Privacy Policy
Last updated: July 1, 2026
This Privacy Policy describes how Medha Labs ("Medha Labs," "we," "us," or "our") collects, uses, stores, and discloses information in connection with the Medha Sync application (the "Service"). This policy applies to all users of the Service.
If you have questions about this policy, contact us at medhalabs04@gmail.com.
1. Who we are
Medha Labs is a software development studio based in India, operating the website https://medhalabs.in and the Medha Sync application, a unified inbox and customer communication platform that helps businesses manage email, WhatsApp messaging, contacts, and marketing broadcasts in one place.
2. Information we collect
2.1 Account information
When you sign up, we collect your name, email address, and a securely hashed password. If you sign in with Google, we receive your Google account ID, name, email address, and profile picture.
2.2 Google user data
Medha Sync integrates with Gmail so you can send and receive email through the Service. When you connect a Gmail account, we request the following Google OAuth scopes:
| Scope | Purpose |
|---|---|
https://mail.google.com/ | Read, sync, send, and organize email on your behalf inside the Service's unified inbox |
openid, email, profile | Confirm your identity and display your name/email/avatar in the app |
We use this access only to:
- Fetch and display incoming and outgoing email messages, threads, and attachments inside Medha Sync
- Send email on your behalf when you compose or reply from within the Service
- Automatically create or match a contact record from the sender/recipient of an email
We do not use Google user data for advertising, sell it, or share it with third parties except as described in Section 4. Medha Sync's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
2.3 Other connected accounts
If you connect a Microsoft Outlook account, an IMAP/SMTP email account, or a WhatsApp Business (Meta Cloud API) number, we collect and process equivalent data from those providers — account credentials (encrypted at rest), message content, attachments, and delivery metadata — solely to provide the same unified inbox functionality.
2.4 Contact and CRM data
When you or your connected accounts communicate with other people, we store the counterparties' name, phone number, email address, message history, tags, notes, pipeline/deal stage, and any custom fields you add, so you can manage those relationships inside the Service.
2.5 Messages, broadcasts, and attachments
We store the content of emails and WhatsApp messages sent and received through the Service, along with file attachments (stored in our object storage), and aggregate delivery/read statistics for broadcast campaigns you create.
2.6 Usage data
We automatically collect log data such as IP address, browser type, device information, pages visited, and timestamps, to operate, secure, and improve the Service.
2.7 Cookies
We use essential cookies/local storage to keep you signed in and remember preferences. We do not use third-party advertising cookies.
3. How we use information
We use the information above to:
- Provide, operate, and maintain the unified inbox, contacts, broadcasts, automations, and analytics features
- Authenticate you and keep your account secure
- Sync and deliver email and WhatsApp messages on your behalf
- Respond to support requests
- Monitor and improve the reliability and performance of the Service
- Comply with legal obligations
We do not sell your personal information or Google user data, and we do not use it to serve ads.
4. How we share information
We share information only with:
- Google, Microsoft, and Meta — to the extent necessary to send/receive email or WhatsApp messages through their APIs on your instruction
- Infrastructure and sub-processors we use to run the Service (database, object storage, and hosting providers), under confidentiality obligations, solely to provide the Service
- Law enforcement or regulators, if required by law, subpoena, or to protect the rights, property, or safety of Medha Labs, our users, or the public
- A successor entity, if Medha Labs is involved in a merger, acquisition, or sale of assets, subject to this policy or a materially equivalent one
We never sell personal data or Google user data to third parties, and we never share it for third-party advertising or unrelated purposes.
5. Data storage and security
Data is stored in our PostgreSQL database and object storage, protected by access controls and encryption. OAuth tokens (including Google refresh/access tokens) and email account passwords are encrypted at rest. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
6. Data retention and deletion
We retain your account data, connected-account tokens, and message/contact data for as long as your account remains active, so the Service can continue to function. If you delete your account or request deletion by emailing medhalabs04@gmail.com, we will delete or anonymize your personal data, connected-account tokens, and associated messages within 30 days, except where we are required to retain limited records for legal or security purposes.
Disconnecting a Google account in-app, or revoking Medha Sync's access from your Google Account permissions page, immediately stops further access and triggers deletion of the stored tokens for that account.
7. Your rights
Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to withdraw consent for us to process it. To exercise these rights, contact medhalabs04@gmail.com. You can also revoke Medha Sync's access to your Google account at any time via Google Account permissions.
8. Children's privacy
The Service is intended for business use by adults and is not directed to individuals under 18. We do not knowingly collect personal information from children.
9. International data transfers
Medha Labs is based in India, and the Service's infrastructure may be hosted in India or other countries. By using the Service, you consent to your information being processed in these locations, under the protections described in this policy.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified via the Service or by email. The "Last updated" date above reflects the latest revision.
11. Contact us
Medha Labs
Email: medhalabs04@gmail.com
Website: https://medhalabs.in