Privacy Policy

Last updated: March 2026

1. Who we are

Suriya is a Thai AI App Builder, based in Bangkok, Thailand. Contact: privacy@suriya.ai

2. What we collect

• Account data: name, email, phone number, business details when you sign up
• Usage data: pages visited, features used, session duration (via PostHog analytics)
• Onboarding data: your business category and the goals and objectives you tell us in the /start interview
• Payment data: processed securely by our payment providers; we do not store card details
• Customer data: data about your end customers that you input into your Suriya app

3. How we use your data

• To provide, operate, and improve the Suriya service
• To send transactional emails (account, billing, security)
• To provide customer support
• To analyze product usage and improve features

We do not sell your data to third parties.

4. Data storage

Your data is stored on secure servers. Customer data in your Suriya app is accessible only to you and your authorized team members.

5. Your business profile & AI Business Manager

DRAFT — requires legal review before publication. This is plain-language product copy, not finalised legal advice; we are not lawyers. To be reviewed against the Thailand Personal Data Protection Act (PDPA, B.E. 2562) before going live.

What we build. To power your AI Business Manager, Suriya keeps one ongoing profile of your business — the merchant. This profile is linked to your account and persists for as long as you use Suriya, so the AI gets smarter about your specific business over time.

What goes into it. Two kinds of information:

• What you tell us during onboarding — your business category and the goals and objectives you share in the Suriya /start interview.
• How you use Suriya — your signup, app builds, publishing, console activity, and subscription behaviour over time.

Why (purpose). We use this profile only to give you accurate, personalised recommendations — your next best action — and, where you ask it to, to let the AI Business Manager act on your behalf to improve your app. We do not sell this profile or use it to target you with third-party advertising.

Where it lives. Your business profile is stored in a private, single-tenant data platform on Google Cloud (GCP). Where your app handles data about your end customers, we minimise it and hash or pseudonymise identifiers so individuals are not directly identifiable inside the AI system.

Your rights (PDPA). Because you are a Thai business, the PDPA gives you rights over your personal data. At any time you may: see the business profile we hold; ask us to correct it; withdraw your consent to this personalised AI processing; or ask us to delete it. Withdrawing consent turns off personalised recommendations but does not stop the rest of the Suriya service from working. To exercise any of these, email privacy@suriya.ai.

How long we keep it. We keep your business profile while your account is active. If you delete your account or withdraw consent, the profile and its underlying data are removed within 30 days, except where the law requires us to keep certain records longer.

6. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@suriya.ai. Account deletion removes all associated data within 30 days.

7. Cookies

We use cookies for authentication and analytics. You can disable cookies in your browser settings, though some features may not function correctly.

8. Changes

We will notify users of material changes to this policy by email and by updating the "Last updated" date above.