Privacy Policy
Effective Date: January 27, 2026 Last Updated: January 27, 2026
Introduction
Medulla Labs Limited (“Medulla Labs,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://medullalabs.io or engage with our services.
This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Information We Collect
Information You Provide Directly
When you interact with our website or services, you may provide us with:
- Contact Information: Name, email address, company name
- Communication Data: Messages sent through our contact form or email
- Service Inquiry Details: Information about your project, technical requirements, and business needs
Information Collected Automatically
When you visit our website, we may automatically collect:
- Technical Data: IP address, browser type and version, operating system, device information
- Usage Data: Pages visited, time spent on pages, navigation paths, referring URLs
- Cookies and Tracking: See our Cookie Policy for details
How We Use Your Information
We use collected information for the following purposes:
Service Delivery
- Respond to inquiries and provide requested information
- Deliver services and fulfill contractual obligations
- Communicate about projects and engagements
- Provide technical support
Business Operations
- Analyze website usage to improve user experience
- Maintain security and prevent fraud
- Comply with legal obligations
- Enforce our terms and policies
Communications
- Send service-related updates and notifications
- Share relevant technical content (with your consent)
- Respond to your questions and requests
Legal Basis for Processing (GDPR)
Under GDPR, we process your data based on:
- Consent: You have explicitly consented to processing for specific purposes
- Contract: Processing is necessary to fulfill a contract with you
- Legitimate Interests: We have legitimate business interests that do not override your rights
- Legal Obligation: We must process data to comply with legal requirements
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share data with:
Service Providers
Third-party vendors who perform services on our behalf:
- Web hosting and infrastructure providers
- Email delivery services
- Analytics platforms
- Security services
These providers are contractually obligated to protect your data and use it only for specified purposes.
Legal Requirements
We may disclose information when required by law or to:
- Comply with legal processes (subpoenas, court orders)
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our terms of service
Business Transfers
In the event of a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any such change.
International Data Transfers
Medulla Labs is based in Cyprus (EU). If you access our services from outside the EU, your data may be transferred to and processed in the EU or other jurisdictions. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for countries with equivalent data protection
- Other legally recognized transfer mechanisms
Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
- Contact Form Data: Retained for up to 2 years or until you request deletion
- Service Engagement Data: Retained for the duration of engagement plus 7 years for legal/tax purposes
- Website Analytics: Aggregated data retained indefinitely; identifiable data retained for 26 months
- Marketing Communications: Until you unsubscribe or request deletion
Your Rights Under GDPR
If you are in the EU/EEA, you have the following rights:
Right to Access
Request a copy of your personal data we hold.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”)
Request deletion of your personal data in certain circumstances.
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint
File a complaint with your local data protection authority.
To exercise these rights, contact us at privacy@medullalabs.io or gdpr@medullalabs.io.
Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption: Data in transit is encrypted using TLS/SSL
- Access Controls: Limited access to personal data on a need-to-know basis
- Security Monitoring: Regular security audits and vulnerability assessments
- Incident Response: Procedures to detect, respond to, and report data breaches
Despite our efforts, no security measures are 100% effective. We cannot guarantee absolute security.
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. See our Cookie Policy for detailed information about:
- Types of cookies we use
- How to control cookies
- Third-party cookies
Third-Party Links
Our website may contain links to third-party sites. We are not responsible for the privacy practices of external websites. We encourage you to review their privacy policies.
Children’s Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on this page
- Update the “Last Updated” date
- Notify you of material changes via email or website notice (where appropriate)
Your continued use of our services after changes constitutes acceptance of the updated policy.
Contact Information
For questions, concerns, or to exercise your data rights:
Email:
- General Privacy: privacy@medullalabs.io
- GDPR Requests: gdpr@medullalabs.io
- Legal: legal@medullalabs.io
Postal Address: Medulla Labs Limited Cyprus
Data Protection Officer: For GDPR-related matters, contact gdpr@medullalabs.io
Supervisory Authority
If you are in the EU and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority. For Cyprus:
Office of the Commissioner for Personal Data Protection Website: http://www.dataprotection.gov.cy/
This Privacy Policy is effective as of January 27, 2026. We recommend reviewing this page periodically for any updates.