Privacy Policy

Privacy Policy

Last updated: April 8, 2026

MERIDIQ AB (“MERIDIQ”, “we”, “us” or “our”) respects your privacy and is committed to protecting personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”).

This Privacy Policy explains how we collect, use, share and protect personal data when you visit our website, contact us, book a demo, start a trial, or use MERIDIQ’s services.

1. Who we are

MERIDIQ AB
Stockholm, Sweden
Email: support@meridiq.com

If you have any questions about this Privacy Policy or how we process personal data, please contact us at support@meridiq.com.

2. When MERIDIQ is controller and when MERIDIQ is processor

MERIDIQ provides software and related services to clinics, practices and other healthcare providers.

MERIDIQ acts as a data controller for personal data we process for our own business purposes, such as:

  • website visitor data
  • contact form submissions
  • demo and trial requests
  • newsletter subscriptions
  • customer account administration
  • billing and invoicing
  • support and service communications
  • security, logging and product improvement

MERIDIQ acts as a data processor when our customers use the platform to manage patient or client data, such as records, bookings, forms, questionnaires, consents, documentation or images.

In those cases, the clinic or healthcare provider is normally the data controller, and MERIDIQ processes the data on their behalf under the applicable data processing agreement.

If you are a patient or client of one of our customers and your request concerns your medical record or similar data, you should normally contact the relevant clinic or provider directly first.

3. What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Information you provide directly

  • name
  • email address
  • phone number
  • company or clinic name
  • job title or role
  • billing details
  • account information
  • messages and support requests

Service and account data

  • user account information
  • organisation and workspace details
  • settings and preferences
  • audit logs and access logs
  • support case information
  • data required to provide booking, payment, messaging and quality management functionality

Information collected automatically

  • IP address
  • browser and device information
  • operating system
  • pages visited and actions taken
  • date and time of access
  • technical diagnostics, cookies and similar technologies

4. How we use personal data

We use personal data to:

  • provide our website, platform and services
  • respond to enquiries, demos and trial requests
  • manage customer accounts and subscriptions
  • send service, billing and support communications
  • maintain security and prevent misuse
  • improve performance, functionality and user experience
  • send marketing communications where permitted by law
  • comply with legal obligations and protect our legal rights

5. Legal bases for processing

We process personal data only where we have a valid legal basis under GDPR, including:

  • Contract: when processing is necessary to provide our services or take steps before entering into a contract
  • Legal obligation: when we must comply with applicable laws, such as accounting or regulatory requirements
  • Legitimate interests: for security, support, service improvement, administration and relevant business communications
  • Consent: where required, for example for certain cookies or marketing communications

6. Cookies and similar technologies

We use cookies and similar technologies to operate our website, remember preferences, analyse usage, improve performance and manage consent choices.

Where required by law, we ask for your consent before using non-essential cookies. You can manage your preferences through our cookie banner and your browser settings.

7. How we share personal data

We may share personal data with trusted third parties where relevant, such as:

  • hosting and infrastructure providers
  • analytics and monitoring providers
  • payment, billing and communication providers
  • customer support providers
  • professional advisers such as lawyers, auditors and accountants
  • authorities or regulators where required by law
  • buyers or successors in connection with a merger, acquisition or business transfer

Where MERIDIQ uses subprocessors, we do so under written agreements and appropriate data protection obligations.

Our current subprocessor information is available here:
https://meridiq.com/subprocessor

8. International transfers

MERIDIQ primarily aims to use providers and infrastructure that support storage and processing within the EU/EEA.

If personal data is transferred outside the EU/EEA, we will ensure that appropriate safeguards are in place, such as an adequacy decision by the European Commission or the use of Standard Contractual Clauses (SCCs) together with supplementary measures where required.

9. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

This means, for example, that we retain contact and demo request data for as long as needed to handle the request and relevant follow-up, and customer, billing and contract data for the duration of the customer relationship and as long as required by applicable law.

Patient or client data processed by MERIDIQ on behalf of a customer is retained according to the customer’s instructions, the applicable agreement, and relevant legal or technical retention requirements.

10. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure or destruction.

These measures may include access controls, role-based permissions, audit logging, encryption in transit, secure authentication, monitoring, backups and internal confidentiality routines.

11. Your rights

Under GDPR, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request erasure of your data
  • request restriction of processing
  • object to processing based on legitimate interests
  • request data portability where applicable
  • withdraw consent at any time where processing is based on consent
  • lodge a complaint with a supervisory authority

If your request concerns patient or client data entered into MERIDIQ by one of our customers, please contact the relevant clinic or healthcare provider first, since they are usually the data controller for that information.

If your request concerns data for which MERIDIQ is the controller, please contact us at support@meridiq.com.

12. International visitors and region-specific rights

This Privacy Policy is intended to provide a general privacy notice for users and visitors globally.

Depending on where you live, you may have additional rights under local privacy or consumer protection laws. Where required by applicable law, MERIDIQ may provide supplemental privacy notices, request-specific disclosures, or additional rights mechanisms for residents of particular countries, states or regions.

For example, users in certain jurisdictions may have rights relating to access, correction, deletion, portability, objection, restriction, appeal, or limits on certain types of data use, subject to applicable law and any relevant exemptions.

If a specific regional privacy law applies to MERIDIQ and to the relevant processing activity, we will handle requests in accordance with that law.

Nothing in this Privacy Policy is intended to limit any rights you may have under applicable local law.

13. Third-party services and integrations

Our services may include or connect to third-party tools and integrations, such as payment, accounting, messaging or analytics services.

Where third parties process personal data on our behalf, they do so under contractual data protection obligations. Where a customer independently activates an integration, that provider may process data according to its own privacy terms and role.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or processing practices.

When we make material changes, we will publish the updated version on this page and update the “Last updated” date above.

15. Contact

MERIDIQ AB
Stockholm, Sweden
Email: support@meridiq.com