Banana Editor Privacy Policy
Last updated: October 15, 2025
1. Overview
Banana Editor ("Banana Editor", "we", "our", or "us") provides an AI-first image editing and compositing platform available at bananaeditor.art and related subdomains (together, the "Service"). This Privacy Policy explains how we collect, use, share, and safeguard information when you interact with the Service, and describes the choices and rights available to you.
2. Scope of this Policy
This Policy applies to:
- visitors browsing our marketing pages,
- registered users operating the Banana Editor workspace, demos, or API integrations,
- individuals contacting us for support, partnership requests, or community programs.
Separate agreements (for example, an enterprise Data Processing Addendum) may supplement this Policy for specific customers. If there is a conflict, the negotiated agreement controls to the extent permitted by law.
We collect information that you provide directly, information we generate while delivering the Service, and limited data from third-party partners.
3.1 Account and Identity Data
- Name, email address, authentication identifiers, locale, and invitation codes.
- Organization or team details when you collaborate with others.
3.2 Billing and Transaction Data
- Payment method tokens, billing address, VAT or tax identifiers, and transaction history. We use PCI-compliant processors (such as Stripe) and never store raw card numbers on Banana Editor servers.
3.3 Project and Asset Data
- Images, videos, prompts, masks, annotations, reference assets, and version history that you upload or generate.
- Model settings, scene templates, and outputs produced through the Service.
3.4 Usage and Device Data
- Log data including IP address, browser type, operating system, timestamps, feature interactions, and latency metrics.
- Diagnostic signals and crash reports to help us troubleshoot issues and protect the Service from abuse.
3.5 Support and Communications
- Messages you send to support@bananaeditor.art, form submissions, survey feedback, and Discord or community interactions that you choose to synchronize with the Service.
3.6 Cookies and Similar Technologies
We use cookies, local storage, and similar tools to keep you signed in, remember preferences, measure campaign performance, and understand how the Service is used. You can adjust cookie preferences via your browser settings, though certain features may require strictly necessary cookies.
We process personal data for the following purposes:
- Provide and maintain the Service: authenticate users, run editing jobs, render previews, and deliver exports.
- Improve performance and quality: evaluate model routing, enhance subject consistency, and develop new templates or workflows.
- Communicate with you: send onboarding messages, transactional emails, updates about new capabilities, and respond to support requests.
- Ensure safety and compliance: detect misuse, enforce our Terms of Service, and comply with legal or regulatory obligations.
- Analytics and research: aggregate usage insights to prioritize product investments while de-identifying or pseudonymizing data where feasible.
5. Legal Bases for Processing (EEA/UK Users)
If you reside in the European Economic Area or the United Kingdom, we rely on these bases:
- Performance of a contract when we deliver the Service you request.
- Legitimate interests when we improve security, prevent fraud, or analyze aggregated usage (balanced against your privacy interests).
- Compliance with legal obligations, such as tax, accounting, and content safety requirements.
- Consent when local law requires it for optional cookies, marketing communications, or specific data sharing.
We do not sell personal information. We share data only with:
- Service providers and processors that host infrastructure, store assets, send emails, provide analytics, or offer customer support tooling under contractual confidentiality obligations.
- AI inference partners that execute Banana Editor jobs (for example, Nano Banana, Flux, Qwen, or equivalent GPU providers). We transmit only the assets and prompts necessary to fulfill your requested operation.
- Payment processors handling subscription or credit purchases.
- Professional advisors and legal authorities when required to protect our legitimate interests or comply with law.
- Successors in the event of a merger, acquisition, or asset sale, provided obligations under this Policy continue or you receive notice and a chance to opt out.
- Aggregated or de-identified insights that cannot reasonably be used to identify you.
7. Data Retention
- Account data is kept while your account remains active and for a reasonable period afterward to meet legal and accounting requirements.
- Project assets remain available until you delete them, request removal, or your workspace is deactivated. We may retain backups for up to 90 days.
- Diagnostic logs are typically retained for 12 months or less unless we need longer retention to investigate security events or comply with law.
- Where consent is the legal basis, we delete or anonymize data if you withdraw consent and no other legal basis applies.
8. International Data Transfers
We operate globally. Your data may be processed in the United States, the European Union, or other regions where our service providers and AI infrastructure reside. When transferring personal data across borders, we rely on mechanisms such as the EU Standard Contractual Clauses or equivalent safeguards to protect your rights.
9. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete personal data we hold about you.
- Object to or restrict certain processing, or request data portability.
- Opt out of direct marketing communications.
- Withdraw consent where consent was the legal basis.
You can exercise most controls through the workspace settings or by emailing privacy@bananaeditor.art. We may request additional verification before fulfilling sensitive requests. You also have the right to contact your local data protection authority.
10. Security
We employ safeguards including encryption in transit, access controls, environment isolation, and routine security reviews. However, no service can guarantee absolute security. Please use strong passwords, enable available authentication protections, and contact us immediately if you suspect account misuse.
11. Children's Privacy
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete the information promptly.
12. Changes to This Policy
We may update this Policy to reflect product changes, legal requirements, or security practices. We will post the revised Policy with an updated "Last updated" date, and when appropriate we will notify you through the Service or by email. Continued use of the Service after a revision means you accept the updated Policy.
For questions or requests about this Policy, contact us at:
If you have unresolved concerns, you may lodge a complaint with the data protection authority in your jurisdiction.