Nano Banan

Privacy Policy

Effective date: March 5, 2026

1. Introduction

This Privacy Policy describes how Nano Banan ("we", "us", "our") collects, uses, and protects your personal data when you use Nano Banan Pro ("the Service") at nanobanan.ai. By using the Service, you consent to the practices described in this policy.

2. Data We Collect

2.1 Information you provide

  • Account data: Email address and name (when signing up via email OTP or Google OAuth).
  • Payment data: Billing information is collected and processed by Stripe. We store your Stripe customer ID but never your card details.
  • Content: We do not store your text prompts or input images. They are sent directly to the AI provider for processing and are never saved on our servers.
  • Communications: Emails or messages you send to our support team.

2.2 Information collected automatically

  • Usage data: Pages visited, features used, generation history, credit balance changes, and timestamps.
  • Device & browser data: IP address, browser type, operating system, device type, and screen resolution.
  • Cookies & similar technologies: Session cookies for authentication and analytics cookies (see Section 7).

3. How We Use Your Data

  • Provide the Service: Process your prompts, generate images, manage your account and credits.
  • Process payments: Handle purchases and subscriptions via Stripe.
  • Improve the Service: Analyze usage patterns to fix bugs, improve features, and optimize performance.
  • Communicate: Send transactional emails (OTP codes, purchase confirmations) and, if you opt in, product updates.
  • Security & fraud prevention: Detect and prevent abuse, unauthorized access, and fraudulent activity.
  • Legal compliance: Comply with applicable laws, legal processes, and law enforcement requests.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

  • Contract performance: To provide the Service you signed up for (account management, image generation, payments).
  • Legitimate interests: To improve and secure the Service, prevent fraud, and analyze usage.
  • Consent: For optional analytics cookies and marketing communications. You can withdraw consent at any time.
  • Legal obligation: To comply with applicable laws and regulations.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Google (Gemini API): Your text prompts and uploaded images are sent to Google for AI processing. See Google's Privacy Policy.
  • Stripe: Payment and billing data. See Stripe's Privacy Policy.
  • Resend: Email address for transactional emails (OTP, receipts).
  • Analytics providers: Anonymized usage data for analytics (PostHog).
  • Hosting providers: Our infrastructure runs on Vercel and PostgreSQL database providers.
  • Law enforcement: When required by law, court order, or to protect the rights and safety of Nano Banan or others.

6. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Prompts & input images: We do not store your text prompts or input images. They are passed directly to the AI provider in real-time and are never written to our database or file storage.
  • Generated images: We do not store generated images on our servers. Images are generated in real-time and delivered directly to your browser.
  • Usage logs: We retain metadata about generations (model used, credit cost, timestamp, success/failure) for up to 12 months for billing, abuse prevention, and chargeback evidence. These logs do not contain your prompts or images.
  • Payment records: Retained as required by tax and accounting laws (typically 7 years).

7. Cookies

  • Essential cookies: Required for authentication and session management. Cannot be disabled.
  • Analytics cookies: Used to understand how the Service is used. You can opt out via your browser settings or our cookie preferences.

We do not use advertising or third-party tracking cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at nanobanan@googlegroups.com. We will respond within 30 days.

9. International Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (where our third-party providers operate). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data during such transfers.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. The "Effective date" at the top of this page indicates when the policy was last revised.

13. Contact

If you have questions or concerns about this Privacy Policy or your data, contact us at nanobanan@googlegroups.com.

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.