Referral Program Design

Core Mechanics

Every Meridian user receives a unique referral code derived from a truncated HMAC-SHA256 of their account ID. When a new user signs up with that code, both parties receive a 30-day license extension. The system enforces a per-referrer cap of 12 successful referrals per calendar month to prevent abuse.

Double-Sided Reward

• Referrer+30 days added to active subscription, applied at next renewal checkpoint.
• Referred+30 days granted immediately upon email verification and first successful auth handshake.

Anti-Fraud Layer

Referral credits are held in a pending state for 72 hours. During this window, the system cross-checks hardware fingerprints, IP subnets, and payment method hashes. If the referred account shares a machine SID or TPM endorsement key with the referrer, the credit is voided and both accounts are flagged for manual review.

Attribution Tracking

The referral code is embedded in the signup URL as a query parameter. On page load, the frontend persists it to a first-party cookie with a 90-day expiry. If the user navigates away and returns later without the query param, the cookie preserves attribution. The code is submitted alongside the initial license activation request and validated server-side against the active user directory.

Dashboard Visibility

Each user's dashboard displays their referral code, a running count of successful and pending referrals, and total days earned. A shareable link with pre-filled copy-to-clipboard is rendered on the account page. No analytics or tracking pixels are injected into the referral flow.