This Privacy Policy (the “Policy”) explains how Kirusa Inc. (“Kirusa,” “we,” “us,” or “our”), a U.S. corporation, collects, uses, shares, and protects personal information when you visit or use https://melodycrafters.com/ (the “Site”) and when you place a paid request for a custom song and/or video (the “Services”). We are committed to complying with global data protection laws, including the General Data Protection Regulation (GDPR (EU/EEA), Digital Personal Data Protection Act, 2023 (India) (the “DPDP Act”), CCPA/CPRA (California Consumer Privacy Act for California residents), and applicable African data protection laws (e.g., Senegal Law No. 2008-12; Ghana Data Protection Act, 2012; Burkina Faso Law No. 010-2004/AN; Côte d’Ivoire Law No. 2013-450), as well as other relevant local laws in Mali, Togo, Malawi, Zambia, Lesotho, Eswatini, and Benin.
By visiting the Site or using the Services, You consent to the collection, use, disclosure, processing, and storage of your information as described in this Policy or as otherwise required or permitted by applicable laws for the time being in force.
1. What Data We Collect
Depending on how you use the Site and Services, we may collect the following categories of data including Sensitive Personal Data or Information (SPDI):
Device & Usage Data. Device type, browser, operating system, IP address, general location (derived from IP), pages viewed, time on page, referring/exit pages, clickstream, and interactions with the Site. We may collect this via cookies, web beacons, pixels, and analytics tools (e.g., Google Analytics, Microsoft Clarity).
Account Data. Name, email address, password, phone number (optional), and—if you act for an organisation—company name and role.
Order & Billing Data. Purchase details, billing address, and limited payment metadata required by our payment processor(s). We do not store full payment card numbers; payments are handled by compliant third-party processors (e.g., Razorpay in supported regions, or other region-appropriate gateways).
Identity Verification Data (enterprise/corporate only). Government ID (e.g., passport, driver’s license) or business documents (e.g., tax ID, incorporation certificate, VAT, PAN (India), EIN (USA)) to verify identity, prevent fraud, and meet anti money laundering/know your client (“AML/KYC”) and sanctions screening requirements.
User Content (your creative inputs). Stories, prompts, reference materials, voice samples/recordings, images, and other materials you submit so we can craft your custom song and/or video (“User Content”). We do not directly view or access User Content except as reasonably necessary to provide the Services, ensure safety/compliance, or meet legal obligations.
Communications. Messages you send to us (e.g., support requests, feedback), and our communications with you (e.g., delivery emails, service notices).
The Site may contain links to other sites/applications. We are not responsible for the privacy policies and/or practices on other sites/applications. When following a link to another site, please separately review the relevant site's privacy policy.
2. How We Collect Data
Directly from you. When you create an account, place an order, submit User Content, complete verification, or contact support. (“User Input”)
Automatically. When you browse or interact with the Site, we use cookies, pixels, and analytics to collect Device & Usage Data.
From service providers. For example, payment status from payment processors and basic analytics from measurement partners.
Compliance checks (enterprise/corporate only). Identity and document verification for AML/KYC, sanctions screening, and fraud prevention.
3. How We Use Data
We use your information to:
Provide the Services. Process User Content to craft your custom song/video and deliver up to four (4) iterations per purchase.
Process Orders. Handle one-time payments, send confirmations/receipts, and manage invoices and taxes.
Verify Identity (as applicable). Authenticate enterprise/corporate users and comply with AML/KYC and sanctions screening requirements (e.g., ECOWAS rules, U.S. Patriot Act, India’s PMLA/KYC norms).
Communicate. Send service messages (order status, delivery, policy updates) and respond to your inquiries. Where required, notices may be provided in English or French (e.g., Senegal, Côte d’Ivoire, Mali, Benin, Togo).
Safety & Compliance. Monitor for and prevent harmful or illegal content (including but not limited to terrorism, hate speech, child exploitation) and comply with legal requests under applicable laws (including but not limited to GDPR Art. 6, DPDP Act Sec. 8, African frameworks).
