Privacy Policy

Definitions

To make this policy clear and easy to understand, the following terms have specific meanings throughout this document:

• "Maedo," "we," "us," or "our" refers to Maedo, a company incorporated in India, operating the platform at maedo.in.
• "Service" means the Maedo SaaS platform, including AI-powered chatbots, messaging automation, engagement tools, and analytics features.
• "Website" means the publicly accessible website at maedo.in.
• "Customer" means the business or individual who has purchased or is using the Service.
• "User" means an individual accessing or using the Service on behalf of a Customer (e.g., an employee or team member of the Customer).
• "End-User" means an individual who interacts with a bot or automated workflow built and deployed by a Customer using our Service.
• "Customer Bot" means any chatbot, automated messaging workflow, or AI agent built by a Customer using Maedo and deployed to interact with End-Users.
• "Conversation Data" means the content of messages sent by an End-User to a Customer Bot, and the responses generated by that Customer Bot.
• "Usage Data" means data about how Customers and Users interact with the Service (e.g., features accessed, session activity), excluding Conversation Data.
• "Personal Data" means any information that identifies or could reasonably be associated with a specific individual.
• "Visitor" means any individual browsing the Maedo Website without being logged into the Service.

Introduction

Maedo is an AI-powered platform that enables businesses to build and deploy chatbots, automate customer engagement, and access analytics. We are committed to protecting the privacy of everyone who interacts with us — whether as a Visitor, a Customer, a User, or an End-User of a Customer Bot.

This Privacy Policy explains what Personal Data we collect, why we collect it, how we use and protect it, and what rights you have over it.

This policy applies to:

• Our Website at maedo.in
• Our SaaS platform and all its features
• Personal Data processed on behalf of Customers relating to their End-Users

By using the Website or the Service, you acknowledge that you have read and understood this Privacy Policy.

Contact us at any time: hello@maedo.in

1. Personal Data We Collect

1.1 From Customers and Users (via the Service)

When you register and use Maedo, we collect:

• Account information: Full name, email address, and password (stored encrypted)
• Business details: Company name and contact information provided during onboarding
• Billing information: Payment details processed securely through Dodo Payments — we do not store raw card or bank data ourselves
• Content you create: Bot scripts, conversation flows, automation configurations, message templates, and any files or documents you upload to the platform
• Support communications: Messages and attachments you send when contacting our support team (handled via our own in-house support tool)
• Usage Data: IP address, browser type, operating system, device identifiers, features accessed, pages visited within the platform, session duration, and timestamps

1.2 From End-Users (processed on behalf of Customers)

When an End-User interacts with a Customer Bot deployed through Maedo, we may process the following data solely to deliver the Service to our Customer:

• Conversation Data: The content of messages exchanged between the End-User and the Customer Bot
• Device and session information: IP address, browser type, operating system, language, and session timestamps
• Geographic data: Country and city derived from IP address

We do not use Conversation Data or any End-User Personal Data for any purpose other than delivering the Service to the Customer. This includes analytics, product improvement, algorithm development, and AI model training.

Maedo processes End-User data as a Data Processor, strictly under the instructions of the Customer who is the Data Controller for that data.

1.3 From Visitors (via the Website)

When a Visitor fills out a contact or inquiry form on our Website, we collect:

• Full name, email address, and any other information voluntarily provided

When a Visitor browses the Website, we automatically collect basic server log data:

• IP address, browser type, operating system, pages visited, and timestamps

We do not currently use any third-party analytics, advertising, or tracking tools on our Website.

2. How We Use Personal Data

We use the Personal Data we collect for the following purposes:

3. Legal Basis for Processing

We process Personal Data under the following legal bases, as applicable under India's Digital Personal Data Protection Act, 2023 (DPDP Act), the GDPR (for EEA/UK users), and other applicable laws:

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of any processing carried out before withdrawal.

4. AI & Data Processing

Maedo's core features are powered by AI. Here is exactly how your data interacts with our AI infrastructure.

4.1 AI Providers We Use

Maedo uses the following AI providers to power its features:

• OpenRouter — A unified AI model gateway that routes requests to various large language models (LLMs) depending on your configuration. When AI features are used, conversation inputs may be transmitted to OpenRouter to generate responses.
• Sarvam AI — An Indian AI provider offering language models optimized for Indian languages. Conversation inputs may be transmitted to Sarvam AI when Indian-language processing is required.

4.2 Our Commitments on AI and Your Data

• We do not train on your data. We do not use Customer content, User-uploaded configurations, or Conversation Data to train, fine-tune, or improve any AI model — our own or any third party's.
• Conversation Data is used only to generate responses. It is not stored by AI providers for training purposes.
• Your data is isolated. Your data is logically separated from other Customers' data. No cross-Customer data access occurs through our platform.
• Bring Your Own Key (BYOK). If you connect your own AI provider API keys, data processing for those requests is governed by the policies of the respective AI provider, not Maedo.
• Minimization. We transmit only the minimum data necessary to the AI provider to generate a response.

4.3 Automated Processing

Maedo enables Customers to build automated workflows that respond to or route End-Users based on rules and AI outputs. Maedo does not make automated decisions with legal or significant effects on End-Users on its own behalf. Where such automated decisions occur within a Customer's deployment, the Customer is responsible for appropriate disclosures and human oversight as required by law.

5. Data Storage, Retention & Security

5.1 Infrastructure

Maedo's platform is hosted on cloud infrastructure that may include Amazon Web Services (AWS), Google Cloud Platform (GCP), and/or Microsoft Azure. These providers maintain industry-standard physical, technical, and administrative security controls.

