🍌 Privacy Policy

Tiny Banana - AI Image Generator
Last Updated: November 23, 2025
Effective Date: November 23, 2025

📑 Table of Contents

Introduction

Tiny Banana ("we," "our," or "the Extension") is a Chrome Extension that enables users to generate and edit images using Google AI API (Gemini 3 Pro Image Preview and Gemini 2.0 Flash). We are committed to protecting your privacy and being transparent about our data practices.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data. By installing and using Tiny Banana, you agree to the data practices described in this policy.

🎯 Single Purpose

The single purpose of Tiny Banana is: To provide AI-powered image generation and editing capabilities using Google AI API (Gemini 3 and Gemini 2.0 Flash) by processing user-provided text prompts and images.

All data collection and use is strictly limited to enabling this core functionality.

📊 Information We Collect

1. User-Provided Information

We collect only the following information that you explicitly provide:

a) Google AI API Key Required

b) Text Prompts

c) Images

d) User Settings

2. Automatically Collected Information

We do NOT collect any of the following:

  • Browsing history or web activity
  • Personal identifiable information (name, email, phone number)
  • Location data (GPS, IP addresses)
  • Device information
  • Usage analytics or statistics
  • Cookies or tracking pixels
  • Keyboard or mouse activity outside the extension

🔧 How We Use Your Information

We use the collected information solely for the following purposes:

Primary Use (Single Purpose)

  1. Image Generation: Send your text prompts to Google AI API to generate images
  2. Image Editing: Send your uploaded images and edit instructions to Google AI API to create edited images
  3. Prompt Enhancement: Use Gemini 2.0 Flash to automatically improve your prompts (optional feature)

Secondary Uses (Supporting the Single Purpose)

  1. Settings Management: Store your API key and model preference locally to avoid re-entry
  2. Performance Optimization: Cache generated images locally for quick re-access

What We DO NOT Do

  • We do NOT use your data for advertising or marketing
  • We do NOT sell your data to third parties
  • We do NOT use your data to train AI models (per Google's policy)
  • We do NOT track your behavior across websites
  • We do NOT collect data for analytics or research purposes

🌐 Data Sharing and Third-Party Services

Third Parties We Share Data With

We only share your data with the following specific third parties, and only for the single purpose stated above:

1. Google AI API Required

Service Google Generative Language API
Domain generativelanguage.googleapis.com
Data Shared • Your API key (for authentication)
• Text prompts (only when you click "Generate Image")
• Uploaded images (only when you click "Edit Image")
Purpose To generate and edit images using AI
When Only when you explicitly click generation/edit buttons
Privacy Policy https://policies.google.com/privacy

Important Note: According to Google's API policy, data sent to Google AI API is NOT used for model training and is deleted after processing.

2. CORS Proxy Optional

Service AllOrigins API
Domain api.allorigins.win
Data Shared Image URLs only (not image content)
Purpose To bypass CORS restrictions when you drag-and-drop images from websites
When Only when you drag-and-drop web images with CORS restrictions
Alternative You can avoid this by uploading files directly from your device

No Other Third Parties

We do NOT share your data with:

  • Advertising networks
  • Analytics services (e.g., Google Analytics)
  • Marketing companies
  • Social media platforms
  • Any other third parties

✅ Chrome Web Store Limited Use Policy Compliance

This extension complies with the Chrome Web Store User Data Privacy Policy, including the Limited Use requirements:

  1. Limited Use: We use your data ONLY for providing the single purpose (AI image generation and editing)
  2. No Broad Permissions: We request only the minimum necessary host permissions
  3. Transparency: All data collection is disclosed in this policy and in the extension description
  4. User Control: You control when data is sent by explicitly clicking action buttons

Specific Compliance:

  • We do NOT collect or use web browsing activity
  • We do NOT transfer data to third parties except as disclosed above for the single purpose
  • We do NOT use data for advertising or marketing
  • We do NOT sell user data

💾 Data Storage and Retention

Local Storage (Your Device Only)

The following data is stored locally in your browser and NEVER sent to our servers (we don't operate any servers):

Data Type Storage Location Retention Period Deletion Method
API Key chrome.storage.local Until you delete Remove extension or clear settings
Model Settings chrome.storage.local Until you delete Remove extension
Generated Images IndexedDB Latest 50 only Automatic (oldest deleted when >50) or remove extension

Temporary Processing (Memory Only)

Third-Party Storage

Data sent to Google AI API is governed by Google's Privacy Policy. According to Google, API data is not stored for model training and is deleted after processing.

🔒 Data Security

We implement the following security measures:

Technical Safeguards

  • Local Storage: All sensitive data stored only in your browser
  • HTTPS Encryption: All network communications use HTTPS
  • No Remote Code: Extension does not load or execute remote code (Manifest V3 compliant)
  • Minimal Permissions: Only requests necessary Chrome permissions
  • Sandboxed Environment: Runs in Chrome's security sandbox

Organizational Safeguards

  • No Central Servers: We don't operate servers that could be breached
  • No Data Collection: We don't collect data that could be compromised
  • Open Source Potential: Code can be inspected by users

Your Responsibility

⚖️ Your Rights and Choices

Access Your Data

You can access all locally stored data:

  1. API Key and Settings: Open the extension → ⚙️ API Settings section
  2. Cached Images: Open Chrome DevTools → Application → IndexedDB → TinyBananaCache
  3. Chrome Storage: Visit chrome://settings/content → Site settings → Chrome Extension Data

Modify Your Data

Delete Your Data

Delete All Extension Data:

  1. Go to chrome://extensions/
  2. Find "Tiny Banana"
  3. Click "Remove"
  4. Result: All local data (API key, settings, cached images) is permanently deleted

Delete Cached Images Only:

  1. Go to chrome://settings/privacy/cookies
  2. Click "See all site data and permissions"
  3. Search for "Tiny Banana"
  4. Click "Delete" or use Chrome DevTools → Application → IndexedDB

Request Data Deletion from Google:

Contact Google directly per their Privacy Policy to request deletion of data sent to Google AI API.

