Privacy Policy

Reviewed and approved by counsel. Effective July 10, 2026.

Provider: Meridian Bridge Advisors LLC d/b/a Lazaretto. Effective date: July 10, 2026 Contact: contact@lazaretto.dev

This policy explains what we collect when you use the Lazaretto API, distribution skill, MCP server, or website (the "Service"), and what we do with it. It is written to be short and true.

1. What we collect

2. What we do NOT do

3. Why we use it

We use the data above only to: provide and operate the Service; compute and cache verdicts; enforce rate limits and prevent abuse and iterative evasion; reconcile payments and meet tax and accounting obligations; improve detection quality (using hashes and metadata, not artifact bodies); and comply with law.

4. Sharing

We share data only with:

5. Retention

We retain scan metadata, hashes, and payment records for as long as needed for the purposes above and to meet legal, tax, and reconciliation obligations, then delete or aggregate them. Because we do not store artifact bodies, there is no artifact content to retain.

6. Security

We use administrative and technical measures appropriate to a service of this size, including secret management for credentials, least-privilege access, and transport encryption. No method of transmission or storage is perfectly secure; we cannot warrant absolute security.

7. Your privacy rights; international users

We operate from the United States and process data in the U.S. If you use the Service from outside the U.S., you consent to that processing.

8. Changes and contact

We may update this policy prospectively; material changes will be posted with a new effective date. Questions or requests: contact@lazaretto.dev.

Meridian Bridge Advisors LLC d/b/a Lazaretto.