CodeBanana Privacy Policy

Effective Date: May 7, 2026

Last Updated: May 7, 2026

CodeBanana values your privacy and is committed to protecting personal data we collect from or about you when you access or use CodeBanana and our related websites, applications, connected-device features, online functionalities, and other related services (collectively, the "Services").

This Privacy Policy applies to personal data processed by Mobvoi Pte. Ltd. and its affiliates ("CodeBanana," "we," "us," or "our") in connection with the Services.

This Privacy Policy does not apply to personal data that we process solely on behalf of an enterprise, organization, workspace, or business customer under a separate agreement. In those cases, the relevant customer agreement governs our processing of that data, and we process the data as instructed by that customer.

This Privacy Policy explains:

Personal Data We Collect
How We Use Personal Data
AI Features, Projects, Files, Preview, and Deployment
Platform-Specific Features and Device Permissions
Connected Devices, Audio, Transcription, and Related Services
How We Disclose Personal Data
Cookies and Similar Technologies
Data Retention
International Transfers
Legal Bases for Processing
Your Rights and Choices
Region-Specific Notices
Children
Security
Changes to This Privacy Policy
How to Contact Us

1. Personal Data We Collect

We collect personal data you provide directly, personal data generated through your use of the Services, and personal data we receive from third parties or connected services.

1.1 Personal Data You Provide to Us

Account and profile information. When you create, access, or manage an account, we may collect information such as your name, username, avatar, profile photo, email address, phone number, account credentials, authentication information, organization affiliation, and related profile information.

Payment and transaction information. If you purchase a subscription, service credits, team plan, connected-device feature, or other paid Services, we may collect billing information, subscription plan details, payment status, invoices, transaction history, renewal status, refund request information, usage records, and related records. Payment card details and payment credentials may be processed directly by third-party payment providers rather than by us.

User Content. We collect content you submit, upload, import, record, generate, edit, store, deploy, or otherwise provide through the Services, including prompts, code, scripts, configuration files, runtime logs, terminal output, files, documents, images, audio, recordings, transcripts, notes, project materials, comments, chat messages, instructions, feedback, deployment records, and other content you choose to provide.

Files and project materials. When you upload, paste, import, select, or submit files, we may process the file content, file name, file format, file size, upload time, workspace or project association, and related operational records to provide file upload, storage, preview, parsing, question answering, code analysis, contextual assistance, project collaboration, and related features.

Communications and support information. If you contact us, request technical support, report an issue, provide feedback, complete a survey, or otherwise communicate with us, we may collect your name, contact details, communications, attachments, support history, logs, project context, and any other information you choose to provide or that is necessary to resolve your request.

Organization and collaboration information. If you are invited to join an organization, workspace, team, or project, we may collect and process information relating to your invitation, workspace membership, permissions, role, resource allocation, quotas, billing attribution, and related collaboration records. Where an administrator provides your contact details to invite you, we process that information for invitation, team management, permission management, billing attribution, and related administrative purposes.

1.2 Personal Data We Collect Automatically

When you access or use the Services, we may automatically collect certain information, including:

Log data. This may include IP address, browser type, device type, operating system, app version, timestamps, request metadata, error logs, crash logs, performance logs, security logs, and similar technical information.

Usage data. This may include information about how you use the Services, such as features accessed, actions taken, pages viewed, time spent, interaction patterns, workspace activity, file operations, command execution records, model selection records, token usage, request volume, preview status, deployment status, service status, port status, project collaboration activity, and billing or quota usage.

Device data. Depending on the platform and your device settings, this may include device identifiers, device model, device name, manufacturer, system language, time zone, network information, app version, SDK version, and related device metadata.

Approximate location data. We may infer your approximate location from your IP address or similar network signals for fraud prevention, service localization, availability checks, security monitoring, and compliance purposes.

Cookies and similar technologies. When you use our web-based Services, we may use cookies, local storage, session storage, and similar technologies to remember preferences, maintain sessions, improve performance, support security, and understand how the Services are used.

1.3 Data from Third Parties and Connected Services

We may receive personal data from third-party login providers, payment providers, cloud service providers, security providers, analytics providers, AI model providers, transcription providers, organizational administrators, connected devices, and other trusted partners where necessary to operate and improve the Services, prevent abuse, process payments, manage teams, provide support, or deliver requested functionality.

