Trust / Subprocessors

Subprocessors & Data Residency

The third-party subprocessors that Meridian relies on, by category, and our data residency posture per deployment tier.

Subprocessors

By category

Each subprocessor is engaged under a data processing agreement that meets or exceeds our customer DPA terms. Material changes to this list are notified to active customers in advance.

Category
Provider
Purpose
Cloud infrastructure
Google Cloud Platform
Compute, storage, managed databases, key management, regional deployment.
Edge & CDN
Cloudflare
Edge cache, DDoS protection, web application firewall, public-facing TLS termination.
AI inference
Major model providers (per customer configuration)
Cognitive resolution for designated agent tasks. Provider selectable per deployment; no customer data used for training.
Identity
Customer's selected identity provider
OIDC federation with the customer's existing IdP. No standalone Meridian identity store required.
Source code & build
GitHub
Source repositories and CI for No13's own infrastructure-as-code. Not part of customer data flows.
Operational telemetry
In-tier (no third-party SaaS)
Telemetry stays inside the deployment. No customer-data telemetry is exported to third-party observability vendors.
Data Residency

By deployment tier

Shared multi-tenant

Customer data resides in the cloud region the customer selects at onboarding. Cross-region replication only with customer authorization. Backups encrypted, region-pinned, retention configurable.

Isolated tenant

Same as shared, plus per-tenant external-API adapters and credentials. No third-party tokens shared across customers.

Dedicated / sovereign

Customer-controlled deployment region. Customer-managed keys (BYOK). Optional air-gap. Hardware security module integration. No data egress outside the customer's controlled boundary.

Procurement questions?

DPA, security questionnaires, custom subprocessor requirements — we engage on real timelines, not marketing claims.

Contact us