MedhaOS is the Governed Enterprise AI Engine—a white-label AI operating layer that enables SaaS companies to embed semantic search, RAG (Retrieval Augmented Generation), and autonomous agents with strict governance and audit trails.

Is MedhaOS secure for regulated industries?

Yes. MedhaOS is designed for finance and legal sectors, offering strict tenant isolation, immutable JSON-based audit logs, and PII redaction to ensure data sovereignty.

Can I white-label MedhaOS?

Yes. MedhaOS is a white-label solution. You can deploy it under your own domain and branding to provide AI capabilities to your customers without building infrastructure from scratch.

LEGAL

Privacy Policy

Last updated: February 23, 2026

1. Introduction

Sastra Innovations (OPC) Private Limited ("we," "our," or "us") operates MedhaOS, a white-label integrated AI layer for web applications. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

2. Information We Collect

2.1 Tenant Information

When you onboard as a tenant, we collect:

Company or organization name
Domain name(s)
Administrator email address
Use case information
API keys (public and secret)
Tenant ID for service isolation

2.2 Chat Data

When users interact with AI chat features through your application:

Chat messages and conversations
User queries and AI responses
Session identifiers
Interaction timestamps

2.3 Document Processing Data

When documents are processed through our services:

Uploaded documents (PDFs, images)
Extracted data based on configured schemas
Document classifications
Processing metadata

2.4 Feedback and Learning Data

To improve our AI models, we may collect:

User feedback on AI responses
Training data from chat interactions
Model performance metrics

2.5 Webhook Subscriptions

If you configure webhooks, we store:

Webhook endpoint URLs
Event subscription preferences
Delivery logs and status

2.6 Technical Data

Automatically collected technical information:

IP addresses
Browser type and version
Device information
Usage patterns and analytics

3. How We Use Your Information

3.1 Service Delivery

We use collected data to:

Provide AI capabilities (chat, classification, extraction, search, summarization)
Process documents according to your configured schemas
Deliver webhook notifications
Maintain multi-tenant isolation and security

3.2 Website-Specific Learning

Your data is used to train AI models specific to your website or application, enabling the AI to learn from your domain-specific content and improve responses over time. This learning is isolated to your tenant.

3.3 Service Improvement

We analyze usage patterns and feedback to:

Improve AI model accuracy
Enhance service reliability
Develop new features
Fix bugs and security issues

4. Data Storage and Security

4.1 Multi-Tenant Isolation

All data is strictly isolated by tenant. Your data is never accessible to other tenants, and models trained on your data are tenant-specific.

4.2 Security Measures

We implement industry-standard security measures including:

Encryption in transit (HTTPS/TLS)
Encryption at rest for sensitive data
Secure API key management
Regular security audits
Access controls and authentication

4.3 Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations. You may request deletion of your data at any time, subject to our data retention policies and legal requirements.

5. Third-Party Services

MedhaOS may integrate with third-party LLM (Large Language Model) providers to deliver AI capabilities. When data is sent to these providers, it is subject to their privacy policies. We select providers that maintain high security and privacy standards.

6. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Portability: Request your data in a machine-readable format
Objection: Object to certain processing activities
Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in Section 9.

7. Cookies and Local Storage

We use cookies and browser storage for authentication, preferences, and service functionality. For detailed information, please see our Cookies Policy.

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Contact Us

For privacy-related inquiries, requests, or concerns, please contact us:

Sastra Innovations (OPC) Private Limited

Email: support@medhaos.com

Website: https://medhaos.com

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.