2. How We Use Personal Data

We use personal data for the following purposes:

to provide, operate, maintain, and support the Services;
to create, authenticate, secure, and manage user accounts;
to process subscriptions, renewals, invoices, usage-based charges, refunds, and related billing operations;
to enable organization, workspace, project, and team administration;
to upload, store, analyze, preview, deploy, synchronize, and manage files, code, projects, and other content;
to provide AI-powered features such as chat, code assistance, issue analysis, summarization, transcription, translation, content generation, and knowledge organization;
to route requests to relevant third-party AI, transcription, infrastructure, or technical service providers where required to deliver requested functionality;
to provide online preview, deployment, runtime result pages, terminal features, service management, and related developer tools;
to enable connected-device features, including device discovery, pairing, binding, synchronization, recording, and audio processing;
to respond to support requests, troubleshoot issues, diagnose failures, and improve service quality;
to monitor, detect, investigate, and prevent fraud, abuse, security incidents, policy violations, unauthorized access, and other harmful activity;
to analyze usage, performance, stability, and reliability of the Services;
to communicate with you about account issues, billing matters, product changes, security notices, support requests, and administrative updates;
to comply with legal obligations and enforce our terms, policies, and rights;
to protect the rights, property, safety, and security of CodeBanana, our users, our service providers, and third parties.

Unless we separately notify you and obtain any required permission, we do not use your chats, code, files, project content, recordings, audio files, transcripts, or other related user content to train a general-purpose model.

3. AI Features, Projects, Files, Preview, and Deployment

When you use AI chat, code generation, issue analysis, task breakdown, text generation, project assistance, file processing, online preview, deployment, or related features, we may process the content you provide or generate, including prompts, code, scripts, configuration files, logs, files, project materials, transcripts, notes, and related operational records.

When you upload or import files, we may process the file content, file name, file format, file size, upload time, workspace or project association, and related operational records to enable file upload, storage, preview, parsing, question answering, code analysis, contextual assistance, project collaboration, and related features. We process files you actively select, upload, paste, import, or submit. We do not automatically read unrelated local files merely because you grant file, photo library, or storage permissions.

When you create, edit, upload, preview, delete, or manage project files, code, and materials, we may process project content, file content, collaboration history, version history, member information, permissions, and related logs to provide project management, collaboration, display, storage, access control, and troubleshooting.

When you use model selection or model-backed features, we may process model selection records, request parameters, context, task category, and related logs to route and complete your requests. Available models, capabilities, and model-specific features may vary by region, deployment environment, provider policy, or legal requirements.

CodeBanana provides AI-powered features through server-side API integrations with third-party AI model providers. We do not integrate these AI model providers as client-side SDKs in the iOS app unless otherwise disclosed. When you use AI chat, code generation, code analysis, file analysis, audio transcription, summarization, translation, content generation, or other model-backed features, we may send the content and context necessary to complete your request to the selected or system-routed AI model provider.

Depending on the feature you use, this may include prompts, chat messages, code snippets, scripts, configuration files, uploaded files, documents, images, project materials, project structure, selected code ranges, project instructions, runtime logs, terminal output, error messages, deployment or preview context, audio files, recordings, transcripts, summaries, speaker labels, request parameters, selected model, task type, timestamps, response status, token usage, and related technical logs.

We share this information with AI model providers only as necessary to provide the requested AI functionality, return model outputs, support model routing and model selection, maintain service stability, prevent abuse, troubleshoot failures, and ensure security. Unless we separately notify you and obtain any required permission, we do not use your chats, code, files, project content, recordings, audio files, transcripts, or other related user content to train a general-purpose model.

We may process logs relating to preview status, deployment status, page rendering, command execution, service status, port status, error output, access results, and related security events to maintain service stability, troubleshoot failures, detect abuse, and improve reliability.

If you access preview pages, deployed pages, external links, runtime result pages, or other resources generated from your code or project configuration, you understand that such pages, applications, or services may be provided, hosted, rendered, executed, or triggered by your code, your project configuration, your device environment, third-party hosting or deployment infrastructure, connected devices, or third-party websites. Information processed within those environments may be governed by the privacy policies and terms of the relevant third parties or actual operators rather than by this Privacy Policy.

