How we collect, use, and protect your personal data at AILS and MyMedha.
Last Updated: June 28, 2026
1. Introduction
This Privacy Policy ("Policy") describes how Attitude & Intelligence Learning Systems ("AILS"), including its subsidiaries, and its digital platform MyMedha (accessible at mymedha.org), (collectively "AILS," "MyMedha," "we," "our," or "us") collect, use, transfer, store, and disclose your information.
This Policy is published in compliance with:
- The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- The Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025
- Any other applicable data protection legislation in India
"Personal Data" is information that identifies you as an individual or relates to an identifiable individual. This Policy applies to Personal Data collected and used in connection with:
- The MyMedha web platform and any associated mobile applications ("Platform")
- Websites operated by AILS from which you are accessing this Policy ("Site")
- Software platforms and applications made available from time to time ("Applications")
- AILS social media pages ("Social Media Pages")
- HTML-formatted email messages that link to this Policy
- SMS, WhatsApp, and other electronic communications we send to you
- Offline business interactions, including in-person discussions and telephone conversations
Collectively, we refer to all the above as the "Services."
2. About AILS and MyMedha
AILS specialises in assessment, design and implementation of organisation structure, people strength and potential assessment, capability development, talent search, career counselling, executive coaching, and mentoring to students and professionals at universities/institutes as well as in individual capacity.
MyMedha is AILS's digital platform that provides:
- Career and developmental assessments (including the Chaitanya Strengths Assessment, Sparsh, and others)
- AI-assisted career development insights generated from assessment responses
- Personalised PDF reports containing behavioural analysis and career guidance
- University and institutional dashboards for cohort-level assessment management
- Student dashboards for accessing assessment results and career development resources
The process of rendering the above services involves the collection, processing, and use of your Personal Data.
3. Personal Data We Collect
A. Data Collected Directly from You
| Category | Examples |
|---|---|
| Identity Data | Full name, date of birth, gender |
| Contact Data | Email address, mobile phone number, postal address |
| Educational Data | College/university name, program, class/semester, year of passing |
| Account Data | Username, password (stored in hashed form only) |
| Assessment Data | Your responses to assessment questions (e.g., Chaitanya Strengths Assessment, Sparsh, or other assessments) |
| Professional Data | Resume information, qualifications, employment history, skills (where applicable) |
B. Data We Generate About You
| Category | Description |
|---|---|
| Assessment Scores | Calculated scores, ratings, or metrics derived from your responses to the specific assessment completed (e.g., strength dimensions, domain scores, cluster scores, or developmental indicators) |
| AI-Generated Insights | Personalised career development narratives, executive summaries, leadership potential assessments, and development recommendations generated by artificial intelligence based on your assessment scores (where applicable to the specific assessment) |
| Behavioural Profile | Categorizations, classifications, strength/readiness tiers, or performance levels based on assessment results |
| PDF Reports | Compiled reports combining your scores, AI insights, and master interpretation data |
C. Data Collected Automatically
| Category | Examples |
|---|---|
| Device Data | Browser type, operating system, IP address, device identifiers |
| Usage Data | Pages visited, time spent, navigation patterns, assessment completion status |
| Cookies & Tracking | Session cookies for authentication; see Section 12 for details |
Important Note on Assessment Data: The assessments hosted on the Platform (including the Chaitanya Strengths Assessment, Sparsh, and others) collect behavioural, cognitive, developmental, and psychological response data. While this data is used exclusively for career guidance and personal development purposes, we recognise its sensitive nature and apply enhanced security measures to its storage and processing.
4. How We Use Your Personal Data
We use your Personal Data for the following legitimate purposes:
- Providing Assessment Services — Administering assessments, calculating scores, and generating personalised career development reports
- AI-Assisted Analysis — Processing your anonymised assessment scores through artificial intelligence systems to generate personalised career insights and recommendations
- University/Institutional Services — Sharing your assessment results with your enrolled university or institution (only with your consent)
- Account Management — Creating and managing your MyMedha account, authenticating your identity, and communicating with you about your account
- Communication — Sending transactional emails (password resets, assessment notifications, report availability)
- Platform Improvement — Analysing usage patterns to improve our services, fix bugs, and enhance user experience
- Legal Compliance — Complying with applicable laws, regulations, and legal processes
- Security — Detecting, preventing, and responding to fraud, abuse, and security incidents
We do not use your Personal Data for:
- Targeted advertising
- Behavioural monitoring or tracking of minors
- Sale to third parties
- Any purpose other than those described above
5. AI Processing Disclosure
What AI Does
When you complete an assessment on MyMedha, your anonymised scores (not your name, email, or other personal identifiers) are sent to an AI system (currently OpenAI) to generate:
- Dashboard Interpretation
- Executive Summary
- Future Leadership Potential analysis
- Final Reflection and Path Forward recommendations
What AI Does NOT Receive
The AI system does not receive your name, email address, phone number, date of birth, or any other personally identifiable information. It only receives numerical scores and strength classifications.