5.2 Security Measures

We implement the following to protect your data:

• Encryption of data in transit (TLS) and at rest (AES-256 or equivalent)
• Role-based access controls ensuring only authorized personnel can access Personal Data
• Confidentiality obligations for all employees and contractors who handle Personal Data
• Incident detection and response procedures

No method of internet transmission is 100% secure. While we use commercially reasonable safeguards, we cannot guarantee absolute security.

5.3 Retention

We retain Personal Data only for as long as necessary to:

• Maintain your active account and deliver the Service
• Comply with legal obligations (e.g., tax and accounting requirements)
• Resolve disputes and enforce our agreements

Upon account termination or deletion, we will delete or anonymize your Personal Data within 90 days, unless a longer period is required by law. Conversation Data and End-User data processed on behalf of Customers will be retained in accordance with the applicable Data Processing Agreement.

6. International Data Transfers

Maedo is incorporated in India. Our cloud hosting providers (AWS, GCP, and/or Azure) may process or store data in servers located in India or other countries, including the United States.

When data is transferred outside India, we take steps to ensure adequate protection, including relying on appropriate contractual safeguards. For EEA and UK users, transfers outside the EEA/UK are conducted in accordance with applicable data protection law, including through Standard Contractual Clauses (SCCs) where required.

7. Cookies

Maedo uses only essential cookies on the Website and Service — cookies that are strictly necessary for the platform to function, such as session management and authentication.

We do not currently use analytics, advertising, tracking, or preference cookies.

You can manage cookie settings through your browser. Disabling essential cookies may affect your ability to use the Service.

8. How We Share Personal Data

We do not sell, rent, or trade your Personal Data. We share it only in the following circumstances:

9. Your Privacy Rights

9.1 Rights Under India's DPDP Act, 2023

As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the right to:

• Access a summary of your Personal Data being processed and how it is being used
• Correction and erasure of inaccurate, incomplete, or outdated Personal Data
• Grievance redressal through our Grievance Officer (see Section 12)
• Nomination of another person to exercise your rights on your behalf in the event of death or incapacity

9.2 Rights Under the GDPR (EEA and UK Users)

If you are in the European Economic Area or United Kingdom, you have the right to:

• Access copies of your Personal Data
• Rectification of inaccurate or incomplete data
• Erasure of your Personal Data, under certain conditions
• Restriction of processing, under certain conditions
• Data portability in a structured, machine-readable format
• Object to processing based on legitimate interests or for direct marketing
• Withdraw consent at any time where processing is consent-based
• Lodge a complaint with your local data protection supervisory authority

9.3 Rights Under the CCPA (California Residents)

If you are a California resident, you have the right to:

• Know what Personal Data we collect and how we use it
• Delete Personal Data we hold about you
• Non-discrimination for exercising your CCPA rights

Note: We do not sell Personal Data.

9.4 Rights Regarding End-User Data

If you are an End-User who interacted with a Customer Bot and wish to exercise rights over your Personal Data, you must contact the Customer (the business whose bot you used) directly. Maedo processes End-User data under Customer instructions and is not authorized to release or modify this data independently.

When we receive End-User requests, we forward them to the relevant Customer and cooperate in responding.

9.5 How to Exercise Your Rights

Contact us at hello@maedo.in. We may verify your identity before processing your request and will respond within 30 days.

10. Marketing Communications

We send marketing emails and push notifications only where you have opted in or where permitted by applicable law.

To opt out at any time:

• Click "Unsubscribe" in any marketing email
• Adjust notification preferences in your Account Settings
• Email us at hello@maedo.in

Opting out of marketing will not affect transactional or service-related communications.

11. Customers as Data Controllers: Your Responsibilities

If you are a Customer using Maedo to process your End-Users' Personal Data, you acknowledge that:

• You are the Data Controller for End-User data. Maedo is your Data Processor.
• You are responsible for having a valid legal basis for collecting and processing End-User data.
• You must provide your End-Users with adequate privacy notices, including that Maedo powers your bot infrastructure.
• You must not use Maedo to collect sensitive Personal Data (e.g., health, financial, biometric, or religious data) without appropriate legal safeguards and consents.
• A Data Processing Agreement (DPA) governs the data processing relationship between Maedo and Customers. Contact hello@maedo.in to request one.

12. Grievance Officer (India — DPDP Act, 2023)

In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000:

Unresolved grievances may be escalated to the Data Protection Board of India once it becomes operational.

13. Children's Privacy

The Maedo Service and Website are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from minors.

If you believe a minor has provided us with Personal Data, please contact hello@maedo.in immediately and we will promptly delete it.

If you are a Customer whose product serves minors, you are solely responsible for obtaining all necessary parental consents and complying with applicable laws.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify Customers by email or via an in-platform notice at least 14 days before changes take effect

Continued use of the Website or Service after the effective date constitutes acceptance of the updated policy.

15. Contact Us

Schedule 1 — Subprocessors

These are the only third-party providers that process Personal Data on Maedo's behalf:

We do not use any third-party analytics, advertising, CRM, or tracking tools at this time. This list will be updated as our subprocessors change. Customers may contact hello@maedo.in to be notified of subprocessor changes.

Schedule 2 — Data Processing Agreement (DPA)

Customers who process Personal Data of their End-Users using Maedo may require a Data Processing Agreement to fulfill their legal obligations as Data Controllers.

To request a DPA, contact: hello@maedo.in

The DPA will cover the nature and purpose of processing, data types, security measures, subprocessor management, and both parties' obligations under applicable law.