Privacy Policy

How we handle your data.

Last updated: 2026-05-06. Effective for usemedulla.ai and the Medulla AI product.

1. Who we are

Medulla AI (\"we\", \"us\", \"our\") is operated by MEDULLA AI (OPC) PRIVATE LIMITED, registered in Pune, Maharashtra, India. Reach the Data Protection Officer at dpo@usemedulla.ai.

2. What data we collect

  • Account data: name, email, company, role.
  • Authorized email content: the contents of Gmail/Outlook mailboxes you connect, processed for triage and filing.
  • Authorized document content: documents you upload or that arrive in connected mailboxes.
  • Compliance and finance data: entries you create or that we derive from your authorized sources.
  • Usage analytics: page views, feature usage, error reports - anonymized in aggregate, not sold.

3. How we use it

Solely to provide the Medulla AI product:

  • Run inbox triage, document filing, compliance tracking, finance watching, and the daily summary.
  • Send you product updates, security notifications, and billing communications.
  • Improve the product through aggregated, anonymized usage analytics.

We do not sell your data. We do not train third-party models on your private content. We do not target you with advertising.

4. Where it lives

Your data is stored in AWS Asia Pacific (Mumbai), ap-south-1, for India customers. International customers: data residency matches their geography. Encrypted at rest and in transit.

5. Sub-processors

We use AWS (infra), Anthropic (LLM inference), and NVIDIA NeMo Guardrails (safety). See the Compliance page for the current list. We notify 30 days in advance of any addition.

6. Your rights

Under India DPDP and applicable laws:

  • Access: request a copy of all data we hold about you.
  • Correction: have inaccurate data corrected.
  • Erasure: request deletion of your account and all associated data.
  • Portability: full export in standard formats.
  • Withdraw consent: at any time, with effect from then on.

Email privacy@usemedulla.ai. We respond within 30 days.

7. Retention

Customer data is retained for the lifetime of the account plus a 30-day grace period after cancellation. Backups are purged within 90 days. Audit logs are retained for 12 months for security purposes.

8. Cookies

We use a minimal set of cookies for session management and anonymized analytics. The cookie banner gives you a clear accept/reject choice on first visit. No tracking cookies, no third-party advertising cookies.

9. Changes

We will notify customers of material changes by email at least 30 days before they take effect.

10. Contact

Questions? Email privacy@usemedulla.ai.