Privacy Policy

1. Who we are

SurtAI ("we", "our", "us") is an AI-native creative studio producing AI video ads, brand films, and documentaries. We operate worldwide and are based in India. These Terms govern a commercial B2B engagement between SurtAI and business clients. SurtAI does not contract with individual consumers.

For all privacy-related queries, data access requests, and grievances under applicable law (including the Indian Digital Personal Data Protection Act 2023), contact our designated grievance officer:

• Email: privacy@surtaistudio.com
• Phone: (+91) 630-093-6283

We will acknowledge privacy grievances within 48 hours and resolve them within 30 days.

2. What information we collect

Information you give us directly

• Contact details — your name, email address, company name, and phone number when you reach out to start a project.
• Project brief and creative materials — brand assets, visual references, character briefs, creative requirements, timelines, and any other materials you share during scoping and production.
• Communications — emails, messages, and written approvals exchanged throughout the project lifecycle.

Payment information

All payments are processed exclusively by third-party payment gateways. We do not collect, store, or process your payment card details, UPI credentials, or banking information on our systems.

• International clients — payments processed by Stripe. Stripe's Privacy Policy governs how they handle your payment data.
• Indian clients — payments processed by Razorpay. Razorpay's Privacy Policy governs how they handle your payment data.

We receive only a payment confirmation (transaction reference, amount, and date) for our invoicing and accounting records.

Information collected automatically

Our website may collect standard server log data such as your IP address, browser type, referring URL, and pages visited. This is used solely to diagnose technical issues and understand aggregate traffic. We do not use advertising trackers or behavioural profiling tools.

3. Third-party AI production platforms

To produce your film, we use third-party AI platforms for image generation and animation as part of our production workflow. We may submit project-related creative materials — including brand descriptions, visual references, character briefs, and location direction — to these platforms during production.

We do not submit your personal contact data, company financial information, or payment details to any AI production platform.

You are responsible for ensuring that any brand materials or briefs you provide to us may be processed by third-party AI platforms in accordance with your own internal data, confidentiality, and legal compliance policies. If your organisation has restrictions on submitting brand information to external AI platforms, please notify us before the project begins so we can discuss appropriate alternatives.

Where available, we use enterprise-tier API access to production platforms, which typically provides enhanced data handling commitments. However, we cannot guarantee the data practices of third-party platforms and recommend you review their policies directly.

4. How we use your information

• To respond to your enquiry and assess project fit.
• To scope, produce, and deliver your project.
• To issue payment links and invoices.
• To communicate project updates, creative approvals, and deliverables.
• To archive project files in accordance with our retention policy.
• To comply with legal, tax, and accounting obligations.

We do not use your information for automated decision-making, behavioural profiling, or direct marketing without your explicit consent.

5. Sharing your information

We do not sell, rent, or trade your personal data. We share it only in these limited circumstances:

• Payment processors — Stripe or Razorpay, solely to process the payment you initiate.
• AI production platforms — creative project materials only, as described in Section 3 above.
• Cloud storage and delivery tools — used strictly for secure file storage and delivery of your finished film. These services receive project files, not your personal contact or payment data.
• Legal requirements — if required by law, court order, or regulatory authority in India or another applicable jurisdiction.

We maintain Data Processing Agreements (DPAs) with all sub-processors who may handle personal data of EU/UK individuals, to the extent such agreements are made available by those sub-processors.

6. Legal basis for processing

India — Digital Personal Data Protection Act 2023

Under the DPDP Act 2023, we process personal data on the following bases: (a) your consent, given when you engage us for a project; (b) legitimate use for fulfilment of a contract for services; and (c) compliance with legal obligations applicable to us as an Indian business. You have the right to withdraw consent, access your data, correct inaccuracies, and request erasure, subject to applicable legal retention requirements.

EU and UK — GDPR

For individuals located in the European Economic Area or United Kingdom, our legal bases are: Contract — processing necessary to deliver services you have engaged; Legitimate interests — maintaining records of communications and transactions; and Legal obligation — retaining financial records as required by law.

International data transfers (GDPR)

Where personal data of EU/UK individuals is transferred outside the EEA or UK — including to India-based servers or US-based AI production platforms — we rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) adopted by the European Commission, or equivalent safeguards under UK law. You may request a copy of applicable transfer mechanisms by contacting us.

United States — California (CCPA/CPRA)

SurtAI does not sell personal data. SurtAI does not share personal data for cross-context behavioural advertising. California residents engaging SurtAI as a business client may request access to or deletion of personal data held about them by contacting us at privacy@surtaistudio.com.

7. Data retention

We retain personal data and project records as follows:

• Project files (Resolve projects, all generated assets, audio stems, creative approvals) — archived for 24 months from the date of final delivery. At the end of this period, you will be notified by email and given 30 days to request a copy of your files before they are permanently deleted.
• Financial records (invoices, payment confirmations, transaction references) — retained for 7 years as required under Indian tax law and GST regulations.
• Communications (project emails and written approvals) — retained for the duration of the project and for a reasonable period thereafter in case of disputes, not exceeding 3 years.

If you request deletion of your personal data and no legal retention obligation applies, we will action the deletion within 30 days.

8. Cookies

Our website uses only functional cookies — specifically to remember your light or dark theme preference. This is a functional cookie, not a tracking or advertising cookie, and does not require consent under applicable law. You can disable cookies in your browser settings; however, this will affect your theme preference being remembered between visits. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics platforms that profile individual users.

9. Your rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your data, subject to legal retention requirements.
• Object to or restrict certain processing activities.
• Receive a copy of your data in a portable format (where technically feasible).
• Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.
• Lodge a complaint with your applicable data protection supervisory authority.

To exercise any of these rights, contact us at privacy@surtaistudio.com. We will respond within 30 days. We may ask you to verify your identity before processing the request.

10. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All payment transactions are conducted exclusively through PCI DSS-compliant gateways (Stripe and Razorpay). We do not accept, transmit, or store payment details over email, messaging applications, or telephone calls. If you receive a request purporting to be from SurtAI asking for financial information by any of these means, do not comply and contact us immediately.

11. Children's privacy

Our services are directed exclusively at business clients. We do not knowingly collect personal data from individuals under the age of 18.

12. Third-party links

Our website contains links to third-party sites including Stripe and Razorpay. We are not responsible for the privacy practices of those sites and encourage you to review their policies directly.

13. Changes to this policy

We may update this Privacy Policy from time to time, including as required by the DPDP Act 2023 rules once finalised. We will revise the "last updated" date at the top of this page. Material changes will be communicated to active clients by email with at least 14 days' notice before taking effect.

14. Contact and grievance officer

For all privacy queries, data subject requests, and grievances:

• Email: privacy@surtaistudio.com
• Phone: (+91) 630-093-6283

We will acknowledge your grievance within 48 hours and resolve it within 30 days, as required under the DPDP Act 2023.