4. Platform-Specific Features and Device Permissions

The Services may be available through websites, mobile applications, desktop or web interfaces, connected-device features, and other platform versions. Different versions may vary in layout, feature entry points, interaction methods, permission requests, supported features, and auxiliary capabilities.

Where a specific platform version provides a special feature, interaction method, or data-processing practice, we may provide additional notices through the interface, in-product prompts, permission dialogs, feature descriptions, or supplemental terms.

Depending on the features you use and your device settings, we may request access to certain device permissions, including:

network access, to access and use online Services;
camera access, to take photos, scan codes, or upload images;
photo library, storage, or file access, to upload, save, export, or import files, images, audio, or other content;
microphone access, for voice input, recording, or audio-related features;
Bluetooth access, to discover, connect, bind, and manage TicNote or other external devices;
location access, where required by certain operating systems to scan for, discover, or connect to Bluetooth devices;
notification access, to send service notifications, security alerts, billing notices, or connected-device notifications;
clipboard-related access, to support copy, paste, sharing, link opening, invitation, and similar user-initiated actions.

We only request and use permissions where reasonably necessary for the relevant feature. You may manage permissions through your device or browser settings. If you disable or refuse a permission, the related feature may not work, but other Services may remain available.

5. Connected Devices, Audio, Transcription, and Related Services

If you connect, bind, or use an external device such as TicNote or another audio device through the Services, we may process information necessary for device discovery, connection, pairing, control, synchronization, device management, troubleshooting, firmware updates, and support.

This may include device name, device model, device identifiers, MAC address, IMEI, serial number, firmware version, battery status, connection status, pairing records, operation logs, and related technical records, depending on the device type and platform capabilities.

If you record, upload, import, or process audio, we may process audio files, recordings, transcripts, summaries, translations, speaker labels, extracted tasks, tags, AI-generated notes, and related outputs in order to provide audio management, transcription, summarization, translation, knowledge extraction, AI question answering, and related features.

If your audio, recordings, transcripts, uploaded materials, or connected-device data contain another person's voice, speech, likeness, personal data, confidential information, or other protected information, you are responsible for ensuring that you have all necessary rights, permissions, notices, consents, and lawful bases to provide and process that content through the Services.

When you actively use AI transcription, AI summarization, AI question answering, translation, content generation, or related features, we may share the data necessary to complete the requested feature with third-party AI, transcription, or technical service providers. Depending on the feature, this may include audio content, audio files, transcripts, summaries, prompts, relevant context, request metadata, and technical logs.

6. How We Disclose Personal Data

We may disclose personal data in the following circumstances:

6.1 Vendors and Service Providers

We may share personal data with vendors, subprocessors, and service providers that help us provide the Services, including cloud hosting providers, infrastructure providers, security providers, payment processors, customer support providers, transcription providers, notification providers, analytics providers, authentication providers, and AI model providers.

6.2 AI Model Providers and AI-Related Service Providers

CodeBanana uses third-party AI model providers through server-side API integrations to provide AI chat, code generation, code editing, code explanation, code analysis, issue analysis, task breakdown, file analysis, transcription, translation, summarization, note generation, knowledge organization, and other AI-assisted features.

When you actively use AI-powered features, we may share the data necessary to complete the requested feature with the selected or system-routed AI model provider. Depending on the feature, this may include prompts, chat messages, uploaded files, code snippets, scripts, configuration files, project context, selected code ranges, project structure, runtime logs, terminal output, deployment or preview context, audio content, recordings, transcripts, summaries, speaker labels, request metadata, token usage, response status, and related technical logs.

We use these providers to provide app functionality, return AI outputs, support model selection and routing, maintain service reliability, troubleshoot issues, prevent abuse, and ensure security. We do not share this data with AI model providers for third-party advertising, cross-app tracking, data broker purposes, or targeted advertising.

We do not integrate the AI model providers listed below as client-side SDKs in the iOS app unless otherwise disclosed. These providers are used through API-based service integrations.

