Privacy Policy
Last Updated: February 2026
1. Data Controller & Contact
Bananai (“we,” “us,” or “our”) operates Banana AI, accessible at bananai.net. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and similar international standards.
For all privacy-related inquiries, concerns, or requests to exercise your data rights, please contact us at: contact@bananai.net
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding your information.
2. Data We Collect
Account Data: When you sign in via Google OAuth, we collect your name, email address, and profile picture from your Google account. We do not store or have access to your Google password.
Payment Data: Payment transactions are processed by Stripe. We store transaction records and payment status, but we never store or have access to your full credit card numbers or sensitive payment information.
Content Data: We collect and store the prompts you submit, images you upload, and the AI-generated images and videos you create through our service. This content is necessary to deliver our core functionality.
Usage Data: We track your interactions with our service, including pages visited, features used, credit consumption, and session activity to improve service quality and detect abuse.
Technical Data: Through Cloudflare’s infrastructure, we automatically collect IP addresses, browser types, device information, and access logs for security, performance optimization, and fraud prevention purposes.
3. How We Use Your Data
We use your personal data for the following purposes:
Service Delivery: Processing your requests to generate images and videos through AI models, managing your account, and maintaining our credit-based usage system.
Security & Content Moderation: Reviewing user-submitted content to prevent abuse, ensuring compliance with our Terms of Service, and maintaining a safe platform environment through automated and manual content filtering.
Service Improvement: Analyzing aggregated and anonymized usage patterns to enhance features, optimize performance, and develop new capabilities that better serve our user community.
Communication: Sending service-related notifications about your account, credits, generated content, and important policy updates.
Important: We do not use your prompts, uploaded images, or generated content to train AI models. Your creative work remains yours.
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your data based on the following legal grounds:
Contractual Necessity: Processing is essential to provide the AI generation services you requested and to manage your account and credits.
Legitimate Interests: We have legitimate business interests in preventing fraud, ensuring platform security, improving our services, and conducting analytics, balanced against your privacy rights.
Consent: For non-essential features like analytics cookies, we obtain your explicit consent, which you may withdraw at any time.
Legal Obligations: We process certain data to comply with legal requirements, such as maintaining payment records for tax purposes and responding to valid legal requests.
5. Data Sharing & Third Parties
We share your data only with trusted third-party service providers necessary to operate Banana AI:
Replicate: We send your prompts and uploaded images to Replicate’s API to generate AI content. Review their privacy policy at: https://replicate.com/privacy
Stripe: Payment processing is handled by Stripe. See their privacy policy at: https://stripe.com/privacy
Google: We use Google OAuth for authentication and Google Analytics for understanding site usage. Privacy policy: https://policies.google.com/privacy
Cloudflare: Our entire infrastructure runs on Cloudflare’s global network, including CDN, databases (D1), file storage (R2), and security services. Privacy policy: https://www.cloudflare.com/privacypolicy/
We do not sell your personal data to advertisers or data brokers. We only share information as necessary to deliver our services or as required by law.
6. Data Storage, Security & Retention
Storage Location: Your data is stored on Cloudflare’s globally distributed network, which may involve transfers across international borders to ensure optimal performance and reliability.
Security Measures: We implement industry-standard security practices including TLS encryption for data in transit, encrypted storage (R2) for files, OAuth-based authentication (no passwords stored), and regular security audits.
Retention Periods:
- Account data is retained until you delete your account
- Generated content (images/videos) is stored until you explicitly delete it
- Payment records are retained for 7 years to comply with tax and financial regulations
- Analytics data is anonymized and retained for 12 months
You can delete your generated content at any time through your account dashboard.
7. Your Rights
Under GDPR and similar laws, you have the following rights regarding your personal data:
Access: Request a copy of all personal data we hold about you.
Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
Data Portability: Export your data in a machine-readable format.
Rectification: Correct inaccurate or incomplete information in your profile.
Withdraw Consent: Opt out of analytics cookies and non-essential data processing.
Lodge a Complaint: File a complaint with your local data protection authority if you believe we’ve mishandled your data.
To exercise these rights, please email contact@bananai.net or use the self-service data management tools in your account settings.
8. Cookies & Tracking
Essential Cookies: Required for authentication, session management, CSRF protection, and core functionality. These cannot be disabled.
Analytics Cookies: Google Analytics helps us understand how users interact with our platform. You can opt out through your browser settings or using Google’s opt-out tools at: https://tools.google.com/dlpage/gaoptout
Third-Party Cookies: Stripe may set cookies necessary for payment processing. These are functionally required when making purchases.
You can manage cookie preferences through your browser settings, though disabling essential cookies will prevent you from using certain features.
9. International Data Transfers
Banana AI uses Cloudflare Workers, which are deployed globally across multiple data centers worldwide. Your data may be processed in jurisdictions outside your country of residence, including countries that may have different data protection standards.
For transfers from the European Economic Area (EEA), we rely on Cloudflare’s Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring GDPR-compliant safeguards for your data.
All our service providers are contractually required to implement appropriate technical and organizational measures to protect your personal data.
10. Children’s Privacy & Policy Updates
Age Restriction: Banana AI is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from someone under 18, we will delete it immediately.
Parental Notice: If you believe your child has provided us with personal information, please contact us at contact@bananai.net.
Policy Updates: We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated via email to registered users at least 30 days before taking effect.
Continued Use: Your continued use of Banana AI after policy updates constitutes acceptance of the revised terms. For significant changes affecting your rights, we may require explicit re-consent.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:
Email: contact@bananai.net Website: https://bananai.net
We aim to respond to all privacy inquiries within 30 days.