice and is governed by that other service's terms, not by this Privacy Policy.

4. Why we may process data, and on what legal basis

Because the app's purpose is to let you privately observe your own patterns, the processing that occurs is processing you carry out on your device, for your own personal purposes, using the tool we provide. To the extent we are a controller for the design and operation of that processing, we rely on the following legal bases:

Your consent (Article 6(1)(a) GDPR) as the general legal basis for handling the personal data you enter.
Your explicit consent (Article 9(2)(a) GDPR) specifically for the health data you record (doses, the “how it felt” journal, and the estimates derived from them).

These two bases are cumulative. Health data needs both a general basis and a special-category exception, so both apply at once.

Consistent with the guidance of the French data protection authority (the CNIL) for health applications, we inform you that health data is involved before you record anything: the Health Disclaimer, available from onboarding and at any time in the app, and this policy say so plainly. Your consent is then expressed through your deliberate, informed act of recording: the app logs nothing on its own, and every entry exists because you chose to make it. Because consent is given through your own actions on your device, the record that evidences it (your entries and when you made them) also lives on your device, with your data.

You can withdraw your consent at any time, as easily as you gave it, by stopping your use of the app, deleting your entries, or deleting the app. Withdrawing consent does not affect any processing that took place before withdrawal.

5. How long your data is kept

We set no retention period of our own, because we hold none of your data. Your data stays on your device for as long as you keep it, and it ends when you decide:

Deleting an entry removes that entry.
Deleting the app removes the on-device data it held.

If a future version offers iCloud synchronization and you enable it, copies held in your own iCloud will follow Apple's retention and deletion behavior for your account; deleting your data and turning off synchronization will remove those copies according to how your iCloud propagates deletions. Files you export (see below) sit outside the app once exported, and you control how long they last.

6. Recipients and international transfers

Recipients. We disclose your data to no one. We sell nothing, share nothing, and transfer nothing to advertisers, analytics providers, or any other third party. In the current version, no party outside your device touches your data. If a future version offers iCloud synchronization and you enable it, the only such party will be Apple, acting as a data processor for that synchronization as described in section 3. Separately, if you choose to support Meridian through the optional contribution button in Settings, that button opens an external payment page in your browser; the page is operated by our payment provider under its own privacy policy and receives no data from the app.

International transfers. In the current version, no transfer takes place: your data stays on your device. If a future version offers iCloud synchronization and you enable it, Apple may store data on infrastructure located outside the European Economic Area, including in the United States. Any such transfer will happen through your own Apple iCloud account and will be governed by Apple's terms. To the extent we are responsible, as controller, for offering that synchronization feature, we will rely on the transfer safeguards Apple maintains under Chapter V of the GDPR, which include the EU-U.S. Data Privacy Framework and the European Commission's Standard Contractual Clauses. We encourage you to review Apple's privacy and legal terms before enabling synchronization.

7. Your rights

Under the GDPR you have the rights of access, rectification, erasure, restriction of processing, data portability, and objection, together with the right to withdraw your consent at any time.

Meridian is built so that you exercise these rights yourself, directly in the app, without going through us:

Access: view all your data on screen at any time.
Rectification: edit any medication, dose, rating, or note.
Erasure: delete individual entries, or delete the app to remove everything it held.
Portability: export your data to JSON or CSV from Settings and take it with you.
Restriction and objection: stop recording, or stop using a feature, at any time.
Withdrawal of consent: as described in section 4.

A consequence of our privacy-protective design is that we cannot identify you and cannot access your data. We hold no account, no login, and no copy. Under Article 11 of the GDPR, we are not required to obtain or keep additional information just to identify you, and where we genuinely cannot identify you, the access, rectification, erasure, restriction, and portability rights are exercised through the in-app tools rather than by a request to us. Article 11(2) lets you revive those rights against us by providing information that identifies you; even then, we hold no data of yours on which they could operate, so the in-app tools remain the effective route. This is not a way of avoiding your rights; it is the result of the app holding your data only on your device, under your control. If you have a question, write to contact@cerno.me.