6.3 AI Model Provider List

Depending on the model selected by you, feature availability, region, service stability, product configuration, or system routing, CodeBanana may use one or more of the following third-party AI model providers:

Provider / Model Service	Legal Entity / Controller	Privacy Policy
OpenAI	OpenAI OpCo, LLC	https://openai.com/policies/row-privacy-policy/https://openai.com/policies/eu-privacy-policy/
Anthropic / Claude	Anthropic, PBC	https://www.anthropic.com/legal/privacy
Google Gemini	Google LLC	https://support.google.com/gemini/answer/13594961?hl=en https://policies.google.com/privacy
DeepSeek	Hangzhou DeepSeek Artificial Intelligence Co., Ltd.	https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html
GLM / Zhipu AI	Beijing Zhipu Huazhang Technology Co., Ltd.	https://docs.bigmodel.cn/cn/terms/privacy-policy
Kimi / Moonshot AI	MOONSHOT AI PTE. LTD.	https://moonshot-ai.gitbook.io/moonshot-ai/terms-and-agreement/kimi-openplatform-privacy-policy
Doubao / ByteDance Seed	Beijing Chuntian Zhiyun Technology Co., Ltd.	https://research.doubao.com/privacy-policy
MiniMax	Nanonoble Pte. Ltd.	https://platform.minimax.io/protocol/privacy-policy
Qwen / Alibaba Cloud Model Studio	Alibaba Cloud LLC	https://www.alibabacloud.com/help/doc-detail/2978326.html

6.4 Other Third-Party Service Providers

In addition to AI model providers, we may use other third-party service providers to support the operation, security, infrastructure, authentication, storage, and delivery of the Services. We share personal data with these providers only as necessary to provide the relevant functionality, maintain the Services, protect security, troubleshoot issues, or comply with applicable law.

Service Provider	Product / Service Type	Data Shared	Purpose	Use Scenario	Sharing Method	Privacy Policy
Tencent Cloud Computing (Beijing) Co., Ltd.	Tencent Cloud infrastructure / cloud services	Account information, project information, file information, log information, device information, network information	To provide cloud computing, storage, networking, security, logs, project content hosting, and related infrastructure capabilities	Service operation, file storage, project hosting, security protection, troubleshooting, and failure recovery	Server-side interface transmission	https://www.tencentcloud.com/zh/document/product/301/17345
Alibaba Cloud Computing Co., Ltd.	SMS verification code login service	Phone number, SMS verification code content, verification request records, sending status, timestamps	To send SMS verification codes and complete account registration, login, identity verification, and security checks	When a user actively requests an SMS verification code for login or identity verification	Server-side interface transmission	https://privacy.aliyun.com/

6.5 Payment Providers

If you purchase paid Services, we may share information necessary to process transactions with payment providers. We generally do not receive full payment card numbers or payment credentials where those are processed directly by payment providers.

6.6 Organizational Administrators

If you use the Services through an organization, workspace, team, or enterprise account, the administrator or account owner may have access to certain account, workspace, project, billing, usage, support, and content-related information. Administrators may control settings, permissions, resource allocation, workspace access, billing attribution, and account administration actions.

6.7 User-Directed Sharing

If you choose to share content, invite others, publish content, export a deployment link, connect a third-party integration, or otherwise direct us to make content available to others, we may disclose the relevant information according to your instructions.

6.8 Corporate Transactions

We may disclose or transfer personal data as part of a merger, acquisition, financing, reorganization, bankruptcy, asset sale, corporate transaction, or similar event.

6.9 Legal, Safety, and Rights Protection

We may disclose personal data where necessary to comply with law, regulation, legal process, or lawful government request; to enforce our terms or policies; to detect, prevent, or respond to fraud, abuse, or security incidents; or to protect the rights, property, safety, and security of CodeBanana, our users, our service providers, or others.

We do not sell personal data in exchange for monetary consideration. We also do not share personal data with AI model providers for third-party advertising, cross-app tracking, data broker purposes, or targeted advertising.

7. Cookies and Similar Technologies

When you use our web-based Services, we may use cookies, local storage, session storage, pixels, logs, and similar technologies to operate and improve the Services.

We may use these technologies to:

keep you signed in;
maintain session continuity;
remember preferences;
improve page loading and performance;
protect against fraud, abuse, and security risks;
understand how users interact with the Services;
diagnose errors and improve reliability.

You can manage cookies through your browser settings. If you disable cookies or similar technologies, some features may not work properly.

