MedleyHR is committed to protecting the privacy of your organisation and your employees. This policy explains what data we collect, how we use it, and your rights — in plain language.
/ 01
Information We Collect
—Organisation data: company name, GST/PAN, registered address, and administrator contact details provided during account setup.
—Employee data: names, contact information, salary details, PAN, bank account numbers, leave records, and attendance — entered by your organisation's HR administrator.
—Usage data: pages visited, features used, session duration, and browser/device information collected automatically to improve the product.
—Communications: emails or messages you send us, including support requests.
/ 02
How We Use Your Information
—To provide, operate, and improve the MedleyHR platform.
—To process payroll, generate payslips, and calculate statutory deductions (PF, ESI, TDS, PT) as instructed by your organisation.
—To send transactional emails such as payslip notifications, leave approvals, and account alerts.
—To comply with applicable Indian laws, including the Income Tax Act, EPF Act, and Digital Personal Data Protection Act 2023.
—To respond to support queries and communicate product updates.
/ 03
Data Storage and Security
—Your data is stored on servers located in India. We use industry-standard 256-bit SSL/TLS encryption for data in transit and AES-256 encryption for data at rest.
—Access to your organisation's data is protected by role-based access controls. Only users you authorise can view or edit employee records.
—We conduct regular security audits and maintain backups to prevent data loss.
—We will notify you promptly in the event of a data breach affecting your organisation.
/ 04
Data Sharing
—We do not sell your data to third parties.
—We share data only with service providers necessary to operate MedleyHR (such as cloud hosting and email delivery), under strict confidentiality agreements.
—We may disclose data if required by Indian law, court order, or government authority.
—If your organisation uses integrations (such as bank payment APIs), data is shared only as required to complete those transactions.
/ 05
Data Ownership
—Your organisation owns all employee and payroll data you upload to MedleyHR. We act as a data processor on your behalf.
—You can export your data at any time from within the platform.
—On account termination, we will delete or return your data within 30 days, unless retention is required by law.
/ 06
Employee Rights
—Employees accessing MedleyHR through their employer's account may request access to their personal data held in the system.
—Corrections to personal data should be requested through your HR administrator.
—Data subject rights under the Digital Personal Data Protection Act 2023 are honoured. Contact us at hello@medleyhr.com for any such requests.
/ 07
Cookies
—MedleyHR uses essential cookies to maintain your login session and platform preferences.
—We use analytics cookies to understand how the product is used — this data is aggregated and not linked to individual users.
—You can disable non-essential cookies in your browser settings without affecting core platform functionality.
/ 08
Changes to This Policy
—We may update this Privacy Policy from time to time. We will notify account administrators of material changes by email at least 14 days before they take effect.
—Continued use of MedleyHR after the effective date of changes constitutes acceptance of the updated policy.
/ 09
Contact
—For privacy-related queries, data requests, or concerns, contact us at: hello@medleyhr.com
—MedleyHR is operated by Codonsoft Technologies. Registered address available on request.
We use cookies to understand how visitors use MedleyHR.com — page views, feature interest, and drop-off points. No personal data is sold. Privacy policy