Privacy Policy
We respect your data. This page explains exactly what we collect, why we collect it, who we share it with, and how to make us delete it. No dark patterns, no buried clauses.
1. Who we are
"Mendly" (referred to as we, us, our) is a remote-first software-development studio focused on refactoring and scaling AI-generated codebases. For any privacy question, write to hello@mendlylabs.tech.
2. The data we collect
We collect only what we need to do our job. Specifically:
2.1 From the contact / audit form on the homepage
- Your name and email address — so we can reply.
- The repository or app link you send us — so we can audit it.
- Which AI tool you built with — to route your audit correctly.
- Your budget range and what you need — to give you a relevant quote.
- Your message — the context for everything above.
2.2 From the careers form
- Your name, email, the role you'd want, your years of experience, a link to your work, and a short note about why us.
2.3 Cookies and sign-in
- Authentication cookies — only set when an admin signs in to the dashboard. These are essential and cannot be disabled without breaking sign-in.
- Analytics cookies — only set if you accept them via the cookie banner. We use them to count anonymous page views (which articles people read, how many find us through Google). We do not track individuals across sites.
We do not use advertising cookies, tracking pixels, social-network share trackers, or any other third-party trackers.
2.4 What we don't collect
We do not ask for or store: phone numbers (unless you give us one in WhatsApp), payment-card details (we use third-party processors who handle these directly when payment is needed), passport / Aadhaar / government IDs, location data, or anything from your code repository that you don't explicitly send us.
3. Why we collect it
- To respond to you. If you fill the contact form, we use your details to reply with an audit, quote, or follow-up question.
- To deliver our services. Once you become a client, we use your code-related data to do the work you've hired us for.
- To consider you for future roles. If you submit the careers form, your information stays in our talent pool until you ask us to remove it.
- To improve the site. Anonymous analytics tell us which content works.
4. Where your data lives
All form submissions are stored in Supabase, our database provider. Supabase is a data processor on our behalf, bound by their own GDPR-aligned data processing agreement. Database servers are located in the region we configured (Asia / Singapore by default for low latency).
Email correspondence is stored in Google Workspace. Slack / Discord notifications, if enabled, are sent via webhooks to those platforms.
5. How long we keep it
- Contact-form submissions — until you ask us to delete them, or after 24 months of inactivity (whichever is sooner).
- Careers submissions — for up to 24 months unless you withdraw consent earlier.
- Client project data — for the duration of the engagement plus 12 months of warranty, then deleted.
- Analytics data — aggregated and anonymous, retained per Google Analytics's 14-month default.
6. Who we share it with
We do not sell your data. Ever. We share limited data only with:
- Service providers strictly necessary to run the site — Supabase (storage), Vercel (hosting), Google Workspace (email), and, optionally, Google Analytics, Resend (transactional email) or Slack (notifications) once we enable them.
- Authorities, only if legally compelled by a valid Indian court order or equivalent foreign legal process.
- Successors, if Mendly is ever acquired or merged — and only under equivalent privacy protections.
7. Your rights
Under India's Digital Personal Data Protection Act, 2023 and the EU's GDPR, you have the right to:
- Access — request a copy of all data we hold about you.
- Correct — ask us to update incorrect data.
- Delete — ask us to erase your data ("right to be forgotten").
- Withdraw consent — for analytics or any future optional processing.
- Portability — get your data in a machine-readable format.
- Object — to processing for direct marketing (we don't do this, but the right exists).
- Grievance redressal — under DPDPA, you can escalate unresolved complaints to the Data Protection Board of India.
To exercise any of these rights, email hello@mendlylabs.tech with the subject "Privacy request". We will respond within 7 days.
8. Cookies in detail
| Cookie | Purpose | Duration | Optional? |
|---|---|---|---|
sb-* | Supabase auth — only for admins | Session + 7 days | No (essential) |
mendly_cookie_consent | Remembers your cookie choice | 12 months | No (essential) |
_ga, _ga_* | Google Analytics — anonymous page metrics | 2 years | Yes |
9. International transfers
Some of our service providers (Supabase, Google, Vercel) may store or process data outside India. Where this happens, we rely on the providers' own GDPR-compliant data processing agreements and Standard Contractual Clauses to ensure equivalent protection.
10. Children
Our services are not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a minor has submitted information, contact us and we will delete it immediately.
11. Security
We use industry-standard measures: HTTPS everywhere, Row Level Security on every database table, strong-password authentication, and the principle of least privilege for our team. No system is 100% secure — if we ever discover a breach affecting your data, we will notify you within 72 hours per GDPR / DPDPA timelines.
12. Changes to this policy
If we materially change how we handle your data, we will update this page, change the "Last updated" date at the top, and — for active clients — email you at least 30 days before the change takes effect.
13. Contact
For anything privacy-related: hello@mendlylabs.tech
For grievances unresolved through us, under the DPDPA you may approach the Data Protection Board of India.