Date: June 27, 2025
We (GetBananaSplits, LLC) collect personal information that you voluntarily provide to us and that is collected automatically when you interact with our Services, including our website, mobile applications, and any related offerings.
Personal Information You Provide
Depending on your use of the Services, we may collect the following categories of personal information:
Sensitive Personal Information
We do not knowingly collect "sensitive personal information" as defined under CPRA, GDPR Article 9, or Law 25 (e.g., racial or ethnic origin, biometric data, or union membership). If you voluntarily provide such information, we will treat it with enhanced safeguards and limit its processing under applicable law.
Application & Device Data (if using our mobile app)
With your permission, we may collect:
Automatically Collected Technical Data
When you use the Services, we automatically collect:
We process your personal information for a variety of purposes, depending on how you interact with our Services and subject to the legal requirements of jurisdictions in which you reside or from which you access our platform.
We process your information primarily to provide and maintain the functionality of our Services. This includes creating and managing your user account, authenticating your login credentials, processing transactions, responding to technical inquiries, and ensuring you can access the features and content you have requested. Where applicable, these processing activities are necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into such a contract, within the meaning of Article 6(1)(b) of the General Data Protection Regulation (GDPR). In Canada, this processing is conducted with implied consent under PIPEDA, and in the United States, this is considered a business purpose under laws such as the California Consumer Privacy Act (CCPA) and Virginia's Consumer Data Protection Act (CDPA).
We also process personal information to better understand how our users interact with our Services, to analyze usage trends, diagnose technical issues, and improve the overall performance and user experience of our platform. These processing activities are carried out on the basis of our legitimate interest in operating, maintaining, and improving our business, as recognized by Article 6(1)(f) of the GDPR. Under Canadian law, this constitutes a reasonable use of data provided voluntarily in the context of a commercial relationship.
Where required or permitted by law, we may process personal information to detect, investigate, and prevent fraud, abuse, security incidents, or other harmful or illegal activities. We also retain and use certain information to comply with legal and regulatory obligations, including tax, accounting, and audit requirements, and to respond to lawful requests from public authorities. These activities are necessary for compliance with legal obligations under Article 6(1)(c) of the GDPR and various statutes in Canada and the United States.
We may use your contact information to communicate with you about your account, respond to support requests, or send you administrative messages about service changes or policy updates. In some jurisdictions, such communications are considered part of our contractual obligations or legitimate interests. Where required, we will obtain your consent for communications that are promotional in nature.
The lawful basis on which we process your personal information depends on your location, the nature of your interaction with our Services, and the applicable data protection laws.
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR. Each processing activity is grounded in one or more of the following lawful bases under Article 6 of the GDPR:
If you are located in Canada, we process your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws where applicable. We rely on:
If you are located in Québec, we also comply with the Act Respecting the Protection of Personal Information in the Private Sector, as amended by Law 25. Where required, we will obtain explicit consent before processing sensitive information, conducting profiling, or engaging in automated decision-making that produces legal or significant effects.
In the United States, while privacy frameworks vary by state, our practices are designed to comply with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), and other state-level privacy statutes. Although U.S. law does not use the concept of "legal bases" in the same way as GDPR, we process data only for specific and disclosed business purposes, and honor your right to opt out of certain types of data sharing or targeted advertising where such rights are recognized.
We share your personal information with third parties in limited and specific circumstances, for purposes consistent with this Privacy Policy and in accordance with applicable data protection laws.
We may share your information with third-party service providers, contractors, and vendors who perform services on our behalf, including payment processing, customer support, email delivery, hosting, analytics, marketing, error tracking, product development, and security operations. These service providers are only authorized to use your personal information as necessary to provide these services to us and are contractually bound to safeguard it in accordance with this Privacy Policy and applicable law.
We may also share your information with our affiliates, which include our parent company, subsidiaries, joint venture partners, or other companies under common ownership or control. Any such affiliates are subject to the same data protection obligations set out in this notice.
In certain situations, we may disclose your information to our business partners in order to offer joint products, services, or promotions, or where you have requested a service involving both parties. Where required by law, we will obtain your consent before making such disclosures.
In the event of a business transaction (such as a merger, acquisition, reorganization, or asset sale), we may transfer your personal information to another entity as part of that transaction. You will be notified via a prominent notice on our platform or via email if such a change materially affects your rights.
We may disclose personal information where required to do so by law, regulation, subpoena, court order, or other legal process, or when we believe in good faith that such disclosure is necessary to protect our legal rights, your safety or the safety of others, or to detect, prevent, or address fraud, security, or technical issues.
If you access location-based features or services, we may share your information with Google Maps Platform APIs or similar providers for geolocation purposes. Location data stored on your device may be cached for up to thirty-six (36) months. You can revoke location-sharing permissions through your device settings at any time.
