Legal · Marketing Site
Privacy Policy
Effective 2026-05-10 · Sureel AI (a brand of Sureel Ventures LLC)
What this policy covers
This policy describes how Sureel AI — a brand of Sureel Ventures LLC (“Sureel,” “we,” or “us”) — handles information collected through this website at sureelai.com, including the AI Audit and Build-yours intake flows. It does not govern data handling under any signed consulting engagement, NDA, or master services agreement — those relationships are governed by their own terms.
What we collect
- Inquiry-form submissions. When you fill out the AI Audit or Build-yours intake, we receive your name, email, company name, and the project description you provide. This data is emailed to Sureel's response team. We also pass relevant fields to the Anthropic Claude API to help draft a tailored response — see the “Third-party processors” section below for details.
- Direct email. If you email hello@sureelai.com directly, we receive whatever you choose to send.
- Vercel Analytics.We use Vercel's built-in analytics, which records cookieless page-view counts, geographic region (country-level), referrer, and approximate device class. No cross-site tracking, no third-party advertising cookies.
- Server access logs. Our host (Vercel) records standard request metadata for every page view — IP address, user-agent, requested URL, timestamp, HTTP status — for diagnostics and abuse prevention.
How we use it
- To respond to your inquiry and evaluate engagement fit.
- To generate a tailored proposal draft (via the Anthropic Claude API) so we can reply faster and with more substance.
- To operate and secure the site (access logs, abuse prevention).
- To understand aggregate visitor patterns (Vercel Analytics — no individual visitor profiles).
We don't sell, rent, or share your information with anyone outside the third-party processors named below.
Sub-processors
We rely on the following third-party service providers (“sub-processors”) to deliver Sureel AI services. Each one has a published security attestation, and we maintain a Data Processing Agreement (DPA) where applicable.
| Sub-processor | Service | Location | Attestation |
|---|---|---|---|
| Anthropic PBC | AI inference (Claude API) | USA | SOC 2 Type II |
| Vercel Inc. | Hosting + CDN + analytics | USA | SOC 2 Type II |
| Microsoft 365 | Inbound + business email | USA | SOC 1/2/3, ISO 27001 |
| Resend Inc. | Transactional outbound email | USA | SOC 2 Type II |
| Cloudflare / GoDaddy | DNS | USA | SOC 2 Type II |
Specific notes:
- Anthropic.When you submit the AI Audit or Build-yours intake, the relevant fields (your project description + a structured prompt) are sent to Anthropic's API. Per their published terms, API inputs are not used to train their models and are subject to a 30-day operational retention window before deletion. See anthropic.com/legal/privacy.
- Vercel. See vercel.com/legal/privacy-policy.
We notify clients of any new sub-processor with access to client data at least 30 days before the change takes effect, per standard DPA terms.
How long we keep it
Inquiry submissions and email correspondence are retained in our email and CRM systems for as long as an active or recent prospect/customer relationship justifies, then archived or deleted per our internal retention schedule. Vercel Analytics + access logs follow Vercel's default retention windows. Anthropic-side data is governed by their 30-day operational retention window.
Engagement data (consulting clients)
For active consulting engagements, all client data, source materials, code, and deliverables are handled under the signed MSA / NDA / engagement letter — not under this site privacy policy. Client information stays inside client-specific workspaces and never gets cross-pollinated across engagements.
Children
This site is not directed to children under 13. We don't knowingly collect information from children.
Your rights
You can request a copy of, correction to, or deletion of information we hold about you by emailing hello@sureelai.com. We respond within 30 days (or 45 if the request is complex, with notice).
Depending on where you live, the following rights apply:
- California (CCPA / CPRA). Right to know what we've collected, right to delete, right to correct, right to limit use of sensitive personal information, right to non-discrimination, and right to opt out of “sale” or “sharing” (see the next section).
- European Union / United Kingdom (GDPR + UK GDPR). Article 15 (access), Article 16 (rectification), Article 17 (erasure), Article 20 (data portability), Article 21 (object to processing).
- Other US states. Virginia, Colorado, Connecticut, Utah, and other state laws extend similar rights; email us and we'll apply the appropriate framework.
Do Not Sell or Share (CCPA)
Sureel AI does not sell personal information for money. We do not “share” personal information for cross-context behavioral advertising as those terms are defined by CCPA / CPRA. We use only first-party analytics (Vercel) and never broker visitor or client data to third-party ad networks.
California residents can confirm this in writing, or request changes, by emailing hello@sureelai.com with subject line “Do Not Sell or Share — CCPA Request.” We respond within 15 business days.
Changes
We may update this policy as our practices change. The “Effective” date at the top reflects the most recent revision.
Contact
Questions about this policy: hello@sureelai.com.