Privacy Policy

Last Updated: January 2025

At Banana Control, your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use D-1 (AI image generation) and DT-1 (pixel art converter).

1. Information We Collect

Account Information:

When you sign in with Google, we collect:

  • • Email address
  • • Profile name
  • • Profile picture (if available)
  • • Unique user identifier

Usage and Generation Data (D-1):

  • • Text prompts and creative inputs
  • • Reference images (stored temporarily during generation)
  • • Generated images (temporarily cached during your session)
  • • Style selections and generation parameters
  • • Model and resolution preferences
  • • Generation timestamps and frequency

DT-1 Data (On-Device Processing):

IMPORTANT: DT-1 processes all images entirely on your device. Your images are NEVER uploaded to our servers or any third-party services.

  • • Source images: Processed locally, never transmitted
  • • Pixel art outputs: Generated locally, never stored on our servers
  • • Settings (palette, size, dithering): Stored locally in your browser only

We only collect anonymous usage statistics for DT-1 (number of downloads, not the actual images).

Credit and Transaction Data:

  • • Credit balance
  • • Purchase records (via LemonSqueezy)
  • • Credit usage history
  • • Transaction timestamps

Technical Data:

  • • IP address
  • • Browser type and version
  • • Device information
  • • Operating system
  • • Session tokens and authentication data

2. How We Use Your Information

We use the information we collect to:

  • • Provide and maintain D-1 and DT-1 services
  • • Process your image generation requests via Google Gemini AI (D-1 only)
  • • Manage your account, credits, and access key activations for both services
  • • Authenticate your identity and secure your account
  • • Monitor usage patterns and improve service quality
  • • Prevent fraud, abuse, and terms violations
  • • Respond to support requests and communicate service updates
  • • Comply with legal obligations

3. Third-Party Data Sharing

We share your data with the following third-party services:

Google (Gemini AI & Authentication) - D-1 only:

Your prompts, reference images, and generation parameters are sent to Google's Gemini AI API (Paid Services) for image generation. When you use Paid Services, Google does NOT use your content to train or improve generative models made available to other customers in a manner that reveals your information. However, Google retains prompts and outputs for up to 55 days for abuse monitoring, security, and service improvement. After this period, data is deleted unless required for legal compliance or security investigations. Google also handles authentication via Google OAuth. Google processes this data according to their privacy policy and Gemini API Additional Terms of Service.

Supabase (Database & Infrastructure):

We use Supabase to store user account data, credit balances, transaction records, and generation logs. Supabase acts as our data processor and is GDPR-compliant.

LemonSqueezy (Payment Processing):

When you purchase credits, LemonSqueezy processes your payment securely. We receive webhook notifications to add credits to your account. We do not store payment card information - all payment data is handled by LemonSqueezy.

DT-1 - No Third-Party Data Sharing:

DT-1 does NOT share any image data with third parties. All image processing happens on your device in your browser. The only data transmitted to our servers is anonymous usage statistics (credit deduction for downloads) and authentication data.

Important:

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Data Retention

D-1:

  • • Account information: Until account deletion + 30 days for backup removal
  • • Credit transaction records: 7 years (legal/tax compliance)
  • • Generation logs (prompts): 90 days for service improvement
  • • Generated images: Not stored permanently (session cache only)
  • • Reference images: Deleted immediately after generation
  • • Session tokens: 7 days or until logout

DT-1:

  • • Source images: Never stored (processed on your device only)
  • • Pixel art outputs: Never stored (generated on your device only)
  • • Credit transactions: 7 years (legal/tax compliance)
  • • Anonymous download counts: Indefinitely for analytics

5. Your Rights (GDPR & Data Protection)

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data via the Settings page (Export Data button)
  • Right to Rectification: Update your profile information in account settings
  • Right to Erasure: Delete your account via Settings page ("Delete Account" button)
  • Right to Restriction: Contact support to limit data processing
  • Right to Data Portability: Download your data in JSON format via Settings page
  • Right to Object: Object to certain processing activities via support
  • Right to Withdraw Consent: Withdraw consent at any time by deleting your account

How to Exercise Your Rights:

  • Data Export: Click SETTINGS → Export Your Data
  • Delete Account: Click SETTINGS → Delete Account
  • Other Requests: Contact support (see Contact section below)

We will respond to all requests within 30 days as required by GDPR.

Important Notes:

  • • Credit transaction records will be retained for 7 years for legal/tax compliance (even after account deletion)
  • • All other personal data (profile, generations, licenses) will be permanently deleted within 30 days
  • • Account deletion is irreversible and requires email confirmation

6. Cookies

The Banana Control platform uses essential cookies only:

  • • Authentication cookies (session management)
  • • Security cookies (CSRF protection)
  • • Preference cookies (saved settings)

We do not use advertising, tracking, or analytics cookies from third parties.

7. Data Security

We implement industry-standard security measures:

  • • HTTPS/TLS encryption for all data transmission
  • • Encrypted database storage
  • • Row-level security (RLS) policies
  • • Secure authentication via Google OAuth 2.0
  • • Regular security audits and vulnerability assessments
  • • Access controls and monitoring

However, no system is 100% secure. You use the service at your own risk.

8. Age Requirement

The Banana Control platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a minor, contact us immediately for deletion.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and the European Union, where our service providers are located.

We ensure appropriate safeguards are in place through:

  • • Standard Contractual Clauses (SCCs) with data processors
  • • GDPR-compliant service providers
  • • Adequate data protection measures

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • • Update the "Last Updated" date
  • • Notify users via email or platform notification (for significant changes)

Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact & Data Protection Officer

For privacy inquiries, data access requests, or GDPR-related questions:

Automated Self-Service (Recommended):

  • Export Your Data: SETTINGS → Export Your Data (instant download)
  • Delete Your Account: SETTINGS → Delete Account (with confirmation)

Support Contact:

  • Email: bananacontroldesign@gmail.com (for manual requests, issues, or questions)
  • Response Time: Within 30 days as required by GDPR
  • GitHub Issues: For technical support and bug reports

When contacting us, please include:

  • • Your registered email address
  • • Nature of your request (data export, deletion, correction, etc.)
  • • Any relevant details to help us process your request