Skip to main content

Banana Lab

Privacy Policy

Last updated: 2026-05-20 · Effective: 2026-05-20

1. Who we are

Banana Lab ("we", "us") operates the website at bananalab.app. We are the data controller for personal data described in this policy. Contact: admin@dllm.dev.

2. Data we collect

  • Account data — your email address, password (stored as a salted hash by our authentication provider), display name, and role.
  • Content you create — prompts you write, images you upload or generate, and any images you choose to share to the community feed. Shared prompts and images are publicly visible alongside your display name.
  • Technical data — IP address and basic request metadata captured by our hosting and authentication providers for security and abuse prevention.
  • Analytics — aggregated, cookieless page view metrics via Vercel Web Analytics. No identifying cookies are set.

3. Why we use your data (purposes and lawful bases)

  • To provide the service — account, image generation, library, community sharing. Lawful basis: performance of a contract (Art. 6(1)(b) GDPR).
  • To secure the service — abuse prevention, rate limiting, audit logs. Lawful basis: legitimate interests (Art. 6(1)(f)).
  • To improve the service — anonymous analytics. Lawful basis: legitimate interests (Art. 6(1)(f)).

4. Who we share data with (processors)

We rely on the following processors. Each has a Data Processing Agreement available:

  • Supabase, Inc. — authentication, database, file storage.
  • Vercel, Inc. — application hosting and web analytics, and routing of AI requests through Vercel AI Gateway.
  • Google LLC — receives your prompt text and any input images you submit when you generate with the Nano Banana Pro (Gemini) model.
  • OpenAI, L.L.C. — receives your prompt text when you generate with the GPT Image 2 model.

We do not sell your personal data, and we do not share it with anyone for advertising purposes.

5. International transfers

Our processors are based in or operate from the United States. Where data is transferred outside the European Economic Area, the relevant transfers are protected by Standard Contractual Clauses or the EU-US Data Privacy Framework, depending on the processor.

6. How long we keep your data

  • Account data — for as long as your account is active. Deleted on request (see Section 8).
  • Generated images and shared prompts — until you delete them or your account.
  • Server logs — typically up to 30 days, per our hosting provider's defaults.

7. AI-generated content

Images you generate are produced by third-party AI models (Google Nano Banana Pro and OpenAI GPT Image 2) routed via Vercel AI Gateway. We do not train or fine-tune these models on your inputs. Each provider may temporarily process your prompt and inputs to fulfill the request, governed by their own privacy terms.

8. Your rights (EEA / UK)

Subject to applicable law, you have the right to:

  • Access a copy of your data — use Profile → Export my data.
  • Rectify inaccurate data — display name and password are editable from Profile.
  • Erase your account and associated data — use Profile → Delete my account. This is irreversible.
  • Restrict or object to certain processing.
  • Data portability — the exported data is machine-readable JSON.
  • Lodge a complaint with your local supervisory authority.

9. Cookies

We use only strictly necessary cookies for authentication and session management. We do not set advertising or third-party tracking cookies. Vercel Web Analytics operates without identifying cookies.

10. Children

Banana Lab is not directed to children under the age of 16. Do not create an account if you are under 16.

11. Changes

We may update this policy. Material changes will be flagged on this page; the "last updated" date at the top reflects the most recent revision.

12. Contact

For privacy questions or to exercise your rights, email admin@dllm.dev.