Comprehensive Privacy Policy

Effective Date: March 22, 2026

Your privacy is important to us. This Comprehensive Privacy Policy ("Policy") describes how MoshiMoshi ("we," "our," or "us") collects, uses, shares, and protects your information when you use our website, mobile application, and AI reservation services.

1. Information We Collect

We collect various types of information to provide our Service securely and efficiently:

• Account Information: Name, email address, password Hash, and mobile phone number.
• Reservation Data: Dates, party sizes, guest names, dietary restrictions given to the AI, and targeted restaurant details.
• Financial Information: We do NOT store full credit card numbers. Payment processing is routed securely through Stripe, Inc., which issues us an encrypted token to facilitate billing and deposits.
• Automated & Device Information: IP addresses, browser types, operating systems, mobile device identifiers, crash data, and usage logs tracked via cookies and similar technologies.

2. Explicit Consent to Artificial Intelligence Processing & Telephony

Because MoshiMoshi relies on sophisticated AI technology to make telephone calls, you explicitly consent to the following:

• Voice and Text Processing: Your prompts, names, and booking details are transmitted to third-party Large Language Model providers (including Google and OpenAI) to formulate conversational agent dialogues.
• Call Recording: While live voice audio from telephone calls is generally processed in real-time, text transcriptions of the conversations are logged and retained temporarily for the sole purpose of ensuring reservation accuracy and debugging system failures.
• TCPA & SMS Consent: By providing your phone number, you explicitly consent to receive automated transactional SMS text messages from MoshiMoshi regarding your reservation statuses. Standard message and data rates may apply. You may opt-out by replying "STOP" to any message.

3. How We Use Your Information

We use your data strictly to: (a) Fulfill reservations and communicate on your behalf; (b) Transmit SMS updates regarding booking success; (c) Process recurring or one-time payments; (d) Analyze telemetry to improve our AI models; (e) Detect fraud, abuse, and security vulnerabilities.

4. Third-Party Sharing & Business Transfers

We do not sell your personal data to data brokers. We share your information only under these circumstances:

• Restaurants: We must share your name, phone number, and party details with the restaurant you instruct us to call.
• Service Providers: Payment processors (Stripe), cloud infrastructure providers (Supabase, Google Cloud), and telephony providers (Twilio).
• Business Transfers: If MoshiMoshi were to be acquired, merged, or undergo a bankruptcy proceeding, your personal information would be transferred as a core business asset without needing additional consent.
• Legal Requirements: We will disclose your data if subpoenaed by law enforcement, or to defend against legal claims directed at MoshiMoshi.

5. International Data Transfers

MoshiMoshi operates globally. By using the Service, you consent to the transfer of your data from your country of residence to servers located in the United States and Japan, which may have different data protection laws than your home jurisdiction.

6. Data Rights (GDPR, CCPA, CPRA) & "Do Not Track"

Depending on your jurisdiction (e.g., California residents under CCPA/CPRA, or European Economic Area residents under GDPR), you possess specific rights regarding your personal data. You have the right to request access to, deletion of, or correction of your personal data. To execute a verifiable data subject request, please email support@moshimoshicall.com. We require 30 to 45 days to comply with authenticated requests.

Do Not Track (DNT): Given the operational requirements of our backend systems, our Site does not currently alter its practices when it receives a "Do Not Track" signal from a visitor's browser.

7. Security Exclusions

While we implement robust, industry-standard encryption protocols, no method of transmission over the Internet is 100% secure. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR DATA. ANY TRANSMISSION IS AT YOUR OWN RISK. In the event of a security breach, our liability is strictly limited as outlined in our Terms of Service.

8. Children's Privacy (COPPA)

Our Service is strictly not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such data, we will immediately purge it from our systems without notice.