Privacy Policy

Welcome to Banana Prompts. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

The data controller responsible for your personal data is:

• Banana Prompts
• Banana Prompts, banana-prompts.org
• Email: [email protected]

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Banana Prompts platform and services.

We collect the following categories of personal data:

Account Data

When you register an account, we collect your email address and a securely hashed password. If you sign in via Google OAuth, we receive your name and email address from Google.

Payment Data

Payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details on our servers. We retain Stripe customer IDs, order records, and transaction metadata for accounting purposes.

Usage Data

We collect information about how you interact with the platform, including recipe selections, generation history, credit usage, and feature engagement.

Generated Images

Images you generate through the platform are stored temporarily in our systems. Generated images expire and are automatically deleted after 24 hours.

Cookies & Analytics

We use Vercel Analytics to collect anonymized usage and performance data. Cookies may be used to maintain your session and authentication state. For full details, see our Cookie Policy.

Under GDPR Article 6, we process your personal data on the following legal bases:

• Consent (Article 6(1)(a)): Where you have given explicit consent, such as subscribing to marketing communications or accepting non-essential cookies.
• Performance of a Contract (Article 6(1)(b)): Processing necessary to provide you with the Banana Prompts service, including account management, image generation, and credit transactions.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving the platform, preventing fraud, and ensuring security, provided these interests do not override your fundamental rights and freedoms.

We use your personal data to:

• Create and manage your Banana Prompts account
• Process credit purchases and maintain transaction records
• Generate images based on your recipe selections
• Provide customer support and respond to your inquiries
• Enforce our terms of service and moderate content
• Improve platform performance, features, and user experience
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our legal rights

We share your data only with trusted third-party service providers necessary to operate the platform. We do not sell your personal data.

• Supabase: Provides our database infrastructure and authentication services. Your account data and usage records are stored in Supabase-hosted PostgreSQL databases.
• Stripe: Processes all payments securely. When you purchase credits, your payment information is handled directly by Stripe under their own privacy policy.
• Vercel: Hosts the Banana Prompts platform and provides analytics services. Vercel may process anonymized usage data for performance monitoring.
• Replicate: Provides AI image generation infrastructure. Your recipe parameters are sent to Replicate to generate images. Replicate processes this data under their own privacy policy.

We may also disclose your data if required by law, regulation, or legal process, or to protect the rights, safety, or property of Banana Prompts, our users, or the public.

Our third-party service providers may process your data in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for the recipient country
• Binding Corporate Rules or other approved transfer mechanisms under GDPR

You may request details about the specific safeguards applied to international transfers of your data by contacting us.

We retain your personal data as follows:

• Generated images: Automatically deleted 24 hours after creation.
• Account data: Retained for the duration of your account. Upon account deletion, your personal data will be removed within 30 days, except where retention is required by law.
• Transaction records: Retained for the period required by applicable tax and accounting regulations (typically 7 years).
• Analytics data: Anonymized analytics data may be retained indefinitely as it does not constitute personal data.

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to legal retention obligations.
• Right to Restriction of Processing: You may request that we limit how we process your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to the processing of your personal data where we rely on legitimate interests as the legal basis.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze platform usage. For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

Banana Prompts is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete such data promptly. If you believe a child under 16 has provided us with personal data, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you via email or an in-app notification.

We encourage you to review this Privacy Policy periodically. Your continued use of Banana Prompts after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

• Banana Prompts
• Banana Prompts, banana-prompts.org
• Email: [email protected]

Our Data Protection Officer (DPO) can be reached at:

• Email: [email protected]

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.