Data Processing Location
AI processing is performed on servers located in the United States. Only anonymised, non-identifiable score data is transmitted. The AI-generated text is returned to our Indian servers and stored alongside your assessment record.
Human Review
AI-generated insights are advisory in nature and do not constitute professional career counselling or psychological assessment. You have the right to request human review of any AI-generated content in your report by contacting us at info@mymedha.org.
6. Consent
How We Obtain Consent
We obtain your explicit, informed consent before collecting and processing your Personal Data:
- At Registration: You must actively agree to this Privacy Policy via a consent checkbox before creating your MyMedha account. Pre-checked boxes are not used.
- Before Assessments: Before starting any assessment, you will be presented with a clear notice explaining what behavioural data will be collected, how AI will analyse your responses, how your report will be generated and stored, and who will have access to your results.
- For Institutional Sharing: If your assessment results are to be shared with a university or institution, separate consent will be obtained.
Withdrawal of Consent
You may withdraw your consent at any time by:
- Contacting us at privacy@mymedha.org
- Using the data deletion mechanism described in Section 9
- Contacting our Grievance Officer (see Section 14)
Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. However, upon withdrawal, we will cease processing your Personal Data and delete it in accordance with our retention policy.
7. Disclosure of Personal Data
We may share your Personal Data with the following categories of recipients:
A. Universities and Institutions
If you are enrolled through a university or institutional cohort, your assessment results and reports may be shared with authorised administrators at that institution. This sharing is disclosed to you at the time of enrolment and requires your consent.
B. Service Providers (Data Processors)
We use the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Server Location |
|---|---|---|---|
| Supabase | Database hosting | All platform data | Mumbai, India (AWS ap-south-1) |
| OpenAI | AI insight generation | Anonymised scores only (no PII) | United States |
| Resend | Transactional email delivery | Name, email address | United States |
| Sentry | Application monitoring and error tracking | Anonymised crash logs (PII scrubbed) | European Union (EU) |
| Vercel | Web application hosting | Request/response data | Configurable region |
We maintain Data Processing Agreements with our service providers to ensure they handle your data in accordance with this Policy and applicable law.
C. Legal and Regulatory
We may disclose your Personal Data if required by law, court order, or government authority, or to protect the rights, property, or safety of AILS, our users, or the public.
D. Business Transfers
In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred. You will be notified of any such change.
We do not sell your Personal Data to any third party.
8. Data Storage and Security
Storage Location
All Personal Data collected through MyMedha is stored on servers located in Mumbai, India (AWS ap-south-1 region) via our database provider, Supabase.
Security Measures
We implement reasonable technical and organisational measures to protect your Personal Data, including:
- Encryption in transit using TLS/SSL for all data transmissions
- Encryption at rest for database storage
- Password hashing using industry-standard algorithms (passwords are never stored in plain text)
- Access controls limiting data access to authorised personnel only
- Regular security reviews of our platform and infrastructure
No data transmission or storage system can be guaranteed to be 100% secure. If you believe your account has been compromised, please contact us immediately at info@mymedha.org.
9. Data Retention and Deletion
Retention Period
We retain your Personal Data for the shorter of:
- 3 years from the date of your last interaction with the Platform, OR
- Until you request deletion of your data
After the applicable retention period, your Personal Data (including assessment answers, scores, AI-generated insights, and reports) will be securely deleted or anonymised.
Exceptions
We may retain certain data beyond the retention period where:
- Required by applicable law (e.g., tax, accounting, or regulatory requirements)
- Necessary for the establishment, exercise, or defence of legal claims
- Needed to comply with a legal preservation order
Requesting Deletion
You may request deletion of your data at any time by:
- Emailing info@mymedha.org with the subject line "Data Deletion Request"
- Contacting our Grievance Officer (see Section 14)
We will process deletion requests within 30 days of receipt and confirm completion to you via email.
