Skip to content
Meridian

Privacy Policy

Last updated 14 July 2026

Meridian is a daily geography game. This policy explains what personal data we collect, why, the legal grounds we rely on, who we share it with, and the rights you have — including under the EU and UK General Data Protection Regulation (GDPR).

1. Who we are

Meridian (“we”, “us”, “our”) operates the website at meridiandaily.app and is the data controller for the personal data described here. If you have any question about this policy or want to exercise your rights, contact us at privacy@meridiandaily.app.

2. The short version

  • You can play the daily puzzles with no account and no sign-in. Anonymous progress stays in your browser on your device.
  • If you sign in, we store your email and your game progress so it syncs across your devices.
  • Analytics are off until you opt in. We never sell your data, and we don’t show ads.
  • You can export or delete everything from the You page at any time.

3. What data we collect

Account data (only if you sign in). Your email address, a unique account identifier, the date your account was created, and an optional display name. Meridian uses passwordless sign-in, so we do not store passwords.

Game progress and preferences. Your streaks, per-country mastery records, a log of the questions you’ve answered (the country, format, whether you were right, and how long you took), daily-tray completion, and your settings (region weighting, theme, sound, language, and whether you’ve opted into email reminders).

Anonymous, on-device progress. If you play without signing in, your progress is stored in your browser’s local storage on your device. It is not sent to our servers unless you later sign in and choose to save it to your account.

Analytics data (only with your consent). If you allow analytics, we and our analytics providers collect usage events (such as which puzzles you start and finish), page views, and general device and browser information. Approximate location may be derived from your IP address to distinguish regions; we do not use it to identify you.

Technical data. Like any website, our hosting provider processes limited technical information (such as IP address and request metadata) to deliver pages and keep the service secure.

4. Why we use it, and our legal basis

Under the GDPR we must have a lawful basis for each use of your data. Here is how that maps to what we do:

Purposes and legal bases for processing
What we doData usedLegal basis
Run your account and sync your progress across devicesAccount data, game progress, preferencesPerformance of a contract (Art. 6(1)(b))
Keep the daily game working for anonymous playersOn-device progress, essential cookiesLegitimate interests (Art. 6(1)(f))
Understand usage and improve the productAnalytics dataConsent (Art. 6(1)(a))
Send optional email remindersEmail address, reminder settingConsent (Art. 6(1)(a))
Keep the service secure and prevent abuseTechnical data, logsLegitimate interests (Art. 6(1)(f))

Where we rely on consent, you can withdraw it at any time — see Your rights — without affecting anything we did before you withdrew it.

5. Cookies and local storage

We use a small number of essential cookies and browser storage to keep you signed in and remember your settings, and — only if you opt in — analytics cookies. Non-essential analytics are off by default; you choose whether to allow them via the banner or the You page. For the full list, see our Cookie Policy.

6. Who we share data with

We do not sell your personal data. We share it only with the service providers (“processors”) that help us run Meridian, each bound to process it only on our instructions:

Third-party service providers
ProviderPurposeTheir privacy policy
SupabaseDatabase and authentication (accounts, progress)supabase.com/privacy
VercelWebsite hosting and privacy-friendly usage/performance metricsvercel.com/legal/privacy-policy
PostHogProduct analytics (only with your consent)posthog.com/privacy
ResendSending sign-in links and optional email remindersresend.com/legal/privacy-policy
Google / AppleSign-in, only if you choose to use themGoogle · Apple

We may also disclose data where required by law, or to protect the rights, safety, and security of Meridian and its users.

7. International data transfers

Some of our providers are located outside the European Economic Area (for example, in the United States). Where data is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, or transfers to countries the Commission has found to provide an adequate level of protection.

8. How long we keep it

  • Account and game progress: for as long as your account exists. When you delete your account, this data is deleted.
  • Anonymous, on-device progress: until you clear it in your browser, or you sign in and merge it into an account.
  • Analytics data: retained by our analytics provider for a limited period in line with their standard retention, then removed or aggregated.
  • Technical logs: kept only briefly for security and reliability.

9. Your rights

If you are in the EEA or the UK, you have the right to access, correct, delete, restrict, or object to our use of your personal data, to data portability, and to withdraw consent at any time. You can act on most of these directly:

  • Access and portability: use You → Export my data to download your account, mastery, and attempt history as CSV files.
  • Erasure: use You → Delete my account to permanently delete your account and all associated data.
  • Withdraw analytics consent: turn analytics off from the You page or the “Cookie preferences” link in the footer.
  • Everything else: email us at privacy@meridiandaily.app and we’ll help.

You also have the right to lodge a complaint with your local data protection authority if you believe we’ve mishandled your data, though we’d appreciate the chance to put things right first.

10. Children

Meridian is intended for a general adult audience and is not directed at children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

11. How we protect your data

Access to your data is protected by authentication and database row-level security, so signed-in users can only reach their own records. Traffic is encrypted in transit (HTTPS). No system is perfectly secure, but we take reasonable measures to protect your information.

12. Changes to this policy

We may update this policy from time to time. When we do, we’ll revise the “Last updated” date above and, for material changes, provide a more prominent notice.

13. Contact us

Questions, requests, or concerns? Email privacy@meridiandaily.app. See also our Cookie Policy and Terms of Service.

Privacy Policy · Meridian