Privacy Policy

1. Introduction

Banana Gene ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered image generation and editing platform (the "Service"). Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

• Account Information: Email address, name, profile picture, and authentication credentials when you create an account
• Payment Information: Billing address and payment method details. All payment processing is handled by Paddle Commerce Inc. and Creem (Armitage Labs OÜ), each acting as the Merchant of Record for the transactions it processes. We do not store your full credit card number
• User Content: Images, prompts, and other content you upload to the Service
• Usage Data: Information about how you interact with the Service, including generation history, feature usage, and session data
• Device Information: Browser type, operating system, device identifiers, and IP address
• Cookies: As described in Section 8 below
• Communications: Messages, feedback, and correspondence you send to us

3. How We Use Your Information

We use your information for the following purposes:

• Providing, maintaining, and improving the Service
• Processing transactions and sending related information (purchase confirmations, invoices)
• Managing your account and providing customer support
• Communicating with you about the Service, including service updates and security notices
• Monitoring and analyzing usage patterns and trends
• Detecting, preventing, and addressing fraud, abuse, and security issues
• Enforcing our Terms of Service and Acceptable Use Policy
• Complying with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service under our Terms of Service
• Legitimate Interests: Processing for fraud prevention, security, and service improvement (where your interests do not override these)
• Consent: Processing based on your explicit consent, which you may withdraw at any time
• Legal Obligation: Processing required to comply with applicable laws

5. Data Sharing

We do not sell your personal information. We may share your information with the following categories of service providers:

• Payment Processor: Paddle Commerce Inc. and Creem / Armitage Labs OÜ (each acting as the Merchant of Record for the transactions they process) — processes your payment information and issues invoices
• Cloud Infrastructure: Cloudflare and hosting providers — used to store and serve data
• AI Service Providers: Third-party AI model providers (e.g., Google, OpenAI) — used to generate images based on your prompts
• Database Services: Supabase — used to store account and generation data
• Analytics: Service providers that help us understand how the Service is used
• Legal & Compliance: When required by law, court order, or governmental authority

All third-party service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account Data: Retained until account deletion; up to 90 days after deletion for legal/compliance purposes
• Generated Content: Retained as part of your generation history until you delete it or your account is deleted
• Payment Records: Retained for a minimum of 7 years in accordance with tax and financial regulations
• Usage Logs: Retained for up to 2 years for security and analytics purposes

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), encryption at rest, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential Cookies: Required for the Service to function (authentication, session management, security). These cannot be disabled.
• Analytics Cookies: Help us understand how visitors use the Service (e.g., Google Analytics). You may opt out of these.
• Functional Cookies: Remember your preferences and settings.

You can control cookies through your browser settings. Disabling cookies may affect Service functionality.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request your data in a portable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at support@bananaimag.com. We will respond to your request within 30 days.

10. Children's Privacy

The Service is not intended for individuals under 16 years of age (or the minimum legal age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries that may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) as required under GDPR for transfers from the EEA.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we will provide more prominent notice (e.g., email notification or a banner on the Service). Your continued use of the Service after changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@bananaimag.com
• General Support: support@bananaimag.com
• Banana Gene is operated by bananaimag.com ("Operator").
• Address: Xi'an, Shaanxi, China

For users in the EEA, the data controller is Banana Gene, and our Data Protection Officer can be reached at the email above.