logo
0

Privacy Policy for Banana AI

Effective Date: 2025-09-08

Introduction

Welcome to Banana AI (also referred to as "Company", "We", "Us", or "Our")!

Your privacy is important to us. This Privacy Policy outlines how we collect, use, and protect your information when you visit our website, https://bananaimg.ai. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Information We Collect

Personal Data

We collect the following personal information:

  • Name
  • Email address
  • Payment information (processed securely through third-party payment providers)
  • IP address and device information
  • Account credentials

Non-Personal Data

We also collect non-personal data through web cookies, including:

  • Analytics cookies (Google Analytics, Microsoft Clarity)
  • Advertising cookies (Google Ads)
  • Performance and usage statistics
  • Website interaction data

You can control these cookies through our cookie consent banner.

Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., processing orders, delivering services, managing your account).
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring platform security, provided these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications or the use of non-essential cookies.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Purpose of Data Collection

The information we collect is used for:

  • Order processing and service delivery
  • Website analytics and performance improvement
  • Personalized advertising (with your consent)
  • Enhancing user experience and platform functionality
  • Fraud prevention and security monitoring
  • Compliance with legal obligations

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar data protection laws, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you. We will respond to your request within 30 days.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates the GDPR.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days and may ask you to verify your identity before processing.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Retained for the duration of your account and up to 12 months after account deletion.
  • Transaction Records: Retained for up to 5 years to comply with financial and tax regulations.
  • Usage Logs: Retained for up to 12 months for analytics and security purposes.
  • Marketing Data: Retained until you withdraw your consent or opt out.

After the retention period expires, your data will be securely deleted or anonymized.

Data Security and Protection

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL. Sensitive data at rest is encrypted using industry-standard encryption algorithms.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. We employ role-based access controls and multi-factor authentication.
  • Infrastructure Security: Our servers are hosted with reputable cloud providers that maintain SOC 2 and ISO 27001 certifications.
  • Regular Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential risks.
  • Incident Response: We maintain an incident response plan to promptly address any security breaches.

Logging and Monitoring

To maintain the security, integrity, and performance of our platform, we collect and retain certain log data:

  • Server Logs: Including IP addresses, request timestamps, URLs accessed, HTTP methods, and response codes. These logs are used for security monitoring, debugging, and performance optimization.
  • Application Logs: Including user actions within the platform (e.g., image generation requests, account changes) for service delivery and troubleshooting.
  • Security Logs: Including authentication events, access attempts, and suspicious activity for fraud prevention and security incident investigation.

All log data is:

  • Stored securely with restricted access
  • Retained for a maximum of 12 months unless a longer period is required for legal or security purposes
  • Not shared with third parties except as required by law or for essential service operations
  • Subject to the same data protection measures as other personal data

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our data processors to ensure your data receives equivalent protection.
  • Adequacy Decisions: Where applicable, we transfer data to countries that have received an adequacy decision from the European Commission.
  • Additional Safeguards: We implement supplementary technical and organizational measures where necessary to ensure the security of your data during transfer.

Data Sharing

We do not sell your personal data. We may share your data with the following categories of recipients only as necessary:

  • Payment Processors: To process your transactions securely.
  • Analytics Providers: To help us understand and improve our services (data is anonymized where possible).
  • Cloud Service Providers: To host and maintain our platform infrastructure.
  • Legal Authorities: When required by law, court order, or to protect our legal rights.

All third-party recipients are contractually obligated to protect your data in accordance with applicable data protection laws.

Cookie Policy

We use cookies and similar tracking technologies on our website. Cookies are categorized as follows:

  • Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics, Microsoft Clarity). These are only set with your consent.
  • Advertising Cookies: Used to deliver relevant advertisements (e.g., Google Ads). These are only set with your consent.
  • Functional Cookies: Enable enhanced features and personalization.

You can manage your cookie preferences through our cookie consent banner at any time. You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR.
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Document all breaches, including the facts, effects, and remedial actions taken.

Children's Privacy

We do not knowingly collect any data from children under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

Updates to the Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through a prominent notice on our website. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us at [email protected]

For EU/EEA residents, you also have the right to contact your local Data Protection Authority.

Thank you for using Banana AI!