Medhya AI

Privacy Policy

Last Updated: January 8, 2026

1. INTRODUCTION

Madhu Herbals Private Limited (“Company,” “we,” “us,” or “our”), a company registered in Singapore, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Medhya AI mobile application (the “App”).

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

This Privacy Policy should be read in conjunction with our Terms of Service.

2. INFORMATION WE COLLECT

We collect several types of information to provide and improve our services to you.

2.1 Personal Information You Provide

When you register for and use the App, you may provide us with:

Account Information:

  • Name
  • Email address
  • Phone number (optional)
  • Password (encrypted)
  • Profile photo (optional)

Demographic Information:

  • Age
  • Gender identity
  • Location (country/region)
  • Height and weight
  • Body measurements

Health and Wellness Information:

  • Health goals and objectives
  • Current health symptoms
  • Medical conditions (self-reported)
  • Dietary preferences and restrictions
  • Food allergies and intolerances
  • Activity level and exercise habits
  • Sleep patterns
  • Stress levels
  • Lifestyle habits

Progress and Tracking Data:

  • Daily health metrics (weight, measurements, mood)
  • Meal logs and nutrition intake
  • Exercise and workout completion
  • Symptom tracking records
  • Progress photos (optional)
  • Journal entries

Communication Data:

  • Messages and conversations with the AI coach
  • Feedback and survey responses
  • Customer support communications
  • In-app notes and comments

2.2 Information Collected Automatically

When you use the App, we automatically collect certain information:

Usage Data:

  • App features accessed and used
  • Time spent in the App
  • Interaction patterns and preferences
  • Search queries within the App
  • Buttons clicked and navigation paths

Device Information:

  • Device type and model
  • Operating system and version
  • Unique device identifiers
  • Mobile network information
  • IP address
  • Browser type and version
  • Time zone settings

Location Information:

  • Approximate location based on IP address
  • Precise location (only if you grant permission)

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

Authentication Services:

  • If you sign up using Apple, Google, or Facebook login
  • Profile information from these services (with your permission)

Payment Processors:

  • Transaction information from app stores (Apple App Store, Google Play Store)
  • Payment confirmation and subscription status

Health and Fitness Integrations (with your permission):

  • Apple Health/HealthKit
  • Google Fit
  • Fitness tracking devices
  • Other connected health apps

2.4 Sensitive Personal Information

We recognize that health and wellness information is sensitive. We treat all health-related data with the highest level of care and security. You have control over what health information you choose to share with us.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 To Provide and Personalize Services

  • Create and manage your account
  • Deliver personalized meal plans based on your preferences and goals
  • Generate customized workout routines
  • Provide AI-powered wellness coaching tailored to your needs
  • Track your progress and health metrics
  • Offer lifestyle advice and recommendations
  • Enable symptom tracking and wellness monitoring

3.2 To Improve Our Services

  • Analyze usage patterns to improve App functionality
  • Train and improve our AI algorithms
  • Develop new features and services
  • Conduct research and analytics
  • Test new features and optimize user experience

3.3 To Communicate with You

  • Send you account-related notifications
  • Provide customer support and respond to inquiries
  • Send important updates about the App or policy changes
  • Deliver subscription and payment confirmations
  • Send promotional communications (with your consent)
  • Request feedback and conduct surveys

3.4 To Ensure Security and Compliance

  • Detect and prevent fraud and abuse
  • Protect against security threats
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Resolve disputes and troubleshoot problems

3.5 For Business Operations

  • Process payments and manage subscriptions
  • Maintain business records
  • Conduct internal audits and quality assurance
  • Fulfill contractual obligations

4. LEGAL BASIS FOR PROCESSING (FOR GDPR COMPLIANCE)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Consent: You have given us explicit consent to process your health and wellness data for personalized services
  • Contract Performance: Processing is necessary to provide the services you requested
  • Legitimate Interests: Processing is necessary for our legitimate business interests (improving services, fraud prevention) that do not override your rights
  • Legal Obligations: Processing is necessary to comply with applicable laws and regulations

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

5.1 Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating the App, including:

  • Cloud hosting and storage providers (e.g., AWS, Google Cloud)
  • Analytics services (e.g., Google Analytics, Firebase)
  • Customer support platforms
  • Payment processors
  • Email and communication services
  • AI and machine learning infrastructure providers

These service providers are contractually obligated to protect your information and use it only for the specific services they provide to us.

5.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal requests from government authorities
  • Court orders or subpoenas
  • Legal processes or regulations
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activity

5.4 With Your Consent

We may share your information with other parties when you provide explicit consent to do so.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or business purposes.

6. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

  • Account Data: Retained while your account is active and for a reasonable period after account closure for legal and operational purposes
  • Health and Wellness Data: Retained while your account is active or as long as necessary for personalization and AI training
  • Communication Data: Retained for customer service purposes and legal compliance
  • Usage Data: Typically retained for 2-3 years for analytics purposes
  • Payment Records: Retained as required by tax and accounting laws (typically 7 years)

After the retention period expires, we will securely delete or anonymize your information. You may request deletion of your data at any time as described in Section 10.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

Technical Safeguards:

  • Industry-standard encryption for data in transit (TLS/SSL)
  • Encryption for sensitive data at rest
  • Secure authentication protocols
  • Regular security audits and vulnerability assessments
  • Firewall protection and intrusion detection systems
  • Access controls and authentication requirements

Organizational Safeguards:

  • Limited access to personal data on a need-to-know basis
  • Employee training on data privacy and security
  • Confidentiality agreements with employees and contractors
  • Incident response procedures
  • Regular security policy reviews

7.2 Your Responsibility

While we take security seriously, no method of transmission or storage is 100% secure. You are responsible for:

  • Maintaining the confidentiality of your password
  • Logging out of your account when finished
  • Using a secure internet connection
  • Keeping your device secure
  • Notifying us immediately of any unauthorized access

8. INTERNATIONAL DATA TRANSFERS

Madhu Herbals Private Limited is based in Singapore. If you access the App from outside Singapore, your information may be transferred to, stored, and processed in Singapore or other countries where our service providers operate.

