Privacy Policy

Last updated: April 2026

How Banast collects, uses, and protects your data.

Who we are

Banast is operated by Adrien Lebas ([LEGAL_ENTITY]), based in France. If you have any question about this policy or your data, reach out at contact@banast.com.

What data we collect

Data you provide

Project URL, project description, and email address when you sign up or request a report.

Data collected automatically

Usage data via PostHog (page views, clicks, user journeys) and technical data (browser, OS, screen resolution, anonymized IP address).

Generated data

Audit results, scores, and AI-generated analyses tied to your projects.

How we use your data

We use your data to deliver the service (audits, reports, chat), to improve the product through usage analytics, and to communicate with you (service emails and weekly reports).

We never sell your data. We do not share your data with third parties for advertising purposes.

Third-party services

Supabase hosts our database and handles authentication, with servers located in the EU.

Google Gemini API generates the audit content. Data is sent to Google for processing and, per current Gemini API terms, is not retained by Google beyond the request.

PostHog powers product analytics with anonymized usage data.

Vercel hosts the application and serves it through a global CDN.

Cookies

We use strictly necessary cookies for session and authentication, and analytics cookies via PostHog, which you can opt out of. We do not use advertising cookies.

Your rights (GDPR)

You have the right to access, rectify, delete, and port your personal data, as well as to object to its processing. To exercise any of these rights, email contact@banast.com. We respond within 30 days.

Data retention

Account data is kept while your account is active. Audit data is kept as long as the project exists in Banast. After account deletion, your data is removed within 30 days. Technical logs are kept for 90 days.

Security

We encrypt data in transit (HTTPS/TLS) and at rest (through Supabase). Access to user data is restricted — in the current phase, only the founder has access.

Changes to this policy

If we make a significant change, we'll notify you by email. A history of modifications is available on request.