Try Movoria Ai — AI image & video all-in-one platform

Privacy Policy

How Nanobanana Pro collects, uses, protects, and transfers personal data

2026/04/23

Privacy Policy

Effective date: 2026-04-23

This Privacy Policy applies to nanobanana-pro.com and related products and services made available under the Nanobanana Pro name. Nanobanana Pro is operated by Mok Kam Kuen in Hong Kong.

We provide AI image generation and editing services, including text-to-image generation, reference-image editing, accounts, billing, subscriptions, credits, customer support, and related features.

This policy is written with reference to Singapore's Personal Data Protection Act 2012 ("PDPA"). It is not intended to limit any mandatory rights you may have under applicable law.

1. Personal data we collect

We may collect the following categories of personal data:

  • Account information, such as your name, email address, login credentials, account identifiers, and subscription status
  • Authentication data from supported sign-in providers, such as Google, when you choose to use social login
  • Transaction and billing data, such as plan selections, purchase records, invoices, payment status, and payment provider customer identifiers
  • Service usage data, such as IP address, browser type, device information, pages viewed, referring URLs, timestamps, and event logs
  • Content data, such as prompts, uploaded reference images, generation parameters, generated outputs, and generation history
  • Communication data, such as support requests, emails, feedback, and newsletter preferences
  • Preference and identifier data, such as language choice, theme settings, cookie values, local storage identifiers, and session information

2. How we collect personal data

We collect personal data:

  • Directly from you when you register, sign in, upload content, purchase a plan or credits, contact support, or subscribe to updates
  • Automatically when you use the service, including through cookies, local storage, logs, analytics tools, and security systems
  • From third parties that help us operate the service, such as payment processors, authentication providers, analytics providers, email providers, and cloud infrastructure providers

3. Why we use personal data

We may collect, use, and disclose your personal data for the following purposes:

  • To create and manage your account
  • To authenticate users and maintain session security
  • To provide AI image generation, editing, uploads, downloads, and history features
  • To process payments, subscriptions, credits, renewals, and billing support
  • To send verification emails, password reset emails, service messages, receipts, and newsletters
  • To provide customer support and respond to questions, complaints, or disputes
  • To detect fraud, abuse, security incidents, bots, and prohibited content
  • To analyze service usage, improve performance, troubleshoot issues, and develop new features
  • To comply with legal, regulatory, tax, accounting, or enforcement requirements
  • To protect our rights, users, systems, and business operations

4. Cookies, local storage, and similar technologies

We use cookies and similar technologies to operate the service and remember preferences. Depending on your usage and our production configuration, these may include:

  • Authentication and session cookies, including Better Auth session cookies
  • Language preference cookies such as NEXT_LOCALE
  • Theme and interface cookies such as active_theme and sidebar_state
  • Local storage keys such as nanobanana-pro-theme
  • Security and anti-abuse signals, including Cloudflare Turnstile verification
  • Analytics, attribution, and performance tools

Some of these identifiers may constitute personal data under the PDPA if they identify you, or can reasonably be linked to you.

5. When we share personal data

We may disclose personal data to:

  • Cloud hosting, CDN, database, and storage providers
  • Payment providers such as Stripe
  • Authentication providers such as Google
  • Email and newsletter providers such as Resend
  • Analytics, attribution, and performance providers, including Google Analytics, Umami, Plausible, Ahrefs Analytics, DataFast, OpenPanel, Seline, Microsoft Clarity, PostHog, and Vercel analytics tools, when enabled
  • Customer support providers such as Crisp, when enabled
  • Security and verification providers such as Cloudflare Turnstile
  • Professional advisers, auditors, insurers, regulators, law enforcement, or courts where necessary
  • A buyer, investor, or successor in connection with a merger, acquisition, restructuring, financing, or asset transfer

We do not sell your personal data.

6. International transfers

Our providers and infrastructure may be located outside Singapore. Your personal data may therefore be transferred to, stored in, or processed in other jurisdictions.

Where required, we will take reasonable steps to ensure that transferred personal data receives a standard of protection comparable to that required under the PDPA.

7. Retention

We retain personal data only for as long as it is needed for business or legal purposes.

In general:

  • Account and billing records may be retained for audit, compliance, and dispute-resolution purposes
  • Prompts, uploads, generated images, and history may be retained for a limited period depending on product design, account state, storage policy, and operational needs
  • Newsletter and support records may be retained while relevant to the relationship or issue
  • Data that is no longer needed may be deleted, anonymized, or securely disposed of

8. Region-specific notices

If you are located in the EEA or the UK, and the GDPR or UK GDPR applies to your personal data, you may have rights including access, correction, erasure, restriction, portability, objection, and the right to lodge a complaint with your local supervisory authority. Where those laws apply, we rely on one or more lawful bases including consent, performance of a contract, legitimate interests, and compliance with legal obligations, depending on the processing involved.

If you are located in Japan or Korea, we will seek consent before enabling non-essential cookies or similar technologies where required by applicable law. Please refer to our Cookie Policy for more information.

9. Security

We use reasonable administrative, technical, and physical safeguards to protect personal data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your choices and rights

Subject to applicable law, you may request:

  • Access to personal data we hold about you
  • Correction of inaccurate or incomplete personal data
  • Withdrawal of consent, where consent is the basis for processing
  • Unsubscription from newsletters or marketing communications
  • Deletion of your account or assistance with deleting certain data

We may need to verify your identity before responding. We will respond to verifiable requests within 30 days, or within the shorter period required by applicable law.

11. AI content and uploaded images

If you use our AI services, we may process prompts, uploaded reference images, generation settings, and outputs to provide the requested functionality, maintain system safety, investigate abuse, and improve reliability.

You should not upload content you do not have the right to use, or content containing unnecessary sensitive personal data.

12. Children's privacy

Our service is not intended for children under 13, or under any higher minimum age required by applicable law in your jurisdiction. If you are under the applicable age, use the service only with appropriate permission and supervision.

13. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date.

14. Contact us

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data, contact us at:

Operator: Mok Kam Kuen, Hong Kong
Data Protection Contact: support@nanobanana-pro.com