Privacy Policy

1. Introduction

Welcome to Banana Studio (“we,” “our,” or “us”). Banana Studio is a software-as-a-service platform operated from New Jersey, United States, that provides AI-powered headshot generation at bananastud.io. We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website and use our Service. By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Personal Information

When you create an account or use the Service, we may collect the following personal information:

• Email address (required for account creation, communication, and transactional notifications).
• Name and profile information (as provided through your authentication provider).
• Account credentials and authentication data (managed securely through Clerk, our authentication provider).
• Payment and billing information (credit card details, billing address, and transaction history, processed securely through Stripe; Banana Studio does not store your full payment card number).

2.2 Photos and Images

When you use the Service, you upload selfies or photographs of yourself (“Source Images”). These Source Images are processed by our AI system to generate professional headshots (“Generated Images”). Both Source Images and Generated Images are stored on our infrastructure (powered by Supabase) and are associated with your account. Source Images are transmitted to Together AI for processing. You may delete your Generated Images from your Gallery at any time, and you may request deletion of your Source Images by contacting us.

2.3 Usage and Technical Data

We automatically collect certain technical and usage information when you interact with the Service, including:

• IP address, browser type and version, operating system, and device information.
• Pages visited, features used, generation history, and interactions within the Service.
• Referring URLs, access times, and session duration.
• Credit purchase and usage history.

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze how the Service is used. Cookies are small data files placed on your device. You can control cookies through your browser settings; however, disabling cookies may limit your ability to use certain features of the Service. We use the following types of cookies:

• Essential Cookies — Required for the Service to function, including authentication and session management.
• Functional Cookies — Remember your preferences and settings to improve your experience.
• Analytics Cookies — Help us understand how visitors use the Service so we can improve it.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the AI headshot generation Service.
• To process your photos and generate AI headshot images.
• To process payments, manage credits, and administer your account.
• To send transactional communications, such as purchase confirmations and service updates.
• To respond to your inquiries, support requests, and feedback.
• To detect, prevent, and address fraud, abuse, security issues, and technical problems.
• To analyze usage patterns and improve the Service, including AI model quality and user experience.
• To comply with legal obligations and enforce our Terms of Service.

We do not use your uploaded photos to train AI models. Your Source Images are used solely to generate the headshots you request.

4. Third-Party Services and Data Sharing

We share your information with third-party service providers only as necessary to deliver the Service. We do not sell, rent, or trade your personal information to third parties for marketing purposes. The third-party services we use include:

• Together AI — Receives your uploaded Source Images for AI headshot generation. Together AI processes these images according to their own privacy policy.
• Stripe — Processes payment transactions securely. Stripe receives your payment information (e.g., credit card number, billing address) and is PCI-DSS compliant.
• Clerk — Manages user authentication and account access. Clerk receives your email address and authentication credentials.
• Supabase — Provides database and file storage infrastructure. Your account data, photos, and generated images are stored on Supabase servers.
• Vercel — Hosts the Service and may process server logs containing IP addresses and request metadata.

We may also disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

5. Data Retention

• Generated Images — Stored in your Gallery until you delete them. You may delete any generated image at any time, and it will be permanently removed from our systems.
• Source Images (Uploaded Photos) — Retained as needed to provide the Service. You may request deletion of your Source Images at any time by contacting us, and we will remove them promptly.
• Account Information — Retained as long as your account is active. If you close your account, we will delete your personal data within a reasonable timeframe, except where retention is required by law (e.g., for tax, legal, or compliance purposes).
• Payment Records — Transaction records may be retained as required by applicable tax and financial regulations.
• Usage and Technical Data — Retained in aggregated or anonymized form for analytics and service improvement purposes.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 General Rights (All Users)

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete personal data.
• Deletion — Request deletion of your personal data, including uploaded photos and generated images. You can delete generated images directly from your Gallery.
• Data Portability — Request a copy of your data in a structured, commonly used, machine-readable format.
• Withdraw Consent — Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Object — Object to the processing of your personal data in certain circumstances.

6.2 Rights for European Economic Area (EEA) Residents (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR). We process your personal data on the following legal bases: (a) your consent (e.g., when you upload photos); (b) performance of a contract (e.g., to provide the Service you have purchased); (c) our legitimate interests (e.g., to improve the Service and prevent fraud); and (d) compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated. Please note that data may be transferred to and processed in the United States, where our servers and third-party providers are located. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

6.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights, including: the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information (Banana Studio does not sell your personal information); and the right to non-discrimination for exercising your privacy rights. To exercise any of these rights, please Contact Us.

6.4 Rights for New Jersey Residents

Residents of New Jersey may have additional privacy rights under applicable state law. We comply with all applicable New Jersey data protection requirements. To exercise any privacy rights, please Contact Us.

To exercise any of the rights described above, please reach out through our Contact Us page. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL) and at rest, secure authentication through Clerk, PCI-DSS compliant payment processing through Stripe, regular security assessments, and access controls limiting data access to authorized personnel only. However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

8. International Data Transfers

Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to jurisdictions that may not provide the same level of data protection as your home country. By using the Service, you consent to such transfers. Where required by law, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure your data is adequately protected.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe that a child under 18 has provided us with personal information, please Contact Us immediately.

10. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by Banana Studio. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you via email or through the Service. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out through our Contact Us page.

Banana Studio
New Jersey, United States
bananastud.io
support@bananastud.io