Account

Security and data handling

Last updated 1 April 2026

Meridia is SOC 2 Type II in progress (final audit Q3 2026). Here's what's in place today.

Encryption

TLS 1.3 in transit, AES-256 at rest. Tokens for connected channels are encrypted with per-tenant keys.

Data retention

Order and product data is retained for the lifetime of your account. On cancellation, data is soft-deleted for 60 days (recoverable) and hard-deleted thereafter.

SSO

SAML 2.0 SSO is available on the Business plan and above. We support Okta, Google Workspace, Azure AD, and generic SAML providers.

What we do with your data

We use it to provide the product. We do not sell, share, or use your order data for external analytics or training. Aggregated, anonymised benchmarks (e.g. "average eBay take rate by category") may be surfaced back to all customers but cannot be traced to any individual shop.

Was this helpful?
Related
Billing
Plans, invoices, and how we handle changes mid-cycle.
Team and invites
Invite teammates, set roles, and scope access by channel.