1. Information We Collect
- Account Information: Email address (encrypted at rest), username, and password (hashed with bcrypt)
- Usage Data: Games played, session duration, interactions with the Service
- Device Information: IP address, browser type, device identifiers for security purposes
- Generated Content: Games and content you create using our tools (encrypted at rest)
2. How We Use Your Information
- To provide, maintain, and improve the Service
- To process transactions and send related information
- To detect, prevent, and address fraud and security issues
- To communicate with you about the Service
- To enforce our Terms of Service
3. OAuth and MCP Access
When you connect Go Bananas to an AI assistant (such as Claude or ChatGPT) via the Model Context Protocol (MCP), the following scopes are requested:
- games:read — allows the AI to search, browse, and view your games
- games:write — allows the AI to create, edit, remix, publish, and delete games on your behalf
You can revoke this access at any time by disconnecting Go Bananas from your AI assistant's settings.
4. Data Retention
- Account data: Retained while your account is active
- Security/fraud data: IP addresses, device fingerprints, and behavioral signals are automatically deleted after 90 days
- Payment records: Retained for 90 days for fraud prevention, then deleted
- Session tokens: Expire after 30 days (registered users) or 14 days (anonymous)
5. Your Rights (GDPR)
- Right to Access: You can view your data in your account settings
- Right to Export: You can download all your data via account settings
- Right to Deletion: You can delete your account and all associated data at any time
- Right to Rectification: You can update your display name and account information
6. Third-Party Services
We share data with the following third-party services, each of which has its own privacy policy:
- Stripe — payment processing
- SendGrid — transactional emails
- Twilio — SMS notifications (optional)
- Anthropic — AI game generation (prompts only, no personal data)
7. Data Sales
We do not sell, rent, or trade your personal information to third parties.
8. Cookies
Go Bananas uses the following cookies:
- gf_auth: Authentication session cookie. HttpOnly, secure. Expires after 30 days (registered users) or 14 days (anonymous).
- Cookie consent preference: Stored in localStorage, not as a cookie.
No third-party tracking cookies are used.
9. Data Security
We implement AES-256 encryption for sensitive data at rest, bcrypt for passwords, and TLS for data in transit. However, no method of transmission over the Internet is 100% secure.
10. Children's Privacy
You must be at least 13 years of age to use this Service. We do not knowingly collect personal information from children under 13.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
12. Contact Us
For questions about this Privacy Policy or your data, please contact us at: support@gobananas.co