Banana Logo

Privacy Policy for Banana Try-On

Effective Date: 9/17/2025
Last Updated: 9/17/2025

1. Introduction

AJD Digital Ltd. ("we," "us," or "our") operates the Banana Try-On application (the "App") as a Shopify app that enables customers to virtually try on products using artificial intelligence technology. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our App.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), and other privacy regulations.

2. Information We Collect

2.1 Information from Shopify APIs

Through Shopify's APIs, we may access:

  • Customer information: name, email address (Protected Customer Data Level 2)
  • Order information related to try-on sessions
  • Product information for try-on functionality
  • Store information and settings

2.2 Customer-Uploaded Images

When customers use our try-on feature, we collect:

  • Photos uploaded by customers for virtual try-on
  • AI-generated try-on result images
  • Metadata associated with the images (timestamp, size, format)

2.3 Technical Information

We automatically collect:

  • Device information (type, operating system, browser)
  • Usage data and interaction with the App
  • Performance metrics and error logs
  • IP addresses (anonymized after collection)

3. How We Use Your Information

We process personal data only for the following specific purposes:

  • Primary Service: Generate AI try-on images using Google Cloud Vertex AI
  • App Functionality: Display try-on results to customers
  • Performance: Monitor and improve app performance and user experience
  • Security: Detect and prevent fraudulent or abusive use
  • Legal Compliance: Comply with legal obligations and respond to lawful requests
  • Communication: Send service-related notifications (not marketing)

Important: We do NOT use customer images to train our AI models or for any purpose other than providing the try-on service for that specific session.

4. Data Sharing and Third-Party Services

4.1 Google Cloud Services

We use Google Cloud Vertex AI API to process try-on requests. When you use our try-on feature:

  • Your uploaded image is securely transmitted to Google Cloud for processing
  • Google Cloud processes the image solely to generate the try-on result
  • Google Cloud's data processing is governed by their Data Processing Agreement
  • Images are deleted from Google Cloud immediately after processing

4.2 Data Sharing Practices

We do NOT:

  • Sell your personal data to third parties
  • Share your data for advertising or marketing purposes
  • Use your images for any purpose beyond the try-on service
  • Allow third parties to use your data for their own purposes

5. Data Retention

We retain data only as long as necessary:

  • Customer-uploaded images: Deleted immediately after processing
  • AI-generated try-on images: Deleted immediately after display
  • Transaction logs: 30 days for troubleshooting
  • Analytics data: We do not collect analytics data
  • Customer data from Shopify: Deleted upon app uninstall or merchant request

6. Data Security

We implement comprehensive security measures including:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256
  • Secure API authentication and authorization
  • Regular security audits and vulnerability assessments
  • Access controls limiting data access to authorized personnel only
  • Separate test and production environments
  • Incident response procedures for potential data breaches
  • Encrypted backups with same security standards as production data

7. Your Rights (GDPR/CPRA)

You have the following rights regarding your personal data:

7.1 For Customers

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Request restricted processing of your data
  • Objection: Object to certain types of processing
  • Opt-out: Opt-out of sale of personal data (we don't sell data)

7.2 For Merchants

Merchants can manage customer data through Shopify's admin panel and our app settings.

8. Compliance Webhooks

We comply with Shopify's mandatory webhooks for data management:

  • customers/data_request: We provide requested customer data within 30 days
  • customers/redact: We delete customer data as requested within 30 days
  • shop/redact: We delete all shop data 48 hours after app uninstall

9. International Data Transfers

Data is processed in the United States using Google Cloud US regions. For transfers from the UK and EEA, we rely on Standard Contractual Clauses and appropriate safeguards to ensure your data is protected to the same standards as required under UK and EU data protection laws.

10. Children's Privacy

Our App is not intended for children under 16. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete such information immediately.

11. Consent and Legal Basis

We process personal data based on:

  • Consent: For image uploads and try-on processing
  • Legitimate Interest: For app functionality and security
  • Legal Obligation: For compliance with applicable laws
  • Contract Performance: For providing services to merchants

12. Automated Decision-Making

Our AI try-on feature uses automated processing to generate results. This processing:

  • Is limited to visual try-on generation only
  • Does not make decisions with legal or significant effects
  • Does not profile users or make inferences about them
  • Can be opted out of by not using the try-on feature

13. Updates to This Policy

We may update this Privacy Policy periodically. When we make significant changes, we will:

  • Update the "Last Updated" date
  • Notify merchants through the Shopify app interface
  • Obtain new consent if required by law

14. Contact Information

Company: AJD Digital Ltd.

Address: 90 Ringinglow Road, Sheffield, S117PQ, United Kingdom

Email: [email protected]

For privacy-related requests, please contact us at the email above. We will respond within 30 days.

15. Complaints

If you have concerns about our privacy practices, you have the right to lodge a complaint with your local data protection authority. For EEA residents, you can find your local authority at:https://edpb.europa.eu/about-edpb/board/members_en