If your personal information is processed outside of your country of residence, including in the United States or other jurisdictions that may not provide the same level of data protection, we will implement appropriate safeguards in compliance with applicable law. For transfers subject to the GDPR, this may include the use of Standard Contractual Clauses (SCCs) or other recognized transfer mechanisms.
We do not sell your personal information in the sense defined under the California Consumer Privacy Act (CCPA), and we do not share your personal information with third parties for cross-context behavioral advertising unless we obtain your express consent or provide a mechanism for opting out.
Yes, we use cookies and similar tracking technologies—such as web beacons, tags, pixels, and local storage—to collect and store information about your use of our Services. These technologies enable us to recognize your browser or device over time, understand your preferences, enhance your experience, and deliver personalized content.
We categorize cookies and trackers as follows:
Where required by law, including in the European Union, the United Kingdom, and the Province of Québec, we will request your prior consent before placing any non-essential cookies on your device. You may withdraw or modify your consent at any time by visiting our [Cookie Preferences] page or using the controls in your browser or device settings.
Some cookies and similar technologies used on our Services may be operated by third parties, such as analytics providers (e.g., Google Analytics), advertising networks, or embedded content providers. These third parties may use tracking technologies to collect information about your browsing behavior across different websites and over time, which may be considered a "sale" or "sharing" of personal information under certain U.S. state laws.
To learn more about our use of cookies and to manage your preferences, please refer to our [Cookie Policy]. You may also enable "Do Not Track" signals or use browser extensions, though we do not currently respond to DNT signals as there is no consensus standard. If a universal opt-out mechanism becomes legally binding, we will honor such preferences in accordance with applicable regulations.
We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law, such as for tax, legal, regulatory, or accounting purposes.
The specific duration for which we retain personal information may vary depending on the nature of the data, the purpose for which it was collected, and applicable legal obligations. In most cases, personal information associated with an active user account is retained for the duration of the customer relationship, and for up to thirty-six (36) months following account termination, unless otherwise required to fulfill our legal or operational obligations.
Where we have no ongoing legitimate business need to process your information, we will delete it or, if deletion is not feasible (e.g., due to storage in archived backups), we will securely store and isolate it from further processing until deletion is possible.
We may also retain anonymized or aggregated information for analytical purposes, provided that such data does not directly or indirectly identify you.
Our data retention policies are maintained in accordance with legal obligations in the European Union (pursuant to Article 5(1)(e) of the GDPR), the United Kingdom, Canada (including Québec's Law 25), and relevant U.S. state privacy statutes, including the California Consumer Privacy Act (CCPA) and Virginia's Consumer Data Protection Act (CDPA). Where required, we maintain internal documentation outlining data retention periods for specific categories of personal information.
If you have questions about how long your personal data is retained, or if you wish to request earlier deletion of your personal data under applicable law, please contact us at privacy@getbananasplit.com.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures are designed to ensure a level of security appropriate to the risk, taking into account the nature of the data, the purposes of processing, and the potential impact on your rights and freedoms.
Our safeguards include access controls, encryption of data in transit and at rest, regular security assessments, multi-factor authentication for administrative access, data minimization, and internal policies governing data handling and breach response. Where appropriate, we use pseudonymization and logging to monitor access to personal data.
We also assess and vet third-party service providers who process personal information on our behalf. These sub-processors are bound by data protection agreements that require them to implement security measures consistent with this Privacy Policy and applicable law.
Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we strive to limit access to your data to authorized personnel and minimize the volume of data collected and retained to the extent reasonably necessary.
If we become aware of a data breach that affects your personal information, we will notify the appropriate supervisory authorities, and if required, notify you in accordance with our obligations under Article 33 of the General Data Protection Regulation (GDPR), Law 25 in Québec, and relevant data breach notification statutes in the United States and Canada.
If you believe that the security of your personal information has been compromised, please contact us immediately at privacy@getbananasplit.com.
Our Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. By using the Services, you confirm that you are at least 18 years old or that you are the parent or legal guardian of a minor and are consenting to their use of the Services on their behalf.
If we become aware that we have collected personal information from a child without the required legal consent—defined as under 13 in the United States, under 14 in Québec, and under 16 (or the applicable age set by your jurisdiction) in the European Economic Area—we will take reasonable steps to delete the information and deactivate the associated account unless parental consent is verifiably obtained.
We do not knowingly sell or share personal data of individuals under 16 years of age, and we do not use such information for targeted advertising, profiling, or behavioral analytics. If you believe that we may have collected information from a minor without proper consent, please contact us immediately at privacy@getbananasplit.com so we can take appropriate steps.
For jurisdictions requiring verifiable parental consent (including under the U.S. Children's Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA/CPRA), and Québec's Law 25), we follow region-specific procedures to obtain authorization and to validate the identity and relationship of the consenting adult.
Depending on your place of residence and the applicable privacy laws, you may have certain rights relating to your personal information. We recognize and support the exercise of these rights as outlined below.
