MeristemBack to home

Privacy Policy

Last updated June 28, 2026

This Privacy Policy explains what information Meristem collects, how it is used, and the choices you have. Meristem is operated by Richard Winn, a sole proprietor based in Florida, United States (“Meristem”, “we”, “us”). It applies to the Meristem website, progressive web app, and desktop application (together, the “Service”).

Information we collect

  • Account information. When you create an account we collect your email address and an authentication credential, handled by our authentication provider.
  • Content you create. Scans, photos, notes, assessments, and any client, property, or job records you enter. On the free tier this stays on your device. With a Pro subscription it is synced to our cloud so it is available across your devices.
  • Payment information. If you subscribe, payment is processed by Stripe. We do not receive or store your full card details. We retain a Stripe customer reference and your subscription status.
  • AI provider keys. If you bring your own AI key, it is stored encrypted in your browser on your device and sent only with the request it is needed for. We do not retain your key on our servers.
  • Technical data. Basic logs and request metadata needed to operate and secure the Service.

How your photos are processed

  • On-device identification. When you use the offline model, your photo is analyzed in your browser and does not leave your device for that step.
  • Cloud identification and analysis. When you choose a cloud AI model, the relevant photo and prompt are sent to the AI provider you selected (for example Anthropic or OpenAI) to return a result. That processing is governed by the provider’s terms and privacy policy.
  • Taxonomy lookups. Species names may be checked against public botanical services such as GBIF and Pl@ntNet to verify or enrich a result.

How we use information

  • To provide, maintain, sync, and improve the Service.
  • To process subscriptions and prevent abuse.
  • To respond to your support requests.
  • To comply with legal obligations.

We do not sell your personal information, and we do not use it for third-party advertising.

Service providers

We rely on a small set of providers to run the Service, including Supabase (database, storage, and authentication), Cloudflare (hosting and content delivery), Stripe (payments), the AI provider you select for cloud features, and Hugging Face (one-time download of the offline model). These providers process data on our behalf or, in the case of payments and AI, under their own terms.

Cookies

We use cookies that are necessary to keep you signed in and to operate the Service. We do not use advertising or cross-site tracking cookies.

Data retention and deletion

We keep your account and content for as long as your account is active. You can request deletion of your account and associated data at any time by emailing support@meristem.cc. We may retain limited records where required for legal, tax, or fraud-prevention purposes.

Security

Data is transmitted over HTTPS, access to stored records is restricted at the database row level to the owning account, and secrets are held server-side. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

Children

The Service is intended for professional use and is not directed to children. We do not knowingly collect personal information from children.

Your choices

You can access and edit your content in the app, export reports, cancel your subscription through the customer portal, and request account deletion. Depending on where you live, you may have additional rights over your personal information; contact us to exercise them.

Changes

We may update this policy from time to time. When we do, we will revise the date above and, for material changes, take reasonable steps to notify you.

Contact

Questions about this policy can be sent to support@meristem.cc.