10. Your Rights as a Data Principal
Under Indian law, you have the following rights regarding your Personal Data:
| Right | Description |
|---|---|
| Right to Access | You may request a summary of the Personal Data we hold about you and how it is being processed |
| Right to Correction | You may request correction of any inaccurate or incomplete Personal Data |
| Right to Erasure | You may request deletion of your Personal Data, subject to the retention exceptions above |
| Right to Data Portability | You may request a copy of your Personal Data in a machine-readable format (JSON or CSV) |
| Right to Withdraw Consent | You may withdraw your consent at any time |
| Right to Grievance Redressal | You may lodge a complaint with our Grievance Officer or with the Data Protection Board of India |
| Right to Nominate | You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity |
To exercise any of these rights, contact us at info@mymedha.org or reach out to our Grievance Officer.
11. Data Breach Notification
In the event of a personal data breach that is likely to affect your rights and interests:
- We will notify the Data Protection Board of India within 72 hours of becoming aware of the breach
- We will notify each affected Data Principal (you) promptly, providing:
- The nature of the breach
- The categories of data affected
- The likely consequences
- The measures taken or proposed to address the breach
- We will document all breaches internally, including their effects and the remedial action taken
12. Cookies and Tracking Technologies
MyMedha uses the following cookies and similar technologies:
| Type | Purpose | Duration |
|---|---|---|
| Session Cookies | Authentication and maintaining your login state | Duration of browser session |
| Security Cookies | CSRF protection and preventing unauthorised access | Duration of browser session |
We do not use third-party advertising cookies or cross-site tracking technologies.
If we introduce analytics tools in the future, this section will be updated and a cookie consent mechanism will be implemented.
13. Children and Minors
In accordance with the Digital Personal Data Protection Act, 2023, a "child" is defined as an individual under the age of 18 years.
- MyMedha's services are primarily designed for college and university students, some of whom may be under 18.
- For users under 18, we require verifiable parental or guardian consent before collecting or processing their Personal Data.
- We do not engage in behavioural monitoring, tracking, or targeted advertising directed at children.
- If we become aware that we have collected Personal Data from a child without verifiable parental consent, we will take steps to delete that data promptly.
14. Grievance Officer
In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, we have appointed the following Grievance Officer:
Name: Mr. Priyaranjan Kumar
Designation: Founder & CEO, AILS
Email: info@mymedha.org
Address: #1504, Vatsal, Piramal Vaikunth, Balkum, Thane – 400607, Mumbai, India
The Grievance Officer shall address all complaints, concerns, and requests relating to your Personal Data within 30 days of receipt.
If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate your complaint to the Data Protection Board of India.
15. International Transfer of Personal Data
Your Personal Data is primarily stored on servers located in India (Mumbai, AWS ap-south-1 region).
Certain processing activities involve the transfer of limited data outside India:
- AI Processing (OpenAI): Anonymised assessment scores (no personally identifiable information) are processed on servers in the United States to generate career insights.
- Email Delivery (Resend): Your name and email address are processed by Resend (US-based) for transactional email delivery.
- Application Monitoring (Sentry): Anonymised crash and performance data (with strictly enforced PII scrubbing and no Session Replay) is processed and stored on servers located within the European Union (EU).
Under the Digital Personal Data Protection Act, 2023, cross-border transfer of personal data is permitted to countries not specifically restricted by the Central Government. As of the date of this Policy, no country has been placed on the restricted list.
We ensure that any international transfers are accompanied by appropriate contractual protections and that the transferred data is limited to the minimum necessary for the specific processing purpose.
16. Updates to This Policy
AILS reviews its privacy practices periodically. Any changes to this Policy will become effective upon posting of the revised Policy on the MyMedha Platform.
We will notify you of material changes via:
- A prominent notice on the Platform
- Email notification to registered users (for significant changes)
You can determine when this Policy was last revised by checking the "Last Updated" date at the top.
17. Contacting Us
AILS is the entity responsible for the collection, use, and disclosure of your Personal Data under this Policy.
Registered Address:
Attitude & Intelligence Learning Systems (AILS)
#1504, Vatsal, Piramal Vaikunth, Balkum, Thane – 400607
Mumbai, India
Email: info@mymedha.org
Website: https://mymedha.org
Copyright © Attitude & Intelligence Learning Systems (AILS), 2025–2026. All rights reserved.