- Contact: security@meridian.io
- Preferred encryption: PGP on request
- Acknowledgement target: 72 hours
- Initial triage target: 5 business days
- Scope: Collector API endpoints and authentication/tenant-isolation controls
- Safe harbor for good-faith research within scope