Privacy Policy

Solis, trading as Meridyn, provides AI consulting, AI agents, process automation, custom AI tools, internal software, and MVP development. Solis is intended to be based in Cyprus and acts as the controller for personal data processed through this website unless a separate client agreement says otherwise.

Contact us about privacy at info@meridyn.io.

This policy explains how we process personal data when you visit the Meridyn website, book a call, submit a resource form, contact us, receive emails from us, or work with us on a project. Client project data may also be governed by a statement of work, data processing agreement, or other written agreement.

• Contact details such as your name, email address, company, role, and information you send to us.
• Booking details submitted through our call-booking flow, including meeting preferences and notes.
• Resource form details such as name, email, industry, company size, requested resource, UTM parameters, referrer, user agent, and submission time.
• Website and device information such as IP address, browser type, pages viewed, source URLs, approximate location, and cookie or analytics identifiers.
• Client project information such as workflow requirements, business processes, integrations, credentials shared by authorized users, logs, technical diagnostics, and data needed to build, test, support, or improve delivered systems.

• To operate the website and respond to contact, booking, and resource requests.
• To send requested guides, updates, useful notes, and service communications.
• To scope, deliver, maintain, and support AI systems, automations, tools, and MVPs.
• To analyze website and resource performance and improve our services.
• To secure our systems, prevent abuse, debug issues, and maintain audit records.
• To comply with legal, accounting, tax, and contractual obligations.

Where the GDPR applies, we rely on these legal bases:

• Contract or steps before a contract, for booking calls, scoping work, delivering client projects, and providing requested resources.
• Legitimate interests, for operating and securing the website, improving services, measuring resource performance, and communicating with business contacts.
• Consent, where required for optional cookies, marketing subscriptions, or specific data uses.
• Legal obligation, where we must keep records or respond to lawful requests.

Meridyn builds and connects AI-enabled systems for clients. We process client-provided data only as needed to scope, build, test, operate, secure, and support the agreed work. When we use external AI APIs or infrastructure, we aim to use business or enterprise endpoints, client-approved credentials, data-processing terms, and configuration choices that limit training, retention, or secondary use where the provider makes those controls available. We do not sell client data and we do not use confidential client project data to train our own public models.

External AI services may include large language models, embedding models, speech or image models, model-routing tools, hosted open-source models, and infrastructure from providers such as OpenAI, Anthropic, Google, Mistral, Meta/Llama-compatible hosts, Hermes-compatible model hosts, and similar vendors. The exact providers depend on the client's approved stack and the requirements of the engagement.

The EU AI Act uses a risk-based framework. Some AI practices are prohibited, high-risk AI systems are subject to stricter obligations, and certain AI-generated or AI-interactive experiences may require transparency notices. When our work could involve regulated or sensitive AI use cases, we assess the intended purpose, users, affected persons, data flows, human oversight, logging, accuracy, cybersecurity, and vendor responsibilities with the client before production use.

• We do not knowingly build systems for prohibited AI practices, such as social scoring, unlawful biometric categorisation, harmful manipulation, or other uses banned by applicable law.
• We do not deploy high-risk AI systems in areas such as employment, education, credit, essential services, law enforcement, migration, critical infrastructure, or medical use unless the scope, obligations, safeguards, documentation, and responsible parties are expressly agreed in writing.
• We design AI outputs to support human decision-making unless a client agreement and applicable law permit a different level of automation.
• We recommend client review before using AI outputs in legal, financial, medical, employment, safety-critical, or similarly sensitive contexts.

We may share personal data with vendors that help us run the website and deliver services. These may include hosting providers, Sanity for content and lead storage, Resend or email delivery providers, Cal.com for booking, analytics providers, collaboration tools, payment or accounting providers, AI model and infrastructure providers, vector database or retrieval providers, workflow automation services, observability tools, and professional advisers.

These providers may process data in Cyprus, the EEA, the United Kingdom, the United States, or other locations depending on their infrastructure.

If personal data is transferred outside Cyprus or the EEA, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, contractual protections, or other lawful transfer mechanisms.

We do not use website visitor data, booking requests, or resource lead data to make solely automated decisions that produce legal or similarly significant effects about you. Client systems may include automation or AI-assisted recommendations, but their decision logic, human review requirements, and user notices are handled in the relevant client project agreement or deployment documentation.

We keep personal data only as long as needed for the purposes described above. Contact and resource lead data is kept while we have a business relationship or a legitimate reason to follow up, unless you ask us to delete it earlier. Client project data is retained according to the relevant agreement and operational support needs. Legal, accounting, and security records may be kept longer where required or permitted by law.

We may use cookies, pixels, local storage, and similar technologies to operate the website, remember preferences, understand traffic, measure campaigns, and improve content. You can manage cookies through your browser settings. Where legally required, we will ask for consent before using non-essential cookies.

Depending on where you live and the law that applies, you may have rights to access, correct, delete, restrict, or receive a copy of your personal data, object to processing, and withdraw consent where processing is based on consent. You may also object to direct marketing at any time.

To exercise your rights, contact info@meridyn.io. We may need to verify your identity before responding.

If you believe your data protection rights have been infringed, you can contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus or with another competent data protection authority.

We use reasonable technical and organizational measures designed to protect personal data, including access controls, least-privilege access, secure credentials handling, and appropriate vendor controls. No internet-based service can be guaranteed to be completely secure.

Our website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children.

We may update this policy as our services, vendors, or legal requirements change. The date at the top shows when it was last updated.