Improve & Secure the Site. Use anonymized or aggregated information to troubleshoot, analyse performance, improve features, and enhance security but shall not be using User Inputs to train models.
Marketing (optional). Provide offers or updates. Where required, we obtain consent or provide a clear opt-out options compliant with GDPR Art. 21; DPDP Act Sec. 7 and African Laws.
4. How We Share Data
We share information only as needed and with safeguards:
Service Providers. Payment processors (e.g., Razorpay, where supported), cloud hosting providers, analytics providers, verification providers, and customer support partners. All the Service Provides are contractually obligated to protect your data in compliance with GDPR Art. 28, DPDP Act obligations, and relevant African laws.
Legal & Safety. We may disclose data when required by law (e.g., court orders, law enforcement requests in Senegal, Ghana, India, or the USA or any other jurisdictions) or to protect our rights, ensuring compliance with GDPR (Art. 6(1)(c)), DPDP Act (Sec. 8), and local African laws (e.g., Ivory Coast’s Law No. 2013-450).
Business Transfers. If we undergo a reorganisation, merger, acquisition, or asset sale or such similar event, your data may be transferred subject to confidentiality and compliance with applicable law for the time being in force.
We do not sell personal data. We also do not “share” personal data for cross-context behavioural advertising within the meaning of California law unless you have consented or such sharing is permitted by law and you have not opted out. We do not train models on your User Content without your opt-in.
5. Behavioural Advertising & Analytics
We may use Device & Usage Data to tailor content and measure performance. You can opt out of interest-based advertising via:
Network Advertising Initiative: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work
Digital Advertising Alliance: http://optout.aboutads.info/
Google Ads: https://www.google.com/settings/ads/anonymous
Facebook: https://www.facebook.com/settings/?tab=ads
Opting out does not stop all ads, only targeted ones. For Google's privacy practices, see https://www.google.com/policies/privacy/. To opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout.
6. Cookies & Similar Technologies
We use cookies, pixels, and similar tools to operate the Site, remember preferences, analyse traffic, and support security.
You can manage cookies through your device or browser settings and (where provided) through our cookie controls. However, please note that disabling certain cookies may affect the functionality and performance of the Site/App.
We do not allow third-party service providers (such as analytics or advertising partners) to place cookies on your device.
By continuing to use the Site/App, you consent to our use of cookies and similar technologies as described in this Privacy Policy
7. “Do Not Track.”
We currently do not change our data collection practices in response to browser “Do Not Track” signals. We do honour advertising opt-outs as described above and comply with applicable consent and objection rights under GDPR, DPDP Act, CCPA/CPRA, and relevant African laws.
8. Government ID & Enterprise Verification
For enterprise/corporate transactions in relevant jurisdictions (e.g., Senegal, DRC, Ghana, Mali, Burkina Faso, Togo, Malawi, Zambia, Lesotho, Eswatini, Côte d’Ivoire, Benin, India, USA), we may collect and process government-issued identity and business documents solely to:
Prevent fraud and verify identity;
Meet AML/KYC and sanctions screening requirements (including but not limited to U.S. Patriot Act, India’s Prevention of Money Laundering Act, 2002 (“PMLA”)/KYC norms, ECOWAS AML frameworks, African financial crime laws such as Ghana’s Anti-Money Laundering Act, 2008); and
Respond to lawful requests from authorities and judicial forums, consistent with GDPR Art. 6(1)(c), DPDP Act Sec. 8, and local laws (e.g., Senegal 2008-12).
Verification data is encrypted, access-controlled, and retained only as long as necessary for verification or legal obligations, then deleted or archived in accordance with applicable laws.
9. Your Privacy Rights
You have the following rights, subject to applicable laws, which may vary by region, but may include:
Access: Request a copy of your personal data we hold
Correction: Update inaccurate or incomplete data.
Deletion: Request deletion of your data, subject to legal retention obligations (e.g., AML record-keeping/tax).
