Privacy Policy

Last updated: April 16, 2026

Vih Buddhi ("we", "us", "our") is an AI-powered email intelligence platform operated by Vih Research Labs. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our service at buddhi.vihresearchlabs.ai.

1. Information We Collect

1.1 Account Information

• Name and email address (provided at registration)
• Password (stored only as a bcrypt hash — never in plain text)
• Account plan and creation date

1.2 Gmail Data (via OAuth)

When you connect your Gmail account, we request the following scopes from Google:

• gmail.readonly — to read your email messages
• gmail.send — to send replies you explicitly draft and approve in our interface

With these permissions, we access:

• Email subject lines, sender/recipient addresses, timestamps
• Email body content (plain text and HTML)
• Attachment metadata (filename, MIME type, size) — we do NOT download or store attachment files; they are fetched from Google only when you click to open them
• Thread IDs for conversation grouping
• Your Gmail address (to identify the connected account)

1.3 AI-Generated Classifications

Our AI agent processes each email and generates derived data including category, priority, intent, sentiment, entities (people, companies, dates, amounts), one-line summaries, and suggested actions.

1.4 Optional Information

• WhatsApp phone number (only if you enable WhatsApp notifications)
• Notification rules you configure

1.5 Technical Data

• Access logs (IP address, request timestamps) retained for security and debugging
• AI API usage metadata (tokens consumed, latency) for operational metrics

2. How We Use Your Information

• To provide the core service — syncing emails, classifying them, and rendering your dashboard
• To generate daily intelligence reports at your request
• To draft and send reply emails on your explicit instruction
• To send WhatsApp notifications when your configured rules are triggered
• To improve our service and diagnose technical issues

3. How We Store Your Data

• All data is stored on servers located in AWS infrastructure (Asia-Pacific region)
• PostgreSQL and Redis databases bind to localhost only — they are not exposed to the public internet
• OAuth tokens are stored encrypted at rest
• JWT session tokens are signed with HS256 and expire after 7 days
• All traffic is transmitted over HTTPS with TLS certificates from Let's Encrypt

4. Third-Party Services

We share data with the following third parties strictly to provide functionality:

• Google (Gmail API) — for email sync and sending. Subject to Google's Privacy Policy.
• GLM-4.7-Flash (Language Model) — email content (cleaned plain text, up to 5000 characters) is sent to our LLM provider for classification and draft generation. No personally identifying metadata beyond the email content itself is included.
• WhatsApp (via Engagenest) — only if you enable WhatsApp notifications, alert messages are sent through this third-party provider.

5. Data Retention & Deletion

• You can disconnect any email account from Settings at any time — this immediately deletes all synced emails, classifications, OAuth tokens, and attachment metadata for that account (cascade delete)
• Generated PDF reports are retained until you manually delete them
• Account deletion is available upon request to hello@vihresearchlabs.ai

6. Google API Services User Data Policy

Vih Buddhi's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We do NOT use your Gmail data for advertising
• We do NOT sell your data
• We do NOT transfer data to third parties except as necessary to provide the requested service, comply with law, or with your explicit consent
• We do NOT allow humans to read your email data, except when you give us explicit permission for specific emails, for security/debugging, or to comply with law

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Revoke Gmail access at any time via Settings or directly via Google Account permissions
• Export your data — contact us for a data export

8. Security

We implement reasonable technical and organizational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all web traffic
• Database password authentication and network isolation
• Bcrypt password hashing
• JWT-based session tokens with expiration
• Regular security updates on the hosting infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Vih Buddhi is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us to have it deleted.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be notified via email.

11. Contact

For privacy-related questions or requests, contact us at:

• Email: hello@vihresearchlabs.ai
• Website: vihresearchlabs.ai

© 2026 Vih Research Labs · Vih Buddhi · Terms of Service