How Meriq stores data

A plain-language overview of what we store, what we don't, and how encryption works.

What Meriq does not store

  • Your prompts and AI responses are not logged or retained after delivery
  • Conversation content is never used for model training
  • No third party receives your conversation data
  • Search queries from deep research are not stored after the job completes
  • File contents uploaded for analysis are not retained after processing

What Meriq does store

The following data is stored to operate your account:

  • Account information: email address, hashed password (or OAuth identifiers), display name, plan type
  • Usage counters: daily message counts, research job counts, image generation counts (for quota enforcement, reset daily)
  • Preferences: selected model, custom instructions, theme, privacy settings
  • Billing records: subscription status, payment method type (card details are held by Stripe, not by Meriq)
  • Security events: login timestamps and security-related events (retained for 30 days, then automatically deleted)

Optional cloud vault

If you enable the cloud vault, Meriq stores your conversations in encrypted form so they persist across sessions and devices. This is entirely optional.

How encryption works

  • All vault data is encrypted with AES-256-GCM before it leaves the application layer
  • The encryption key is derived from a vault password only you know, and is never stored in the database
  • If you sign in with a social provider, you set a separate vault password the first time you enable the vault — your social login alone can never unlock your data
  • Meriq cannot decrypt your vault data without your active session, and cannot recover it if you lose your vault password

What vault encryption covers

  • All conversation message content
  • Research job queries, plans, and reports
  • Generated artifact content
  • Extracted text from uploaded files
  • User memory entries

Retention and deletion

  • Non-vault conversations exist only in your browser session and are gone when you close the tab
  • Vault conversations persist until you delete them or disable the vault
  • Disabling the vault deletes all encrypted data from cloud storage
  • Deleting your account removes all stored data, including vault contents, preferences, and billing records
  • Security logs are automatically purged after 30 days

Account boundaries

  • Each user's data is isolated. There is no shared conversation state between accounts
  • Staff can see usage statistics and account metadata but cannot read conversation content
  • API keys are scoped per user and cannot access another user's data

Summary

Meriq is designed so that the default state is zero retention. Storing conversations requires an explicit opt-in (the vault), and even then, everything is encrypted with a key derived from a vault password only you hold. We cannot read your vault data, and disabling the vault deletes it.

For the formal legal version of these practices, see our Privacy Policy. For questions about capabilities and access, see the FAQ.