Privacy Policy

who we are and how to reach us

This is the privacy policy for Peeled Banana LLC ("Peeled Banana", "we", "us"). It covers both our website, peeledbanana.com, and our iPhone app, granny. The two handle data differently, so we cover the website first and then the app.

For anything at all — privacy questions, support, or legal — email us at hello@peeledbanana.com.

Our mailing address is [ ___ ]. We are organized under the laws of [ ___ ].

the website (peeledbanana.com)

This section is about peeledbanana.com — the site you're on right now. Everything after it is about the granny app.

The only personal information the website collects is the email address you choose to give our early-access waitlist. You don't have to give it. If you do, we use it to email you when granny launches, plus the occasional update along the way.

We store waitlist emails with Supabase, our database provider. The site is hosted on Vercel, which processes standard server logs (such as IP addresses) to serve and protect the site, and we use Vercel Web Analytics to see how many people visit and which pages they read. Vercel Web Analytics is privacy-friendly and cookieless — it doesn't use cookies, doesn't track you across other websites, and doesn't collect information that identifies you personally. We don't run advertising trackers, and we don't set tracking cookies.

We keep your waitlist email until granny launches or until you ask us to remove it — whichever comes first. To be removed, use the unsubscribe link in any email we send, or email hello@peeledbanana.com and we'll delete it.

the information we handle

It helps to think of your information in three buckets: what you send us, what stays on your device, and what we keep on our servers. We treat each one differently.

(a) What you send us. When you ask granny to read a conversation, you pick screenshots from your photo library and send them to us. We pass each image to an AI provider to extract the conversation text. The extracted transcript is then shown to you in the app, where you can edit it.

(b) What stays on your device. We call this your notebook, and it lives on your iPhone, protected by iOS device encryption. It includes:

• the conversation transcripts granny pulls from your screenshots
• granny's notes about you — what she's learned about your intent, your patterns, your icks, and your style (we call this your User Model)
• your per-match memory
• your journal
• your chat history with granny
• your notification check-ins

(c) What we store on our servers. Our backend database (hosted on Supabase/Postgres) holds two things:

• your account record, created when you sign in with Apple — an Apple user identifier, your email, an account id, and the date the account was created
• usage and metering records for each AI call — the endpoint, the model, the provider, token counts, and cost — which we use for billing and to enforce fair use, plus your subscription and credit ledger records

To be clear: we do not store a copy of your conversations, your transcripts, or your notebook on our servers. Our backend reads your screenshots so granny can do her job, but it does not retain the conversation content.

how your screenshots are processed

Reading a chat takes a few steps, and we want you to know exactly what happens at each one.

• Your screenshots travel to our backend encrypted in transit (HTTPS/TLS).
• We forward each image once to a third-party vision model to extract the text. We call this "extract-once": the image is sent a single time and is never re-sent, even if you add more messages to the same chat later.
• Once the text is extracted, coaching works from the transcript text, not the image. To get granny's read, the transcript text plus some context is sent to an AI provider — your screenshots are not sent again.
• Providers are instructed not to use the content you submit to train their models, through the providers' API terms and no-training configuration.

We use OpenAI for vision (reading the text out of your screenshots) and Anthropic (Claude) for coaching, analysis, and chat by default. granny is built to work with more than one provider, and may use other AI providers such as xAI or DeepSeek.

The AI provider API keys live on our backend only. They are never shipped inside the app.

who we share data with

We keep the list of companies that touch your data short, and each one is there for a specific reason. We do not sell your personal information to anyone, and we don't share it for cross-context behavioral advertising. Here is everyone who receives data and why:

• AI providers — OpenAI reads the text out of your screenshots (vision); Anthropic (Claude) provides coaching, analysis, and chat by default; we may also route to other providers such as xAI or DeepSeek. They receive your screenshots and/or transcript text plus context so granny can do her job. They are instructed not to train on your content.
• Apple — handles Sign in with Apple (your account identity) and Apple In-App Purchase (payment processing). Apple receives the information needed to sign you in and to charge your subscription; we never see or store your card details.
• Supabase — hosts our backend database and authentication. It stores your account record and the usage/billing records described above. It does not store your conversations or your notebook.
• RevenueCat — manages your subscription. It receives a user/subscription identifier and your purchase and transaction data so we can tell whether your subscription is active.