Restriction. Ask us to limit specific processing of your data in certain circumstances (including withdrawing consent for using your SPDI where applicable).
Objection. Object to processing for particular purposes (e.g., direct marketing).
Data Portability. Receive your data in a structured, machine-readable format where technically feasible.
EU/EEA/UK: GDPR Arts. 15–22. India: DPDP Act (notably Sections 6–11). Africa: e.g., Ghana DPA 2012 (Secs. 28–35); Senegal 2008-12; Côte d’Ivoire 2013-450. California: CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.).
You may add, update or delete any information provided to Us. In order to delete or modify any Data shared by the User and to exercise your rights, email support-melodycrafters@kirusa.com. We may need to verify your identity before acting on your request and may deny requests in case it is required under the applicable laws for the time being in force (we’ll explain why, if so).
10. Data Retention
We keep personal data only as long as necessary for the purposes described here or as required by law:
Orders & Billing: kept to meet tax, accounting, and AML/KYC obligations (for example, certain jurisdictions require 5–7 years).
User Content & Deliverables: kept for the life of your account and to provide the Services (e.g., delivery and up to four (4) iterations), unless you request deletion and we have no legal reason to retain it.
Verification Data: retained only for the period required to verify or comply with law and then securely deleted or archived.
Once your personal data is no longer needed or the purpose for which such personal data was collected, is no longer being served by such retention, or the retention thereof is no longer necessary under any applicable law, it is securely deleted or anonymized to prevent misuse.
11. Account & Data Deletion
To delete your account or request deletion of specific data, email support-melodycrafters@kirusa.com. We typically begin processing within 14 days of your request. If you do not cancel your request within that window, we aim to complete deletion within 30 days from the date of closure of the cancellation window, subject to lawful retention required under the applicable laws (e.g., AML/KYC/tax). This aligns with GDPR “right to erasure” (Art. 17), the DPDP Act, and applicable African laws.
12. Security
We use industry-standard technical and organisational security measures (including but not limited to encryption in transit/at rest where appropriate, secure cloud infrastructure, access controls, logging, least-privilege access) to protect your data, which are consistent with GDPR Art. 32, the DPDP Act, and relevant African data protection laws. However, no system is completely secure, and we cannot guarantee absolute security, particularly in regions with connectivity challenges and infrastructure constraints. You are responsible for securing your account credentials and maintaining backups of User Inputs and Generated Content.
While we take every reasonable precaution to protect your personal data, in the unlikely event of a data security breach, we will notify affected Users promptly and provide recommendations to secure your information.
13. International Transfers
We may process data in the United States and in other cloud regions (e.g., EU or Africa). Where required, we use appropriate safeguards—such as Standard Contractual Clauses (SCCs) or binding corporate rules to ensure compliance with similar mechanisms—to protect personal data transferred across borders (e.g., GDPR Art. 46; DPDP Act Sec. 16; Senegal cross-border rules under Law No. 2008-12 and other applicable African laws). By using the Site, you consent to these transfers subject to such safeguards.
14. Children’s Privacy
The Site is intended for adults (18+) and is not intended for children or young persons under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child or young person under the age of 18, we will delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The “Last Updated” date indicates the latest version. Your continued use of the Site/App after changes constitutes acceptance. Material changes will be announced by email or Site/App notice, where legally required. The purpose and use of information collected is subject to the Privacy Policy in place at the time of collection of such data.
16. Contact Us
For questions, requests, or complaints, contact:
Email: support-melodycrafters@kirusa.com Address: Kirusa Inc., 85 Swenson Circle, Berkeley Heights, NJ 07922, USA
Please include a detailed description of your question or complaint. We aim to acknowledge and address grievances within two working days or within the timeframe required by applicable law.
If you are not satisfied, you may contact your local data protection authority (e.g., CNIL (France), ICO (UK), Senegal’s CDP, Ghana’s Data Protection Commission, or the competent authority in India under the DPDP Act once established).