Privacy Policy for Meritus360.com
Effective Date: 09/23/2025
Last Updated: Initial Release
Meritus ("we," "our," or "us") operates meritus360.com and the Meritus platform. We are committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy describes how we collect, use, protect, and share information when you use our website and services.
1. Information We Collect
We collect information in three main categories:
a. Information You Provide
- Contact details (name, email, phone number, company, job title)
- Login credentials and authentication data
- Intake form responses, uploaded documents, and compliance evidence
- Payment details (processed securely through third-party providers; we do not store full credit card numbers)
b. Automatically Collected Information
- IP address, browser type, and device information
- Log data (pages visited, timestamps, referring URLs)
- Cookies and similar technologies (see Section 7)
c. Platform Data
- Documents, datasets, and evidence you upload
- Audit logs of activity within the Meritus platform
- Metadata (certifications, services, goals, compliance records)
2. How We Use Your Information
We use your information to:
- Provide and improve the Meritus platform and services
- Enable compliance, audit, and readiness tracking functions
- Personalize and optimize user experience
- Communicate with you about updates, support, and transactions
- Analyze usage trends and system performance
- Comply with legal and regulatory obligations
3. Security of Your Information
Protecting your data is central to Meritus. Our security measures include:
- Encryption in Transit and at Rest: TLS 1.2+ for all connections; AES-256 for all stored data (databases, backups, and object storage).
- Hosting on Azure: Data hosted in U.S. Microsoft Azure data centers with SOC 2 Type 2, ISO 27001, FedRAMP High, and HIPAA/HITECH compliance.
- Access Controls: U.S. citizens/permanent residents only; background-checked personnel; multi-factor authentication; role-based access (least privilege).
- Monitoring & Defense: Azure DDoS Protection, WAF, vulnerability scanning, continuous monitoring.
- Audit Logging: All access to customer data is logged and reviewed.
4. Data Retention & Deletion
- Retention: Customer data is retained indefinitely unless you delete it. This supports long-term compliance requirements (e.g., AS9100D retention).
- Immediate Deletion: When you delete data via the dashboard, API, or support request, it is permanently erased within 24 hours from databases, storage, and backups.
- Verification: We run automated verification queries to confirm full deletion.
- Exceptions: Certain legal or billing records may be retained as required by law.
5. AI/LLM Data Handling
Meritus uses OpenAI's Enterprise GPT-5 API under strict contractual agreements:
- No Training: Customer data is never used to train AI models.
- Zero Retention: API calls use enterprise endpoints with no data storage.
- PII Protection: Personally identifiable information is detected and masked before transmission.
- Failover Providers: Alternative enterprise-grade providers (e.g., Anthropic, Azure OpenAI) may be used under equivalent security terms.
6. Regulatory & Compliance Alignment
Meritus is designed in alignment with:
- NIST SP 800-171 & CMMC 2.0 Level 2 practices
- DFARS 252.204-7012 security requirements
- ITAR/EAR/CUI alignment for U.S. government data
- GDPR & CCPA: Right to access, correct, and erase your data honored
We rely on Microsoft Azure's compliance certifications (SOC, ISO, FedRAMP, HIPAA) for infrastructure-level controls.
7. Cookies & Tracking
Meritus360.com uses cookies to:
- Enable authentication and security
- Improve site functionality
- Analyze traffic and performance
You may disable cookies in your browser settings, though some features may not function properly.
8. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access, correct, or delete your personal information
- Restrict or object to processing
- Port your data to another provider
- Withdraw consent at any time
To exercise these rights, contact us at info@meritus360.com.
9. International Data Transfers
Meritus360.com operates on U.S.-based infrastructure. If you access from outside the U.S., your data may be transferred to and processed in the U.S. with safeguards in place.
10. Children's Privacy
Meritus360.com is not directed to children under 16. We do not knowingly collect data from children. If discovered, such data will be deleted immediately.
11. Updates to this Policy
We may update this Privacy Policy as our services or regulations evolve. The "Last Updated" date will reflect the most recent changes.
12. Contact Us
For questions or concerns about this Privacy Policy, contact us:
Meritus Security & Privacy Team
Website: https://www.meritus360.com
Email: info@meritus360.com
Quality Readiness