Opt-Out Options

👶 Children's Privacy

Tiny Banana is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child under 13 has provided information to the extension, please contact us immediately at jlee0724@gmail.com. We will take steps to delete such information promptly.

🌍 International Data Transfers

Location of Data Processing:

Legal Basis:

📍 California Privacy Rights (CCPA)

If you are a California resident, you have the following rights:

Right to Know

You have the right to request:

Right to Delete

You have the right to request deletion of your personal information:

Right to Opt-Out of Sale

We do NOT sell your personal information. There is nothing to opt-out of.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

Contact: jlee0724@gmail.com
Response Time: Within 45 days

🇪🇺 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have the following rights:

Legal Basis for Processing

Data Legal Basis GDPR Article
API Key Consent (by saving in extension) Article 6(1)(a)
Text Prompts & Images Consent (by clicking action buttons) Article 6(1)(a)
Settings Legitimate Interest (user convenience) Article 6(1)(f)

Your GDPR Rights

  1. Right to Access (Article 15) - Access your data via extension settings or Chrome DevTools
  2. Right to Rectification (Article 16) - Modify API key and settings in extension anytime
  3. Right to Erasure / "Right to be Forgotten" (Article 17) - Delete all data by uninstalling extension
  4. Right to Restrict Processing (Article 18) - Stop using the extension (no data processing occurs without your action)
  5. Right to Data Portability (Article 20) - Download generated images via extension's download button
  6. Right to Object (Article 21) - Uninstall the extension to object to all processing
  7. Right to Withdraw Consent (Article 7) - Stop clicking action buttons or uninstall extension

Contact: jlee0724@gmail.com
Response Time: Within 1 month
Supervisory Authority: You may lodge a complaint with your local data protection authority

🍪 Cookies and Tracking Technologies

Tiny Banana does NOT use:

  • Cookies
  • Web beacons
  • Tracking pixels
  • Fingerprinting
  • Google Analytics or similar tools

We do not track your activity across websites or collect analytics data.

🔄 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

How We Notify You

  1. Update Date: We will update the "Last Updated" date at the top of this policy
  2. Chrome Web Store: Significant changes will be noted in extension update notes
  3. In-Extension: Major changes may be notified via the extension interface

Your Options

Recommendation: Review this policy periodically for updates.

🚨 Data Breach Notification

In the unlikely event of a data breach:

  1. Assessment: We will assess the scope and impact (within 72 hours)
  2. Notification: We will notify affected users via email if possible (within 72 hours for GDPR compliance)
  3. Remediation: We will take steps to prevent future breaches
  4. Authorities: We will notify relevant authorities as required by law

Note: Since we don't operate central servers and data is stored locally, the risk of large-scale breaches is minimal.

📧 Contact Us

Questions, Concerns, or Requests?

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

📧 Email: jlee0724@gmail.com

🌐 Chrome Web Store: Tiny Banana Extension Page → Support Tab

Response Times:

  • ⏱️ General inquiries: Within 7 days
  • ⚡ Data deletion requests: Within 48 hours
  • ⚖️ GDPR/CCPA requests: Within 30-45 days as required by law

✅ Compliance and Certifications

This Privacy Policy and Tiny Banana comply with:

📚 Summary

What We Collect

  • 🔑 Your Google AI API key (stored locally)
  • 📝 Text prompts you enter (sent to Google AI API only)
  • 🖼️ Images you upload (sent to Google AI API only)
  • ⚙️ Your settings (stored locally)

How We Use It

  • 🎨 To generate and edit images via Google AI API (single purpose)

Who We Share With

  • 🌐 Google AI API only (when you click action buttons)
  • 🔄 CORS proxy (optional, only for drag-and-drop)

Your Rights

  • ✅ Access, modify, or delete your data anytime
  • ✅ Uninstall extension to remove all local data
  • ✅ Exercise GDPR/CCPA rights as applicable

We Do NOT

  • ❌ Collect browsing history
  • ❌ Use cookies or tracking
  • ❌ Sell your data
  • ❌ Use data for advertising

✍️ Acknowledgment and Consent

By installing and using Tiny Banana, you acknowledge that:

  1. You have read and understood this Privacy Policy
  2. You consent to the collection, use, and sharing of data as described
  3. You understand that data is sent to Google AI API only when you click action buttons
  4. You are responsible for keeping your API key confidential
  5. You are at least 13 years of age (or have parental consent)

Version: 1.0 | Last Reviewed: November 23, 2025 | Next Review: May 23, 2026

© 2025 KDNG Tiny Banana. All rights reserved.