Security & Privacy Architecture

Transport Encryption (TLS 1.3)

All data transmitted between your browser and Meridian Private Line's infrastructure is encrypted using TLS 1.3 — the current industry-standard transport layer security protocol. HTTP connections are automatically redirected to HTTPS. The TLS 1.3 protocol eliminates several legacy vulnerabilities present in TLS 1.2 and earlier versions, including support for weak cipher suites and the BEAST and POODLE attack vectors.

What this means practically: any data you type into a form field — name, business information, financial figures — is encrypted before it leaves your device and cannot be read by any party intercepting the network transmission.

Data-at-Rest Encryption (AES-256)

Data stored in Meridian Private Line's systems is encrypted using the Advanced Encryption Standard with a 256-bit key length (AES-256). This is the same encryption standard mandated by the U.S. federal government for securing classified information at the Top Secret level, as specified in NIST FIPS 197.

AES-256 is not a marketing claim — it is a mathematical standard. A brute-force attack against a properly implemented AES-256 encrypted dataset would require computational resources that do not exist and are not projected to exist within any relevant planning horizon, including quantum computing scenarios at current development trajectories.

What We Collect

Meridian Private Line collects only the information necessary to evaluate a business credit application and connect the executive with appropriate institutional lenders. This typically includes:

• Business identity information (legal name, EIN, state of incorporation)
• Principal owner identity (name, contact information, ownership percentage)
• Business financial summary (annual revenue, time in business, existing debt load)
• Credit inquiry authorization (personal credit pull authorization when required)
• Capital request parameters (desired line amount, intended use of credit)

We do not collect information beyond what is functionally required for the credit analysis. We do not deploy behavioral tracking systems, advertising pixels, or third-party analytics tools that transmit user data to external platforms beyond the Rybbit analytics system used for aggregate site performance measurement.

What We Do Not Collect

• Social media profiles or behavioral history
• Device identifiers or browser fingerprinting data
• Location tracking data beyond the state/city level provided voluntarily in the application
• Any information not directly relevant to credit analysis and lender matching

How Your Data Is Used

Data submitted to Meridian Private Line is used exclusively for the following purposes:

• Evaluating the executive's credit profile against our institutional lender partners' underwriting criteria
• Identifying the optimal credit structure and lender match for the specific application
• Communicating application status and credit options to the executive
• Maintaining the relationship records necessary to fulfill advisory obligations

Third-Party Data Sharing: The Zero-Broadcast Policy

Meridian Private Line does not operate a data marketplace. We do not simultaneously transmit applications to dozens of lenders. We do not sell, license, or rent executive financial data to any third party for any purpose, including marketing, demographic research, or financial intelligence aggregation.

When an application proceeds to lender engagement, data is transmitted exclusively to the specific institutional lender(s) engaged for that transaction — through encrypted channels, with lender-level confidentiality obligations in place. The executive is informed of which lender will receive their information before any transmission occurs.

Data Retention

Application data is retained only for the period necessary to complete the credit decisioning process. Files for applications that do not proceed to an active credit facility are purged within 90 days of the application's resolution. Executives may request immediate deletion of their application data at any time by contacting us at (888) 653-0124. Active client relationship records are retained for the duration of the credit facility plus any legally required minimum retention period.

Institutional NDA Coverage

Every team member with access to executive financial data — analysts, strategists, administrative staff, and technology operators — is bound by an institutional non-disclosure agreement that is active from the date of their engagement with Meridian Private Line. This NDA specifically prohibits:

• Disclosure of applicant identity to any party outside the analysis team without written authorization
• Discussion of any executive's financial position, business structure, or capital request in any non-secure context
• Use of client financial information for any purpose beyond the specific advisory engagement
• Retention of client financial data on personal devices or non-secured storage systems

The NDA carries specific financial penalties enforceable under Utah contract law and, where applicable, federal financial privacy statutes. Confidentiality is not a policy aspiration at Meridian Private Line — it is a legally binding obligation applied to every person in the chain of data custody.

Access and Correction

Executives who have submitted application data may request a summary of the information held about them at any time. If any information is inaccurate, we will correct it promptly upon verification.

Deletion

Executives may request deletion of their application data at any time prior to or following credit decisioning, subject to any legally required minimum retention obligations. Deletion requests are processed within 10 business days of verification.

Portability

Upon request, we will provide a copy of the data submitted in a standard, machine-readable format. This enables executives to verify exactly what information is on file.

Opt-Out of Future Contact

Executives who do not wish to receive future communications following the resolution of their application may opt out at any time by contacting us directly. Opt-out requests are honored immediately.