These countries may have data protection laws that differ from your jurisdiction. By using the App, you consent to the transfer of your information to Singapore and other countries.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international transfers, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally approved transfer mechanisms

9. CHILDREN’S PRIVACY

The App is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, do not use the App or provide any information through it.

If we learn that we have collected personal information from a child under 18, we will delete that information immediately. If you believe we have collected information from a child under 18, please contact us at privacy@getmedhya.com.

10. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

10.1 Rights for All Users

Access and Portability:

  • Request a copy of your personal information
  • Download your data in a portable format

Correction:

  • Update or correct inaccurate information through your account settings or by contacting us

Deletion:

  • Request deletion of your account and personal information
  • Note: Some information may be retained as required by law or for legitimate business purposes

Opt-Out:

  • Unsubscribe from marketing communications (opt-out links provided in emails)
  • Disable certain data collection through device settings

10.2 Additional Rights for EEA, UK, and Swiss Users (GDPR/UK GDPR)

Right to Restriction:

  • Request restriction of processing in certain circumstances

Right to Object:

  • Object to processing based on legitimate interests
  • Object to direct marketing

Right to Withdraw Consent:

  • Withdraw consent for processing at any time (does not affect prior lawful processing)

Right to Lodge a Complaint:

  • File a complaint with your local data protection authority

10.3 Additional Rights for Singapore Users (PDPA)

Right to Withdraw Consent:

  • Withdraw consent for collection, use, or disclosure of personal data

Right to Access and Correction:

  • Request access to and correction of personal data

10.4 How to Exercise Your Rights

To exercise any of these rights, please:

  • Email us at privacy@getmedhya.com
  • Use the privacy settings in your account
  • Contact our Data Protection Officer (contact details below)

We will respond to your request within the timeframe required by applicable law (typically 30 days).

11. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect and track information about your use of the App.

11.1 Types of Tracking Technologies

Essential Cookies:

  • Required for the App to function properly
  • Authentication and security
  • Session management

Analytics Cookies:

  • Help us understand how users interact with the App
  • Measure performance and improve features
  • Examples: Google Analytics, Firebase Analytics

Functionality Cookies:

  • Remember your preferences and settings
  • Personalize your experience

11.2 Managing Cookies

You can manage cookie preferences through:

  • Your device settings
  • Your browser settings
  • The App’s privacy settings

Note that disabling certain cookies may limit your ability to use some features of the App.

11.3 Do Not Track Signals

Our App does not currently respond to “Do Not Track” signals from browsers, as there is no industry standard for such signals. We will update this policy if standards develop.

12. THIRD-PARTY LINKS AND SERVICES

The App may contain links to third-party websites, services, or resources that are not operated by us. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through the App.

12.1 Third-Party Integrations

If you choose to connect third-party services (such as Apple Health or Google Fit) to the App, you authorize us to access and use information from those services as permitted by their terms of service and privacy policies.

13. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

13.1 Right to Know

  • Request disclosure of personal information collected, used, disclosed, or sold

13.2 Right to Delete

  • Request deletion of personal information we have collected

13.3 Right to Opt-Out

  • We do not sell personal information. If this changes, we will provide an opt-out mechanism

13.4 Right to Non-Discrimination

  • We will not discriminate against you for exercising your CCPA rights

13.5 Authorized Agents

  • You may designate an authorized agent to make requests on your behalf

To exercise these rights, contact us at privacy@getmedhya.com.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notification of Changes

We will notify you of material changes by:

  • Posting the updated Privacy Policy within the App
  • Sending an email notification to your registered email address
  • Displaying a prominent notice when you next access the App
  • Updating the “Last Updated” date at the top of this policy

14.2 Your Continued Use

Your continued use of the App after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the App and delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy and Data Protection Inquiries:

Email: privacy@getmedhya.comSupport Email: support@getmedhya.com

Mailing Address:

Madhu Herbals Private Limited60 Paya Lebar Road, #06-28, Paya Lebar SquareSingapore 409015

We aim to respond to all inquiries within 30 days. For urgent matters, please mark your email as “Urgent Privacy Matter.”

16. SPECIFIC DISCLOSURES FOR DIFFERENT JURISDICTIONS

16.1 For Singapore Users (PDPA Compliance)

Under Singapore’s Personal Data Protection Act (PDPA), we are committed to:

  • Obtaining your consent before collecting, using, or disclosing your personal data
  • Providing clear information about purposes of collection
  • Protecting personal data with reasonable security arrangements
  • Ensuring accuracy of personal data
  • Retaining personal data only as long as necessary
  • Providing access to and correction of personal data upon request

16.2 For European Union Users (GDPR Compliance)

Under GDPR, you have enhanced rights including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

16.3 For Australian Users (Privacy Act Compliance)

Under the Australian Privacy Act, we:

  • Collect personal information only when necessary
  • Inform you why we collect information
  • Protect information from misuse and loss
  • Allow you to access and correct your information
  • Comply with Australian Privacy Principles (APPs)

16.4 For Users in Other Jurisdictions

We strive to comply with data protection laws applicable to our users worldwide. If you have specific questions about compliance in your jurisdiction, please contact our Data Protection Officer.

BY USING THE MEDHYA AI APP, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.