Privacy Policy

Last updated: January 2025

1. Introduction

Welcome to NanoBanana ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered image transformation service.

2. Information We Collect

2.1 Personal Information

  • Email address (for account creation and communication)
  • Username (optional, for personalization)
  • Payment information (processed securely through Stripe)
  • Usage preferences and settings
  • Device information and IP address

2.2 Image Data

  • Images you upload for AI transformation
  • Generated/transformed images
  • Text prompts and editing instructions
  • Processing metadata and usage statistics

2.3 Technical Information

  • IP address and device information
  • Browser type and version
  • Usage patterns and feature interactions
  • Error logs and performance data
  • Cookies and similar technologies

3. How We Use Your Information

  • Process and transform your images using AI technology
  • Provide, maintain, and improve our services
  • Communicate with you about your account and our services
  • Process payments and manage subscriptions
  • Analyze usage patterns to enhance user experience
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Provide customer support and respond to inquiries

4. Image Data Handling

Important: Image Privacy & Security

  • Temporary Storage: Uploaded images are stored temporarily for processing and are automatically deleted within 24 hours
  • No Sharing: We never share your images with third parties or use them for any purpose other than providing our service
  • Secure Processing: All image processing occurs on secure servers with end-to-end encryption
  • No Training Data: Your images are not used to train our AI models without explicit consent
  • User Control: You can request immediate deletion of your images at any time
  • Data Minimization: We only collect and process the minimum amount of data necessary to provide our service

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

  • Service Providers: With trusted third-party providers who assist in operating our service (e.g., Stripe for payments, cloud storage providers)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent for specific purposes
  • Emergency Situations: To protect the safety of users or the public

6. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication for administrative access
  • Secure data centers with 24/7 monitoring
  • Employee training on data protection and security
  • Incident response and breach notification procedures

7. Your Rights

You have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your information
  • Withdrawal: Withdraw consent where processing is based on consent
  • Restriction: Request restriction of processing in certain circumstances
  • Complaint: Lodge a complaint with supervisory authorities

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws, including Standard Contractual Clauses and adequacy decisions.

9. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. Data Retention

We retain your personal information only for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Image data is automatically deleted within 24 hours. Account information is retained until you request deletion or your account becomes inactive for 2 years.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, sending you an email, or through in-app notifications. We encourage you to review this Privacy Policy periodically.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how we use it, the right to delete your personal information, and the right to opt-out of the sale of personal information.

14. GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to erasure, data portability, and the right to lodge a complaint with your local data protection authority.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected] Data Protection Officer: [email protected] Response Time: We aim to respond within 24 hours