Privacy Policy

Last updated: July 1, 2026

This Privacy Policy describes how Medha Labs ("Medha Labs," "we," "us," or "our") collects, uses, stores, and discloses information in connection with the Medha Sync application (the "Service"). This policy applies to all users of the Service.

If you have questions about this policy, contact us at medhalabs04@gmail.com.

1. Who we are

Medha Labs is a software development studio based in India, operating the website https://medhalabs.in and the Medha Sync application, a unified inbox and customer communication platform that helps businesses manage email, WhatsApp messaging, contacts, and marketing broadcasts in one place.

2. Information we collect

2.1 Account information

When you sign up, we collect your name, email address, and a securely hashed password. If you sign in with Google, we receive your Google account ID, name, email address, and profile picture.

2.2 Google user data

Medha Sync integrates with Gmail so you can send and receive email through the Service. When you connect a Gmail account, we request the following Google OAuth scopes:

ScopePurpose
https://mail.google.com/Read, sync, send, and organize email on your behalf inside the Service's unified inbox
openid, email, profileConfirm your identity and display your name/email/avatar in the app

We use this access only to:

  • Fetch and display incoming and outgoing email messages, threads, and attachments inside Medha Sync
  • Send email on your behalf when you compose or reply from within the Service
  • Automatically create or match a contact record from the sender/recipient of an email

We do not use Google user data for advertising, sell it, or share it with third parties except as described in Section 4. Medha Sync's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.3 Other connected accounts

If you connect a Microsoft Outlook account, an IMAP/SMTP email account, or a WhatsApp Business (Meta Cloud API) number, we collect and process equivalent data from those providers — account credentials (encrypted at rest), message content, attachments, and delivery metadata — solely to provide the same unified inbox functionality.

2.4 Contact and CRM data

When you or your connected accounts communicate with other people, we store the counterparties' name, phone number, email address, message history, tags, notes, pipeline/deal stage, and any custom fields you add, so you can manage those relationships inside the Service.

2.5 Messages, broadcasts, and attachments

We store the content of emails and WhatsApp messages sent and received through the Service, along with file attachments (stored in our object storage), and aggregate delivery/read statistics for broadcast campaigns you create.

2.6 Usage data

We automatically collect log data such as IP address, browser type, device information, pages visited, and timestamps, to operate, secure, and improve the Service.

2.7 Cookies

We use essential cookies/local storage to keep you signed in and remember preferences. We do not use third-party advertising cookies.

3. How we use information

We use the information above to:

  • Provide, operate, and maintain the unified inbox, contacts, broadcasts, automations, and analytics features
  • Authenticate you and keep your account secure
  • Sync and deliver email and WhatsApp messages on your behalf
  • Respond to support requests
  • Monitor and improve the reliability and performance of the Service
  • Comply with legal obligations

We do not sell your personal information or Google user data, and we do not use it to serve ads.

4. How we share information

We share information only with:

  • Google, Microsoft, and Meta — to the extent necessary to send/receive email or WhatsApp messages through their APIs on your instruction
  • Infrastructure and sub-processors we use to run the Service (database, object storage, and hosting providers), under confidentiality obligations, solely to provide the Service
  • Law enforcement or regulators, if required by law, subpoena, or to protect the rights, property, or safety of Medha Labs, our users, or the public
  • A successor entity, if Medha Labs is involved in a merger, acquisition, or sale of assets, subject to this policy or a materially equivalent one

We never sell personal data or Google user data to third parties, and we never share it for third-party advertising or unrelated purposes.

5. Data storage and security

Data is stored in our PostgreSQL database and object storage, protected by access controls and encryption. OAuth tokens (including Google refresh/access tokens) and email account passwords are encrypted at rest. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data retention and deletion

We retain your account data, connected-account tokens, and message/contact data for as long as your account remains active, so the Service can continue to function. If you delete your account or request deletion by emailing medhalabs04@gmail.com, we will delete or anonymize your personal data, connected-account tokens, and associated messages within 30 days, except where we are required to retain limited records for legal or security purposes.

Disconnecting a Google account in-app, or revoking Medha Sync's access from your Google Account permissions page, immediately stops further access and triggers deletion of the stored tokens for that account.

7. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to withdraw consent for us to process it. To exercise these rights, contact medhalabs04@gmail.com. You can also revoke Medha Sync's access to your Google account at any time via Google Account permissions.

8. Children's privacy

The Service is intended for business use by adults and is not directed to individuals under 18. We do not knowingly collect personal information from children.

9. International data transfers

Medha Labs is based in India, and the Service's infrastructure may be hosted in India or other countries. By using the Service, you consent to your information being processed in these locations, under the protections described in this policy.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via the Service or by email. The "Last updated" date above reflects the latest revision.

11. Contact us

Medha Labs
Email: medhalabs04@gmail.com
Website: https://medhalabs.in