You also have the right to lodge a complaint with the French supervisory authority, the Commission nationale de l'informatique et des libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr, or with the supervisory authority of your country of residence.

European national laws beyond the GDPR. The GDPR harmonizes data-protection law across the European Economic Area, so it is the principal framework governing Meridian throughout Europe. It nonetheless contains more than fifty “opening clauses” that let individual member states impose stricter national rules, and several have done so: Germany's Bundesdatenschutzgesetz (BDSG), Spain's LOPDGDD, Italy's Codice in materia di protezione dei dati personali, and, in the United Kingdom (post-Brexit), the Data Protection Act 2018 together with the UK GDPR. We do not over-engineer for each variation, because Meridian's on-device design keeps us clear of the obligations they add. Two illustrations: the German BDSG requires a Data Protection Officer for any business with 20 or more employees regularly processing personal data, and is strict on employee monitoring and credit scoring, none of which applies to us; and France subjects the hosting of health data to a specific Hébergeur de Données de Santé (HDS) certification, which does not apply to Meridian because we host none of your health data: it stays on your device. France's Loi Informatique et Libertés also grants posthumous data rights (binding directives about your data after your death) that the GDPR itself leaves out; because we hold no copy of your data, you exercise these over the data on your own device and through your Apple account. As Meridian grows, or if its hosting model ever changes, we will reassess these national rules and update this Policy before any new obligation applies.

8. United States residents

This policy applies wherever you use Meridian, and the design does not change at the border. In the United States, as everywhere else, your data stays on your device, we run no servers, and we collect no personal information on our side. The points below address the United States frameworks you may have in mind.

HIPAA. Meridian is not subject to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA governs health information held by covered entities, namely healthcare providers, health plans, and healthcare clearinghouses, and by their business associates. We are none of these. The medication and well-being entries you make in Meridian are records you keep for yourself, on your own device. They are not protected health information held by a covered entity, and no HIPAA relationship arises between you and us. None of this reduces the care we take: we treat your entries as sensitive health data under this policy regardless of which statute applies.

COPPA. The Children's Online Privacy Protection Act (COPPA) governs the online collection of personal information from children under 13. It does not arise here: Meridian is not directed to children, and we do not knowingly permit anyone under 16 to use it (see section 12), a floor that sits above COPPA's under-13 threshold. In any case, we collect no personal information from any user on our side.

CCPA and CPRA. The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), imposes obligations on businesses that meet certain thresholds of revenue or data volume. We likely fall below those thresholds. Whether or not the CCPA applies to us, our practices already meet the substance of what it protects. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We collect no personal information about you on our side, because everything you enter stays on your device and we receive no copy. For the same reason, there is nothing on our side for an access, deletion, or correction request to reach: you view, edit, export, and delete your data directly in the app, exactly as described in section 7, and those tools work identically for every user, in California and elsewhere.

Other U.S. state privacy laws. Beyond California, a growing number of U.S. states have comprehensive privacy laws, including Virginia's Consumer Data Protection Act (VCDPA), Colorado's Privacy Act (CPA), and Connecticut's Data Privacy Act (CTDPA), with more taking effect each year. These follow an opt-out model (you may opt out of certain uses of your data), unlike the GDPR's opt-in model. Each applies only above defined thresholds: broadly, controlling or processing the personal data of roughly 100,000 state residents in a year, or about 25,000 while deriving a significant share of revenue from selling data. Meridian sits far below every such threshold and, more fundamentally, collects no personal data on our side and sells or shares none, so there is nothing to opt out of. We nonetheless align with the substance of these laws, and if we ever approach an applicable threshold we will update this Policy and offer the corresponding rights before the obligation takes effect.

iCloud and exported files. The current version offers no synchronization. If a future version offers iCloud synchronization and you enable it, your data will move through your own private Apple iCloud account under Apple Inc.'s terms, and Apple may store it on infrastructure located in the United States, as described in sections 3 and 6. We will still receive nothing. Files you export to JSON or CSV leave the app's protection the moment you save or share them; once a file is out, you alone decide where it goes, who reads it, and how long it survives.