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to:
If you are located in Canada, including Québec, you have the right to:
If you are a resident of California, under the California Consumer Privacy Rights Act (CPRA), you have the right to:
If you are a resident of Virginia, under the Consumer Data Protection Act (CDPA), you have the right to:
To exercise any of these rights, you may contact us at privacy@getbananasplit.com. We will verify your identity before responding, which may require you to provide specific details previously submitted to us or use an authenticated communication method. If we deny your request, you may appeal the decision (where applicable) or lodge a complaint with your regional data protection authority.
You may also withdraw consent or unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly. Please note that unsubscribing from marketing emails does not affect transactional or service-related communications.
Your browser or device may allow you to enable a privacy preference known as "Do Not Track" ("DNT"), or a universal opt-out mechanism such as the Global Privacy Control ("GPC"). These features are designed to signal your preference not to have information about your online activities tracked across websites or services.
At this time, we do not respond to DNT signals in a uniform manner, as there is no universally accepted technical standard governing how such signals should be interpreted or enforced. However, where required by applicable privacy laws, we recognize and honor browser- or device-based opt-out preference signals, such as Global Privacy Control, as valid indications of your desire to opt out of certain types of data processing, including the sale or sharing of your personal information for targeted advertising purposes.
Our systems will apply recognized signals on a per-device or per-browser basis, and we encourage you to ensure that your settings are consistently enabled across all platforms you use to access our Services.
You may also manage your tracking preferences directly through our cookie consent interface (where available), or by adjusting your browser or device settings to limit or reject cookies, disable location access, or restrict other forms of tracking. Please note that some functionality of the Services may be affected if certain tracking technologies are disabled.
We continue to monitor developments in industry standards and legal obligations relating to automated preference signals and will update our practices as necessary to maintain compliance.
If you have specific questions about how to exercise your privacy rights or control tracking preferences, you may contact us at privacy@getbananasplit.com.
If you reside in a U.S. state with comprehensive consumer privacy legislation in force—such as California, Virginia, or others—you may have specific rights relating to your personal information under those laws. These rights may include the ability to:
These rights apply only to residents of jurisdictions that have enacted applicable consumer privacy laws. We will not discriminate against you for exercising your rights under any such law. If you are a resident of a U.S. state that provides privacy protections, and you submit a verifiable request to exercise any of the rights described above, we will respond in accordance with the requirements of the applicable legislation.
You may exercise your rights, or submit an authorized agent request, by contacting us at privacy@getbananasplit.com. We may request additional information to verify your identity before fulfilling your request. In some cases, we may not be able to fulfill your request if we cannot verify your identity or if an exception under law applies.
We do not sell personal information in the traditional sense. However, if we engage in online advertising practices that are interpreted under law as "selling" or "sharing" personal information (such as cross-site behavioral tracking), you may opt out through our cookie banner, browser-based signals such as the Global Privacy Control (GPC), or by contacting us directly.
We may update this Privacy Policy from time to time in response to changes in legal, regulatory, technical, or business developments. When we update this notice, we will revise the "Last Updated" date at the top of the document and, where required by applicable law, provide additional notice through our Services or via direct communication.
We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, disclose, and protect your personal information. Your continued use of the Services after any modifications to this Privacy Policy constitutes your acknowledgment of the changes and your agreement to be bound by the updated terms, except where explicit consent is required by law.
If we make any material changes that significantly affect your rights or the way we process your information, we will notify you in advance through appropriate channels so you can review the updated terms before they take effect.
For historical versions or records of previous updates, or to ask questions about any change we've made, please contact us at privacy@getbananasplit.com.
If you have questions or concerns about this Privacy Policy, how we handle your personal information, or if you wish to exercise any of your privacy rights under applicable law, you may contact us using the details below:
Email: privacy@getbananasplit.com
You may use this contact information to:
To help us verify your identity and protect your data, we may ask you to confirm certain details before fulfilling a rights request. Where permitted by law, you may also designate an authorized agent to submit a request on your behalf, provided they can demonstrate their authority to act for you.
We aim to respond to all verified privacy-related requests within the timeframes required by law. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority or privacy commissioner.
For general support inquiries unrelated to privacy rights, please contact us through the support
Section 15 — EFFECTIVE DATE AND VERSION REFERENCE
This Privacy Policy is effective as of the date stated at the top of this document. It replaces any prior versions and governs your use of our Services from that date forward.
We maintain version-controlled records of all substantive updates to this Privacy Policy and, where legally required, will provide prior notice of material changes. Any revisions will be indicated by an updated "Last Updated" date and, where applicable, made available via our Services or through direct communication channels.
By continuing to access or use our Services after the effective date of any changes, you acknowledge and accept the revised Privacy Policy, except where your express consent is required under applicable law.
For archival copies of previous versions or to request more information about historical changes, you may contact us at privacy@getbananasplit.com.