Legal

Privacy Policy

Last updated: July 1, 2026

1. Who We Are

Moshivo ("Moshivo", "we", "us") is a conversion desk for premium service brands, available at moshivo.com and operated by BuzzMinter LLC, a Delaware limited liability company. Moshivo (and its products, such as Moshivo Clinic) helps a business capture inquiries from LINE, WhatsApp, Instagram, Facebook Messenger, TikTok and its website, qualify them, book appointments (with Google Calendar), and send confirmations, reminders and follow-ups. You can reach us at hello@moshivo.com.

2. Our Role: Processor for Businesses

For the personal data of a business's inquiries and contacts, the business (our customer) is the data controller and Moshivo acts as a processoron the business's behalf and on its instructions. For the account and website data of the business's staff who sign up and use Moshivo directly, we act as controller. The business is responsible for having a lawful basis and any required consent (for example, consent to be contacted on a messaging channel).

3. Information We Collect

From business staff (account holders): name, email address, phone number, company name and role, provided when you contact us, request a demo, or sign in to Moshivo.

On behalf of businesses, from their inquiries and contacts: contact name, phone number or messaging channel identifier, the source channel (LINE, WhatsApp, Instagram, Facebook Messenger, TikTok, web form), the language and location provided, the service of interest, the message content exchanged, the requested and confirmed appointment slot, the appointment status, and the follow-up history.

Usage data: basic technical information (pages visited, browser type, IP address) collected through analytics to operate and improve the service.

4. What We Do NOT Collect (No Sensitive Core Records)

Moshivo is a front-desk conversion tool, not a system of record for your industry (such as a medical record, case-management or accounting system). We do not collect, request or store sensitive core records such as medical, legal or financial case files. Businesses are asked to keep sensitive detail out of Moshivo and in their own systems. Because inquiries may indirectly reveal an interest in a service, we minimize what is captured, restrict access, and process it only to book and manage appointments.

5. How We Use Information

We use the information to capture, qualify, route and book appointments; send confirmations, reminders, rescheduling links and no-show follow-ups; operate the front-desk dashboard and reporting; respond to your requests; and improve the service. We do not sell, rent, or share personal information with third parties for their own marketing.

6. Messaging Channel Integrations

When a business connects a channel, we receive and store on its behalf the channel account identifier, display name, and the OAuth access and refresh tokens (or channel credentials) needed to receive and send messages the business has asked us to handle. This applies to Meta channels (WhatsApp Business, Instagram, Facebook Messenger), LINE (Messaging API) and TikTok. Credentials are stored under strict access controls, isolated per business (tenant), and used solely to perform the actions the business has requested. We do not use them for any purpose outside that scope, and we do not access content beyond what is necessary to deliver the requested action. Outbound messages sent outside a platform's service window use pre-approved templates in accordance with that platform's rules.

7. Google Calendar and Google API Limited Use

Moshivo's use of Google Calendar complies with the Google API Services User Data Policy, including the Limited Use requirements. When a business connects a Google account, we access on its behalf:

• Google Calendar free/busy intervals of the connected calendar (start and end timestamps of existing busy blocks), read-only, to compute available appointment slots shown on the business's booking flow. We do not read event titles, descriptions, attendees or other details.
• The ability to create, update and delete calendar events, exclusively for appointments booked through Moshivo. Events we create are tagged with a private extended property identifying us as the source, so we never read or modify events created outside our flow. Push notification channels (Google Calendar watch) keep the business's booking dashboard in sync if an event is rescheduled or cancelled directly in Google Calendar.
• The Google account's primary email address (userinfo.email), captured at connection time only, to record which account was connected.

Data obtained through Google APIs is used solely to provide the booking features the business requested; it is not transferred except to the infrastructure providers strictly necessary to run the service or to comply with law, is not used for advertising, and is not read by humans except with consent, for security, to comply with law, or in aggregated/anonymized form.

8. Third-Party Service Providers

We use Amazon Web Services (AWS) for hosting and transactional email, and Supabase (managed Postgres) for backend infrastructure. These providers process data on our behalf under their own privacy commitments.

9. Data Security

We apply the following technical and organizational safeguards:

Encryption in transit. All traffic, including channel and API calls and dashboard access, is served over HTTPS using TLS 1.2 or higher.

Encryption at rest. The managed Postgres database and object storage are encrypted at rest using AES-256; backups inherit the same encryption. Channel and Google refresh tokens are additionally encrypted at the application layer before being stored.

Tenant isolation.Every record carries a business identifier, and all endpoints authenticate the caller before any read or write, so one business can never access another business's inquiries, tokens or reporting. Sensitive tables use Row-Level Security reachable only by our backend service role.

Limited human access.Personal and inquiry data is not read by humans except with the customer's consent, for security purposes, to comply with law, or in aggregated and anonymized form.

Incident response. On a confirmed incident affecting personal data or credentials, we notify affected businesses without undue delay, describe the data involved, and detail remediation, including revoking and rotating impacted tokens.

Data deletion. When a business disconnects an integration, terminates its account, or submits a written request to hello@moshivo.com, the associated tokens and personal data are deleted from production; residual copies in encrypted backups are purged within 30 days.

10. Data Retention

We retain inquiry and appointment data for as long as the business's account is active and the data is needed to provide the service, or as required by law, and delete it on request or on account termination as described above.

11. Your Rights

Depending on your jurisdiction, you (or a contact, via the business) may have the right to access, correct, or delete personal data. Contacts should reach out to the business (the controller); we will assist the business in responding. For requests concerning data we control, contact hello@moshivo.com.

12. Cookies

Our website and dashboard use essential cookies for proper functionality. We do not use advertising tracking cookies without your consent.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes are reflected by updating the date at the top of this page.

14. Contact

For any privacy-related question, contact us at:
BuzzMinter LLC (operator of Moshivo) — 8 The Green #21902, Dover, Delaware 19901, USA
hello@moshivo.com