If we use analytics, advertising, or other non-essential cookies where consent is required by applicable law, we will provide appropriate notice and choice.

8. Data Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, protect the security and integrity of the Services, and pursue legitimate business purposes.

Retention periods may vary depending on:

the type of data involved;
the purpose for which it is processed;
your account, workspace, and deletion settings;
the nature of the Services you use;
legal, accounting, audit, fraud prevention, security, and compliance obligations.

If you delete content, close a project, disconnect a device, or delete your account, we will delete or de-identify the relevant personal data within a reasonable period unless we are required or permitted to retain it for legal, security, fraud prevention, dispute resolution, backup, or compliance purposes.

9. International Transfers

Because CodeBanana operates internationally and uses global service providers, your personal data may be transferred to, stored in, or accessed from countries other than the country where you reside.

Where required by applicable law, we implement appropriate safeguards for cross-border transfers, such as contractual protections, organizational measures, and technical safeguards.

By using the Services, you acknowledge that your personal data may be processed in jurisdictions that may have different data protection laws than your jurisdiction.

If you are located in a jurisdiction that requires additional protections for cross-border transfers, we will provide those protections as required by applicable law.

10. Legal Bases for Processing

Where applicable law requires us to identify a legal basis for processing personal data, we rely on one or more of the following legal bases:

Performance of a contract. We process personal data as necessary to provide the Services, manage accounts, process payments, enable collaboration, provide support, and perform our agreements with you.
Consent. We may process personal data based on your consent, such as where you grant device permissions, connect certain services, use optional features, or agree to certain cookies or communications.
Legitimate interests. We may process personal data for our legitimate interests, such as improving the Services, ensuring security, preventing fraud and abuse, analyzing performance, supporting users, and developing new features, where those interests are not overridden by your rights and interests.
Legal obligations. We may process personal data to comply with applicable laws, regulations, legal processes, or governmental requests.
Vital interests and public interest. In limited cases, we may process personal data where necessary to protect vital interests or perform tasks in the public interest, as permitted by applicable law.

11. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal data, including the right to:

access personal data we hold about you;
request correction of inaccurate or incomplete data;
request deletion of personal data;
request restriction of processing;
object to certain processing;
request portability of your personal data;
withdraw consent where processing is based on consent;
opt out of certain data sharing or targeted advertising where applicable;
appeal or complain to a data protection authority where applicable.

You may be able to access, update, export, or delete certain personal data directly through your account settings, workspace settings, or project settings.

If you wish to exercise any rights available to you, please contact us using the contact details below. We may need to verify your identity before processing your request.

If you use the Services through an organization, workspace, or enterprise account, certain requests may need to be directed to or coordinated with your organization administrator.

12. Region-Specific Notices

12.1 EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority.

Where we rely on consent, you may withdraw consent at any time. Withdrawal of consent does not affect processing that occurred before withdrawal.

Where we rely on legitimate interests, you may have the right to object to such processing.

12.2 California and Certain U.S. State Privacy Rights

If you are a resident of California or another U.S. state with applicable privacy laws, you may have rights to know, access, correct, delete, obtain a copy of, or opt out of certain uses or disclosures of personal data.

We do not sell personal data in exchange for monetary consideration. If we engage in data practices that applicable law defines as "sharing," "targeted advertising," or similar terms, we will provide any required notice and opt-out mechanism.

We will not discriminate against you for exercising your privacy rights.

13. Children

The Services are not intended for children under the age of 13, and children under 18 should use the Services only with the involvement and permission of a parent or legal guardian where required by applicable law.

We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data unlawfully, please contact us and we will take appropriate action.

14. Security

We implement reasonable technical, administrative, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption in transit, logging, monitoring, authentication, internal permission controls, and incident response procedures.

However, no method of transmission over the internet or method of storage is completely secure. We therefore cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials and for using appropriate safeguards when handling code, files, recordings, transcripts, deployment links, and other content.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, business operations, or data processing practices.

When we make material changes, we will provide notice as appropriate, such as by updating the "Last Updated" date, posting a notice in the Services, or providing additional notice where required by law.

Your continued use of the Services after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy, to the extent permitted by law.

16. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

📧 codebanana-support@mobvoi.com