Banana Code ("we", "us", "our") is a mobile AI coding agent app developed by an independent developer. This Privacy Policy explains how we collect, use, and protect your information when you use the Banana Code application and related services.
1. Information We Collect
We collect the following categories of information:
Account information: Email address, GitHub username, and display name provided during sign-up via GitHub OAuth or Apple Sign-In.
Authentication tokens: GitHub OAuth tokens used to access your repositories on your behalf. Apple Sign-In credentials where applicable.
API keys: If you choose to bring your own API key (e.g., OpenRouter, Anthropic), we store it in encrypted form so the service can make requests on your behalf.
Session data: Coding session details including the repository selected, instructions provided, model chosen, session status, and timestamps.
Chat messages: Messages you send within a coding session, including any text instructions and image attachments.
Image attachments: Files you upload during sessions are stored in Supabase Storage.
Usage data: General usage patterns such as session frequency and feature usage. We do not use third-party analytics SDKs.
2. How We Use Your Information
To authenticate you and provide access to the app.
To clone repositories, run coding sessions, and create pull requests on your behalf.
To stream real-time session progress to your device.
To store your API keys so AI model requests can be made through OpenRouter.
To improve the reliability and performance of the service.
To respond to support requests.
3. Third-Party Services
We rely on the following third-party services to operate Banana Code:
Supabase: Authentication, database, real-time subscriptions, and file storage. Data is hosted on Supabase infrastructure. See Supabase Privacy Policy.
OpenRouter: AI model inference. Your coding instructions and repository context are sent to OpenRouter for processing by the LLM model you select. See OpenRouter Privacy Policy.
Apple: Sign-In with Apple authentication where applicable. See Apple Privacy Policy.
4. Data Sharing
We do not sell, rent, or trade your personal information to third parties. Your data is shared only in these circumstances:
With the third-party services listed above, as necessary to provide the app's functionality.
When required by law, regulation, or valid legal process.
To protect the rights, safety, or property of Banana Code, our users, or the public.
5. Data Retention
Account data: Retained for as long as your account is active.
Session data and messages: Retained for as long as your account is active. You may request deletion at any time.
API keys: Retained until you delete them or delete your account.
Image attachments: Retained until the associated session is deleted or you delete your account.
When you delete your account, all associated data is permanently removed from our systems within 30 days.
6. Account Deletion
You can delete your account directly within the app by navigating to Settings and tapping "Delete Account" in the Danger Zone section. You will be asked to type DELETE to confirm. Alternatively, you can request deletion by contacting us at support@bananacode.ai. Upon deletion, we will remove all personal data, session history, stored API keys, and uploaded files. Your GitHub OAuth token is revoked automatically. Deletion is irreversible and will be completed within 30 days.
7. Data Security
We take reasonable measures to protect your information, including:
Encrypted storage of API keys and authentication tokens.
HTTPS for all data in transit.
Row-level security policies on the database to isolate user data.
Service-role authentication between internal services.
No system is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.
8. Children's Privacy (COPPA)
Banana Code is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@bananacode.ai.
9. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your personal data.
Restriction: Request that we restrict processing of your data.
Portability: Request a portable copy of your data in a structured format.
Objection: Object to processing of your data for certain purposes.
To exercise any of these rights, contact us at support@bananacode.ai. We will respond within 30 days.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
The right to know what personal information we collect and how it is used.
The right to request deletion of your personal information.
The right to opt out of the sale of your personal information. We do not sell your personal information.
The right to non-discrimination for exercising your privacy rights.
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you through the app. Your continued use of Banana Code after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at: