Privacy Policy

How we handle your account data, payments, content, and cookies

2025/03/10

Introduction

This Privacy Policy explains what information Nano Banana Pix collects, how we use it, and your choices. Our service provides AI image generation and editing with user accounts, credits/subscriptions, file storage, email notifications, and secure checkout.

Information We Collect

  • Account information: Name, email, profile photo, and identifiers received from the login provider (e.g., Google or GitHub). If you subscribe or buy credits, we store your plan/credit status and purchase history.
  • Payment information: Payments are processed by Stripe or Creem. We do not store full card details; we may receive limited billing information (e.g., the last 4 digits, expiry month/year, billing country) and payment status from the processor.
  • Content and usage: Prompts, model/provider selections, images you upload, and generated outputs (to provide the service and for your account history). We also collect basic usage logs (e.g., timestamps, IP address, user agent) for security and troubleshooting.
  • Cookies and similar technologies: Session, security/CAPTCHA, preferences (e.g., theme), and checkout cookies. See our Cookie Policy for details.
  • Communications: Emails you send us, newsletter opt-ins, and support requests.

How We Use Information

  • Provide the service: Authenticate users, generate/edit images, store files, and operate account features.
  • Process payments: Manage subscriptions and credit purchases, fraud prevention, and invoicing.
  • Security and abuse prevention: Detect suspicious activity, enforce rate limits, and protect accounts.
  • Improve the product: Debug issues, understand aggregate performance, and enhance features.
  • Communicate: Send transactional emails (e.g., login, receipts, password reset) and service updates. Marketing emails only if you’ve opted in and where permitted.

Data Security

We use industry‑standard measures to protect information in transit and at rest, restrict access to production data, and regularly review configurations and secrets. No method of transmission or storage is 100% secure.

Sharing and Processors

We use third‑party processors to help deliver the service:

  • AI providers: OpenAI, Replicate, Fireworks AI, and Fal to generate images. We send prompts and generation parameters to the selected provider and receive generated outputs. Your use is also subject to each provider’s terms and policies.
  • Payments: Stripe or Creem process payments and may handle fraud checks and receipts.
  • Email: Resend sends transactional and optional newsletter emails.
  • Storage: Cloudflare R2 (S3‑compatible) or similar S3 storage for uploads and generated files.
  • Security: Cloudflare Turnstile (CAPTCHA) to protect forms and login.
  • Analytics (optional): We don’t enable third‑party analytics cookies by default. If enabled, we’ll update this policy and seek consent where required.

We do not sell personal information. We may disclose information if required by law, to protect users, or to defend our legal rights.

Data Retention

  • Account and billing: Retained while your account is active and as required for legal, tax, and accounting obligations.
  • Content (uploads/outputs): Retained to provide your account history and downloads; you may delete content where features permit.
  • Logs: Retained for a limited time for security and troubleshooting, then deleted or anonymized.
  • Cookies: Retention varies by cookie type; see the Cookie Policy.

International Transfers

We may process and store information in countries other than where you reside. Where required, we rely on appropriate safeguards for cross‑border transfers.

Your Rights

Subject to local laws, you may have rights to access, correct, delete, or port your data, object to processing, or withdraw consent (e.g., for non‑essential cookies or marketing). Contact us to make a request.

If you are in the EEA/UK, our legal bases include: performance of a contract (providing the service); legitimate interests (security, product improvement); consent (non‑essential cookies/marketing); and compliance with legal obligations.

Children’s Privacy

Our services are not intended for children under the age of 13 (or the age of digital consent in your region). We do not knowingly collect personal information from children.

Changes to This Privacy Policy

We may update this policy from time to time. We will notify you by posting the updated policy on this page with a revised date.