Privacy Policy
How Medha collects, uses, and protects your data
Last updated: April 2026
We respect your privacy. Medha uses minimal data collection — no tracking cookies, no advertising, and conversation logs are automatically deleted after 7 days.
Overview
This Privacy Policy explains how Medha ("we", "us", "our") collects, uses, stores, and protects your information when you use our Vedic Knowledge Assistant at aryasamaj.ai. We are committed to protecting your privacy and being transparent about the data we process.
Information We Collect
We collect the following types of information when you use Medha:
a) Conversation Data
- Your questions and Medha's responses are temporarily logged for quality improvement.
- Conversation logs are automatically deleted after 7 days.
- We store up to 2,000 characters of each question and response.
- A randomly generated session ID is used to group conversations — this is not linked to your identity.
b) Voice Input
- If you use voice input, audio is sent to Azure Whisper for transcription.
- Audio is processed transiently and is not stored permanently by Medha.
- Only the transcribed text is retained (subject to the same 7-day conversation log policy).
c) Feedback
- When you rate a response (thumbs up/down) or submit feedback, we store your rating, the question, the response, and any comments you provide.
- Feedback is stored indefinitely to help us improve Medha's accuracy.
- Negative feedback may be used to improve future responses.
d) Technical Data
- Your IP address is collected solely for rate limiting (to prevent abuse) and is automatically deleted after 2 days.
- We do not use tracking cookies, analytics cookies, or advertising cookies.
- Authentication cookies (for admin access only) are HttpOnly, Secure, and SameSite=Strict.
How We Use Your Information
- To provide and improve the Medha service — your questions are used to generate AI responses.
- To monitor service quality — aggregate, anonymised conversation statistics help us understand usage patterns.
- To prevent abuse — IP-based rate limiting protects the service from excessive use.
- To improve accuracy — feedback ratings help us identify and fix incorrect responses.
Third-Party Services
To provide the Medha service, your data is processed by the following third-party services:
a) Azure OpenAI (Microsoft)
- Your questions and conversation context are sent to Azure OpenAI to generate responses.
- Audio (if voice input is used) is sent to Azure Whisper for transcription.
- Microsoft's data processing terms apply. Data is processed in accordance with Microsoft's Azure OpenAI Service terms.
b) Pinecone
- Your questions are converted to mathematical vectors (embeddings) and compared against our knowledge base stored in Pinecone.
- Pinecone stores only the Vedic text corpus — not your personal data or questions.
Data Retention
We retain your data for the minimum period necessary:
- Conversation logs: automatically deleted after 7 days.
- Rate limit records (IP addresses): automatically deleted after 2 days.
- Feedback: retained indefinitely for service improvement. You may request deletion by contacting us.
- Authentication cookies: admin cookies expire after 24 hours; tester cookies after 7 days.
Cookies
Medha uses a minimal number of cookies, none of which are used for tracking or advertising:
Cookies We Use
- medha_auth — Admin authentication (24-hour expiry, HttpOnly, Secure, SameSite=Strict). Only set when an administrator logs in.
- medha_tester — Tester authentication (7-day expiry, HttpOnly, Secure, SameSite=Strict). Only set for authorised testers.
- No tracking, analytics, or advertising cookies are used.
- No third-party cookies are set.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
a) Under GDPR (European Union)
- Right of access — request a copy of data we hold about you.
- Right to erasure — request deletion of your data.
- Right to rectification — request correction of inaccurate data.
- Right to restriction — request we limit processing of your data.
- Right to data portability — receive your data in a structured format.
- Right to object — object to processing of your data.
b) Under CCPA (California, USA)
- Right to know — what personal information is collected and how it is used.
- Right to delete — request deletion of your personal information.
- Right to opt-out — we do not sell personal information.
- Right to non-discrimination — we will not discriminate against you for exercising your rights.
c) Under Indian Data Protection Law
- Right to access and correct your personal data.
- Right to withdraw consent for data processing.
- Right to file a complaint with the Data Protection Board of India.
Children's Privacy
Medha is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information. Users between 13 and 18 years of age should use Medha only with the involvement of a parent or guardian.
Data Security
We take reasonable measures to protect your data:
- All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
- Database connections use SSL/TLS encryption.
- Authentication cookies are HttpOnly, Secure, and SameSite=Strict to prevent cross-site attacks.
- Conversation data is automatically purged after 7 days.
- Access to administrative functions is restricted by authentication.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page. Your continued use of Medha after changes are posted constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us at:
contact@aryasamaj.ai