These Developer Terms apply when you register an OAuth application on Meridian that requests access to user accounts ("Applications"). By publishing an Application, you agree to these terms and our Terms of Service.
1. Scope
2. Registration and review
You must provide accurate application details, including valid privacy and terms URLs (https only).
Surf Online may review Applications, require changes, reject registration, or revoke access at any time. Users may see warnings for unreviewed Applications with large audiences.
3. Scopes and data minimization
Request only scopes your Application needs. Available scopes include:
user.identify: basic profile (id, display name, avatar).user.email: account email when available.guilds.read: guild ids where the user's bots are installed.
Do not store tokens or user data longer than necessary. Honor user revocation promptly.
4. Security
Protect client secrets, redirect URIs, and stored tokens. Use HTTPS for all redirect URIs in production. Notify us promptly at security@meridian.surf if your Application is compromised.
5. Independent controller
You are an independent data controller for personal data your Application collects. Meridian is not responsible for your privacy practices. You must provide your own privacy policy and honor applicable data protection laws.
6. Prohibited Applications
Applications must not:
- Phish credentials or misrepresent their purpose at consent time.
- Resell Meridian API access without authorization.
- Violate our Acceptable Use Policy or Discord's developer terms.
- Circumvent user consent or scope limits.
7. Enforcement
We may suspend or revoke Applications, tokens, and developer accounts for violations. Users may disconnect your Application from Account → Connected apps.
8. Contact
Developer program questions: legal@meridian.surf.