We don't use any third-party behavioral analytics or advertising SDKs — no Amplitude, Mixpanel, or Firebase Analytics, and no ad networks.

the other person in the chat

Your screenshots contain someone else's messages — the person you're talking to (your "match"). That content is processed by the AI providers in the same way yours is: OpenAI reads it out of the image, and Anthropic (or another provider) uses it for coaching.

The other person hasn't agreed to any of this. So when you upload a screenshot, you're confirming that you have the right to share it, and you take responsibility for doing so. Please be thoughtful about what you upload.

accounts and Sign in with Apple

You sign in with Apple, handled through Supabase Auth. From that we receive an Apple user identifier and your email, which become your account record (along with an account id and the date you created it).

Your session token is stored in your iPhone's keychain so you stay signed in.

payments

granny is a paid subscription. Payments are handled by Apple In-App Purchase — Apple is the payment processor, and we never see or store your card details.

We use RevenueCat to manage subscriptions. RevenueCat receives a user/subscription identifier and your purchase and transaction data so we can tell whether your subscription is active.

The price and billing period are shown to you at the point of purchase, in the app and on the App Store, before you commit. There is one free trial per person. The subscription auto-renews unless you cancel; you manage and cancel it in your App Store account settings. (Our Terms at /terms cover the renewal and cancellation details.)

Your subscription is not unlimited. Because every chat read and every coaching turn has a real AI cost, a weekly fair-use cap applies to your AI usage. The usage and metering records described above are how we measure that. The details of the cap are in our Terms at /terms.

what we do not do

• We don't use third-party behavioral analytics SDKs — no Amplitude, Mixpanel, or Firebase Analytics.
• We don't show ads.
• We don't sell your personal information, and we don't "share" it for cross-context behavioral advertising in the sense those words carry under California law.
• We don't store your conversations or your notebook on our servers. The only usage we record is the metering we need for billing and fair use.

data retention and where data lives

Your notebook lives on your iPhone for as long as the app is installed and you keep it there. It isn't copied to our servers.

Your account record and usage/billing records live in our backend database (Supabase/Postgres) for as long as you have an account, so we can run billing and enforce fair use. When you delete your data (see below), they're removed.

Our backend does not retain the conversation content it processes. The screenshots and extracted text aren't kept on our side as a stored record of your chats.

security

Your screenshots and transcripts travel to our backend encrypted in transit (HTTPS/TLS). The data on your phone — your notebook — is protected by iOS device encryption.

No system is perfectly secure, but we design granny to keep as little as possible on our servers and to keep your notebook on your device.

your choices and rights

You're in control of your data. You can review and edit your transcripts and your notebook right in the app. And you can delete everything.

"Forget me." Inside the app, this is a real, permanent delete. It:

• deletes your server-side account and all your usage and ledger records (cascade)
• deletes your Sign in with Apple identity
• deletes your RevenueCat subscriber record
• wipes all the data on your device

It is durable and irreversible — once it's done, it's done, our side included.

Depending on where you live, you may have rights over your personal information. If you're in the EU/EEA or UK, the GDPR gives you the rights to access your data, to have it corrected (rectification), to have it deleted (erasure), to restrict or object to how we process it, to receive a copy in a portable format (portability), and to lodge a complaint with your local data protection authority. If you're in California, the CCPA/CPRA gives you the rights to know, access, correct, and delete your personal information, and to not be discriminated against for exercising them; we do not sell or "share" your personal information.

When we process your personal information, we rely on these legal bases: performing our contract with you (running your account, billing, and delivering granny's coaching), our legitimate interests (keeping the service secure and enforcing fair use), your consent where we ask for it, and complying with our legal obligations.

The "forget me" control gives you a direct, immediate way to delete everything. To exercise any other right — access, correction, portability, or objection — email hello@peeledbanana.com and we'll help.

children

granny is for adults — you must be 18 or older to use it. It is not directed to anyone under 18, and we don't knowingly collect information from anyone under 18.

international users and data transfers

We're a US company, and our service providers operate in the United States and possibly elsewhere. If you use granny from outside the US, your information may be processed in the US or wherever our providers operate. By using granny, you understand your information may be transferred to and handled in those places.

Where your information is transferred out of the EU/EEA or UK, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses (and the UK equivalents) — where those safeguards are required by law.

changes to this policy

If we change this policy, we'll update the effective date at the top and post the new version here. If the change is significant, we'll do our best to let you know.

contact

Questions about your privacy, or anything else? Email us at hello@peeledbanana.com. We read every message.