Privacy Policy
Last Updated: February 6, 2026
This Privacy Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules, 2025.
1. Data Fiduciary Information
For the purposes of the DPDP Act, we are the Data Fiduciary for your personal data.
Organization: Meridian Bridge Strategy
Website: meridianbridgestrategy.com
Data Protection Officer: Sushant Pasumarty
DPO Email: dpo@meridianbridgestrategy.com
2. Personal Data We Collect
We collect the following personal data for the purposes stated:
| Data Element | Purpose | Legal Basis |
|---|---|---|
| Email Address | Account creation, authentication, transactional communications | Contract |
| Name | Personalization, display in user interface | Contract |
| Password | Authentication (stored securely by Auth0, not by us) | Contract |
| Payment Information | Transaction processing (processed by Razorpay, not stored by us) | Contract |
3. Data Processors (Third-Party Partners)
We share your personal data with the following Data Processors:
Auth0 (Okta, Inc.)
Purpose: User authentication and identity management
Data Shared: Email, name, password
Data Returned: Session tokens, email verification status, account metadata
DPA Status: ✅ Standard Data Processing Agreement in place
Razorpay Software Pvt Ltd
Purpose: Payment processing
Data Shared: Email, payment amount
Data Returned: Transaction status, payment confirmation
DPA Status: ✅ Standard Data Processing Agreement in place
Vercel Inc.
Purpose: Website hosting and content delivery
Data Shared: IP address (for request routing), access logs
Data Returned: Analytics (aggregated)
DPA Status: ✅ Standard Data Processing Agreement in place
Resend Inc.
Purpose: Transactional email delivery
Data Shared: Email address, name (for personalization)
Data Returned: Email delivery status
DPA Status: ✅ Standard Data Processing Agreement in place
PostHog Inc.
Purpose: Product analytics and user behavior tracking
Data Shared: Anonymous user ID, page views, session data, IP address
Data Returned: Aggregated usage analytics
DPA Status: ✅ Standard Data Processing Agreement in place
Refix AI
Purpose: User experience analytics and session replay
Data Shared: Session recordings, click patterns, page interactions
Data Returned: UX insights and heatmaps
DPA Status: ✅ Standard Data Processing Agreement in place
Calendly LLC
Purpose: Meeting scheduling (external link only)
Data Shared: Email, name (when you book a meeting)
Data Returned: Meeting confirmations
Note: You share data with Calendly only when you click to schedule a meeting
Google Fonts (Google LLC)
Purpose: Font delivery for website styling
Data Shared: IP address, browser user agent (automatic)
Data Returned: Font files
Note: Minimal data, used only for font delivery
4. Your Rights as a Data Principal
Under the DPDP Act 2023, you have the following rights:
- Right to Access: Obtain confirmation and access to your personal data
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Nominate: Nominate another person to exercise your rights
- Right to Grievance Redressal: Lodge complaints with our DPO
5. Consent and Withdrawal
By using our services, you consent to the collection and processing of your personal data as described in this policy.
Essential Processing (Cannot be withdrawn)
- Account authentication and security
- Transaction processing
- Legal compliance
Withdrawing Consent
You can withdraw consent at any time by:
- Visiting your Profile Settings
- Contacting our DPO at dpo@meridianbridgestrategy.com
- Deleting your account (removes all data)
6. Data Retention
We retain your personal data only for as long as necessary:
- Active accounts: Data retained while account is active
- Inactive accounts: Data erased after 3 years of inactivity
- Deleted accounts: Data erased within 30 days of deletion request
- Legal retention: Certain records retained for 7 years for legal compliance
7. Data Security
We implement appropriate security measures as required by the DPDP Act:
- All data encrypted in transit (HTTPS/TLS)
- Authentication managed by Auth0 with industry-standard security
- Payment data processed by PCI-DSS compliant Razorpay
- We do not store credit card details
8. Grievance Redressal
If you have any concerns about our data processing, please contact our Data Protection Officer:
Data Protection Officer: Sushant Pasumarty
Email: dpo@meridianbridgestrategy.com
Response Time: We will respond within 30 days
If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India.
9. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the "Last Updated" date at the top
- Sending email notifications for significant changes
- Displaying a notice on our website