Basis and contact. The consent-based approach described in section 4 applies to you as it does to every user. The controller identified in section 1, Aubora SASU (société en formation), remains your point of contact for any question, at contact@cerno.me.

9. Is providing data required

No. There is no statutory or contractual obligation to provide any data to Meridian. The app simply does not function as a journal without the entries you choose to make. If you record nothing, there is nothing to handle. You choose what to record and what to leave out.

10. No automated decision-making

Meridian does not make automated decisions that produce legal effects for you or similarly significantly affect you within the meaning of Article 22 of the GDPR. The curve it draws is a mathematical estimate and a visualization for your own observation. It does not decide anything about you, does not recommend a dose, and does not diagnose or assess any clinical state.

11. Security and the people around you

We design the app to keep your data confined to your device. Your device's own protections (passcode, Face ID or Touch ID, and encryption) are an important part of keeping that data private, so we encourage you to use them. You can also require Face ID, Touch ID, or your passcode to open Meridian itself, for example by long-pressing its icon on the Home Screen; see the Health Disclaimer for the steps.

Please also keep in mind:

Bystander exposure. Health information can appear in notifications, home-screen and lock-screen widgets, and on the lock screen, where someone nearby could see it. If that matters to you, turn off sensitive previews for Meridian in your device settings, or remove the widgets.
Device sharing. Anyone who can unlock your device can open the app and see your data. Do not share an unlocked device if you want this data to stay private.
Exported files. Once you export to JSON or CSV, that file leaves the app's protection and becomes your responsibility to store, move, or delete safely.
Data loss. Because data lives only on your device, it can be lost if your device is lost, reset, or damaged. Keeping your own export guards against this.
Clock and time zone. Dose times follow your device clock and time zone; an incorrect clock or a time-zone change can shift the times you see and therefore the estimate.

These points are practical realities of an on-device, privacy-first design, not gaps in it.

12. Children

Meridian is intended for adults and for minors aged 16 or over. It is not directed to children under 16, and we ask that anyone under 16 not use it. We encourage minors aged 16 or 17 who use it to involve a parent or guardian. In France, the law (article 45 of the Loi Informatique et Libertés) sets the age at which a minor may consent alone to this kind of processing at 15; we adopt 16 as a deliberately higher floor, and we design our information to be clear and simple enough for a minor to understand.

We do not knowingly permit children under 16 to use Meridian, and parental consent does not change that floor. Because the data never reaches us, we rely on you and, where relevant, the parent or guardian to respect it.

13. A note on what Meridian is

Meridian is a personal well-being and self-knowledge tool. It shows estimates, not measurements: every curve is a mathematical model based on population averages and the times you enter, and it can differ substantially from what is actually in your body. The model uses generic pharmacokinetic parameters that we draw from reputable, current scientific sources and maintain to the best of our ability, without warranting their accuracy; and you can tailor the model to yourself, adjusting its parameters and thresholds, so that the more you tailor it the more it reflects your own assumptions rather than ours. Either way, it remains an estimate, never a measurement. Meridian is not a medical device and gives no medical advice, no diagnosis, and no dosing recommendation. Always follow your prescriber. This framing matters for privacy too: because the app only helps you observe your own data, your data stays yours. For the full health framing, see the Health Disclaimer and Terms of Use.

14. Changes to this policy

If the way the app handles data changes, we will update this page and the “Last updated” date above. Where a change is material, we will surface it in the app so you see it. We will also update the controller details once Aubora SASU is registered.

15. Contact

For any question about this policy or about your data, write to contact@cerno.me.