Skip to main content
Banana Farmer logo
Banana Farmer
Join
Official Compliance Portal

Privacy Policy

Data collection, usage, and protection protocols for the Banana Farmer ecosystem.

System StatusAuthorized Doc
Last TransmissionFebruary 10, 2026

Plain-English Snapshot

  • We collect the minimum needed to run a US-optimized analytics app (account details, email, payment via Stripe, basic device/usage info, referral/UTM parameters).
  • We do not collect brokerage credentials or trade on your behalf.
  • Market/crypto/social metrics come from vendors and public sources; we use them to compute scores/badges.
  • All your data is transferred to, and processed in, the United States.
  • You can access, correct, or delete your data; opt out of marketing; and export your waitlist/account info.
  • We don’t sell your personal information.

1) Scope & Relationship to the Terms

This Privacy Policy explains how we collect, use, disclose, and protect information in the Service. By using the Service, you agree to this Policy and our Terms of Service.

2) What We Collect

We collect information in three ways: (A) you provide it, (B) we collect it automatically, and (C) we obtain it from third parties.

A) Information you provide

  • Waitlist & referrals (Prefinery): email address; consent; optional name; referral link data; anti-fraud signals (e.g., duplicate sign-ups).
  • Account & profile (app): email, password (hashed), state or ZIP (optional), preferences (e.g., watchlist, notification settings).
  • Support & surveys: messages, feature requests, bug reports, survey answers.
  • Billing (Stripe): name, email, billing address, last4/brand/expiry of card via Stripe (we don’t see full card numbers).
  • Consent records: timestamps and IP related to opt-in/out, ToS acceptance.

B) Information collected automatically

  • Device & log data: IP address, approximate region/country, user-agent, device type, browser, OS, referrer, pages viewed, timestamps.
  • Security & access signals: IP-based geolocation country code, WAF challenge/allow/deny results, VPN/proxy flags.
  • Session/usage metrics: feature clicks (e.g., toggles All/Stocks/Crypto), score views, time on page, error telemetry, rate-limit events.
  • Cookies & similar tech:
    • Strictly necessary: session/auth, CSRF, WAF/edge cache, referral attribution.
    • Analytics (optional, requires consent): We use Google Analytics (GA4) and PostHog with IP anonymization enabled. This collects aggregated page views, events, and conversion funnels to help us improve the Service. These services use cookies and similar technologies. You can opt out via our cookie preferences.
    • No third-party ad pixels at launch. If we add them later, we’ll update this Policy and provide an opt-out.

C) Information from third parties

  • Payment processor (Stripe): payment status, fraud screening results, subscription state.
  • Waitlist/referrals (Prefinery): referral counts, rank, unique invite code usage, anti-fraud scoring.
  • Infrastructure & security (Cloudflare): IP reputation, bot score, threat intel, edge logs.
  • Market & crypto data (vendors such as Polygon and CoinGecko): quotes, OHLCV, metadata; not your brokerage/exchange data.
  • Public social-signal sources (e.g., Reddit/X aggregations): public counts/velocity/trends only; we do not connect to or store your personal social-media accounts.

3) How We Use Information (Purposes)

We use information to:

  • Provide and operate the Service (auth, sessions, dashboards, paywall, trials).
  • Compute analytics (scores, badges, explanations) from vendor/public data.
  • Enforce security controls and protect against abuse (WAF, rate limits, anti-fraud).
  • Process payments & subscriptions (Stripe).
  • Run the referral program (unique links, leaderboards, anti-fraud via Prefinery).
  • Measure performance and improve the product (aggregated analytics, A/B tests).
  • Communicate with you (transactional emails, product updates, build-in-public milestones; you can opt out of marketing).
  • Comply with law, taxation, accounting, and to assert or defend legal claims.

We do not sell, broker, or share your personal information for cross-context behavioral advertising. If that changes, we will update this Policy and provide required opt-outs.

4) Our Legal Basis (transparency)

To provide clarity for all users, including those in jurisdictions with comprehensive data protection laws (like GDPR or UAE PDPL), we explain our legal bases:

  • Contractual necessity: running your account, providing the Service/trial, processing payments.
  • Legitimate interests: security, fraud prevention, service optimization, product analytics, improving features.
  • Consent: marketing emails, optional cookies/analytics where applicable, and international data transfers (to the US).
  • Legal obligations: tax/financial recordkeeping, responding to lawful requests.

5) How We Share Information

We share information with service providers/processors under contracts that limit their use to our instructions:

  • Framer (site/hosting for LP), Cloudflare (WAF, CDN, IP geofence), Prefinery (waitlist/referrals), Stripe (payments), Google (Google Analytics for website analytics), PostHog (product analytics).
  • Professional advisors (legal, accounting, compliance) under confidentiality.
  • Law enforcement or regulators when required by law or to protect rights/safety.
  • Business transfers: if we explore or complete a merger, acquisition, or asset sale, data may be transferred under this Policy.

6) Cookies & Controls

  • Required cookies: auth session, CSRF, WAF, referral attribution.
  • Analytics cookies: optional and privacy-respecting if/when enabled; we’ll present a banner/setting if required.
  • Do Not Track (DNT): there’s no industry consensus; we treat DNT as a preference but may not respond to it.

7) International Data Transfers & Access

Banana Farmer is headquartered, and its infrastructure is located, in the United States. If you choose to use the Service from outside the US (including the EU, UK, or UAE), your personal information will be transferred to, and processed in, the United States.

By creating an account, you explicitly consent to the transfer, storage, and processing of your data in the US. The US may have different data protection laws than your country of residence, but we apply the security practices described in this Policy to protect your information.

8) Data Retention

Data TypeTypical Retention
Waitlist records24 months after last activity
Account profile & watchlistWhile account is active; 30–60 days after deletion
Billing records (Stripe)7 years (tax/accounting)
Security logs/WAF events90–180 days
Support tickets24 months after resolution
Aggregated analyticsIndefinite in de-identified form

9) Your Choices & Rights

Regardless of where you live, you have the right to:

  • Access/Export: request a copy of your personal information.
  • Correction: update inaccurate information.
  • Deletion/Right to be Forgotten: request that we delete your account and personal information (subject to lawful exceptions like tax retention).
  • Data Portability: receive your data in a structured, commonly used format.
  • Marketing opt-out: unsubscribe from non-transactional emails any time.

10) Security

We use reasonable administrative, technical, and physical safeguards, including encryption in transit (HTTPS), hashed passwords, and Cloudflare WAF.

11) Children’s Privacy

The Service is for adults (18+) and is not directed to children. We do not knowingly collect information from anyone under 13.

12) Automated Decision-Making & Profiling

Our product uses automated scoring models to classify assets (not people). We do not make automated decisions about you that produce legal effects.

13) How to Contact Us

Email: privacy@bananafarmer.app (privacy requests) • hello@bananafarmer.app (general)

Precision Built • Regulatory Minded