Privacy Policy

Sureelo (“we”, “us”, “our”) is an AI-powered Hindi song generation service operated from India. Contact: support@sureelo.com. Detailed registered address on request — see /contact.

We only collect what we need to run the product:

• Account info — name, email (and optionally a profile picture if you sign in with Google). No phone number is required unless you opt in to WhatsApp support.
• Songs you create — your prompts, generated lyrics, cover art, audio files, and credit balance. These are linked to your account so you can revisit them.
• Payment info — handled entirely by Razorpay. We see the Razorpay transaction ID and amount, but never the card number, CVV, or UPI PIN.
• Usage logs — basic technical logs (IP address, browser, timestamps) needed for security, fraud prevention, and debugging.
• Cookies — session cookies for login. We do not use third-party advertising cookies.

• No biometric data (voice samples not stored).
• No location data beyond country-level IP geolocation.
• No third-party advertising profiles.
• No data from minors under 13 (account creation blocked).

• To generate, save, and let you replay your songs.
• To process payments and apply credits.
• To send transactional emails (signup confirmation, receipts, failed-generation notices).
• To monitor abuse (spam, fraudulent payments, policy violations) and improve quality.
• For aggregated, non-identifying analytics (e.g., “most popular festivals”).

We do not use your prompts or songs to train AI models without your explicit consent.

• Razorpay — payment processing. Their privacy policy governs payment data.
• WaveSpeed (ACE-Step model) — receives your prompt and lyrics to generate music.
• DeepSeek — receives your prompt to generate lyrics.
• Google OAuth — if you sign in with Google.
• Neon Postgres — database hosting (data stored in nearest available region).
• Vercel — app hosting + CDN.

You can, at any time, request:

• Access — a copy of all data we hold on you.
• Correction — fix wrong account info.
• Deletion — delete your account and all associated data within 30 days (songs you have publicly shared via direct link may persist for 7 days more).
• Withdrawal — revoke consent to processing (note: this disables your account).
• Grievance — file a complaint via grievance@sureelo.com. We respond within 30 days as required by DPDP Act.

We retain your data while your account is active. Inactive accounts (no login in 18 months) are notified and then archived; data is deleted from active systems 24 months after the last login unless you reactivate.

Financial records (Razorpay transaction logs) are retained for 7 years as required by Indian tax law.

Passwords are bcrypt-hashed. Communication is over HTTPS with TLS 1.2+. Database is encrypted at rest. We will notify affected users within 72 hours of a confirmed data breach as required by DPDP Act 2023.

Sureelo is built for an Indian audience and operates from India. If you access from outside India, you consent to your data being processed in India and subject to Indian law.

We'll update this page if our practices change. Material changes will be emailed to registered users at least 14 days before they take effect.