Privacy Policy

This Privacy Policy explains how Nano Banana Editor (“we,” “our,” or “us”), operating the website https://nanobananaeditor.ai (the “Website”), collects, uses, shares, and protects information when you access our AI-powered image generation and editing platform and related APIs, dashboards, and applications (the “Service”).

Independence Notice
Nano Banana Editor interfaces with Google’s Nano Banana image model (also referred to as Gemini 2.5 Flash Image) via API. We are not affiliated with, endorsed, or sponsored by Google LLC, Alphabet Inc., or any subsidiaries. Third-party trademarks belong to their respective owners.

By using the Website or Service, you consent to the practices described below.

1. Information We Collect

1.1 Information You Provide

  • Account Credentials – Email and password you register with, or OAuth details when you sign in with Google (e.g., display name, email address, OAuth ID).
  • Billing & Subscription Data – Plan type, invoices, transaction IDs, and last-4 of card (processed by Stripe or similar; we do not store full card numbers).
  • Project Inputs (“User Content”) – Text prompts, reference images, uploaded photos, masks/brush selections, control images, negative prompts, and other materials you provide to generate or edit images.
  • API Usage Data (for developers) – Endpoint calls, request/response metadata (timestamps, status codes, usage metering, and limited parameters for troubleshooting).
  • Support Communications – Emails, attachments, or chat transcripts you send to us.

1.2 Information Collected Automatically

  • Usage Logs – IP address, device/OS/browser, pages visited, editor actions (e.g., inpaint/blend), generation parameters, timestamps, and error logs.
  • Cookies & Similar Tech – Session cookies for authentication, preference cookies, analytics pixels and SDKs. See Section 6 (Cookies).

1.3 Information from Third Parties

  • Payment Processors – We receive payment confirmation metadata from Stripe or similar providers; full payment details remain with the processor.
  • Analytics Providers – Aggregated site and product usage statistics (e.g., page performance, conversion funnels).
  • Authentication Providers – Basic profile and verification data when you use OAuth sign-in.

2. How We Use Your Information

  • Operate & Maintain the Service – Authenticate users, render/generate images, store your projects, and deliver downloads/exports.
  • Product Improvement – Diagnose issues, combat spam/abuse, perform A/B tests, and analyze feature usage. We may use aggregated and/or anonymized telemetry to improve reliability and UX.
  • Communications – Send receipts, invoices, system alerts, policy updates, and (with consent) product news or marketing emails. You can opt out of non-essential emails.
  • Security & Fraud Prevention – Detect abuse, enforce our Terms, and protect the Service and other users.
  • Legal Compliance – Meet tax and accounting obligations and respond to lawful requests.

Model Training – We do not use your uploaded images or prompts to train our public models unless you explicitly opt in to a clearly presented setting or program.

3. Sharing Your Information

We do not sell your personal data. We share it only:

  1. Service Providers – Cloud hosting, storage/CDN, GPU inference, analytics, payment, and email vendors—limited to what is necessary to provide the Service.
  2. Legal/Safety – To comply with laws, court orders, or to protect rights, safety, and security.
  3. Business Transfers – In connection with mergers, acquisitions, financing, or sale of assets (with notice where required).
  4. With Your Consent – Any other sharing occurs only if you opt in.

4. Data Retention & Visibility

Uploaded Images & Files – Stored privately within your account’s library and subject to your plan’s storage/quota limits. You may delete items at any time from your dashboard.

Generated Images – Treated like uploads: private by default and retained according to your plan’s storage policy unless you delete them.

Masks/Selections & Edit History – Retained to support undo/redo and revision workflows; cleared when you delete the associated project or upon account deletion.

API Keys & Usage (Developers) – Stored while your account is active for metering, security, and billing. You may rotate or revoke keys.

Public Gallery (optional, future)Opt-in only. Items are public only if you explicitly mark them as “Public.” Private content is never made public by us.

Account & Billing Records – Retained for statutory periods (typically 7 years) for tax and accounting compliance.

Analytics & Logs – Raw logs retained up to 90 days (or less) before being aggregated/anonymized. Backups may persist for a limited period (e.g., up to 30 days) for disaster recovery.

When you delete content, it will be removed from active systems; residual copies may remain temporarily in backups until those cycles expire.

5. Your Rights

Depending on your jurisdiction (e.g., GDPR/UK GDPR, CCPA/CPRA, PDPA-SG, and others), you may have rights to:

  • Access, correct, or delete your data
  • Object to or restrict certain processing
  • Receive a machine-readable copy (data portability)
  • Withdraw consent for optional processing (e.g., marketing)
  • Opt out of non-essential cookies/analytics where applicable

To exercise rights, email [email protected]. We may request information to verify your identity and jurisdiction.

6. Cookies

We use:

  • Essential Cookies – Authentication, security, and core functionality (cannot be disabled).
  • Preference Cookies – Remember language, theme, and editor settings.
  • Analytics Cookies/SDKs – Understand usage and improve the Service.
  • Marketing Cookies (optional) – Measure campaigns (only with consent where required).

You can manage preferences via our cookie banner or your browser settings. Blocking essential cookies may prevent normal operation.

7. Security

We implement industry best practices: HTTPS everywhere, encryption in transit and at rest, least-privilege IAM, key rotation, audit logging, and regular security reviews. No Internet transmission is 100% secure, but we work to protect your information continuously.

8. Children’s Privacy

The Service is not directed to children under 13 (or a higher age required by local law). If we learn that we collected personal data from a child, we will delete it promptly.

9. International Data Transfers

Where data are transferred across borders, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, and we assess vendors’ data protection measures.

10. Model Provider Processing

When you generate or edit content, your inputs (e.g., prompts and images) may be transmitted to third-party model providers (e.g., Google) to perform inference. Those providers may process limited technical logs under their own terms and privacy policies. We contractually require service providers to protect your data and process it only for providing the Service.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced by email or in-app/banner at least 15 days before taking effect, where required. The latest revision date appears below.

12. Contact Us

Questions or requests about privacy? Email [email protected].

Last updated: 2025-09-02