Privacy Policy

1. Introduction

Moeba ("we", "us", or "our") operates the Moeba mobile application, the admin portal at admin.moeba.co.za, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information you provide directly

• Phone number — used for account creation and authentication via Firebase Phone Authentication.
• Business name — provided by administrators when registering a business account.
• Google account information — when administrators sign in with Google, we receive your name, email address, and profile picture from Google.
• Messages and content — text messages, workflow responses, and other content you send through the Service when interacting with AI agents.

2.2 Information collected through agent interactions

When you interact with AI agents through Moeba, the agent's business may request additional information via structured workflows. This may include:

• Names, email addresses, and other contact details
• Location data (when you choose to share your location)
• Photos and files (when you choose to upload them)
• Dates, selections, and other form data

This information is collected on behalf of the business operating the agent and is transmitted to their systems for processing.

2.3 Information collected automatically

• Device information — device type, operating system, and unique device identifiers for push notification delivery.
• Push notification tokens — Firebase Cloud Messaging tokens used to deliver notifications to your device.
• Usage data — connection timestamps, message timestamps, and basic interaction logs.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain the Service — to authenticate you, route messages between you and AI agents, and deliver push notifications.
• User management — to manage invitations, connections between users and agents, and access control.
• Communication — to send you service-related notifications and updates.
• Security — to verify user identity, detect fraud, and protect against unauthorised access.
• Improvement — to monitor and analyse usage patterns to improve the Service.

4. How We Share Your Information

We share your information in the following circumstances:

• With business agents — when you interact with an AI agent, your phone number and message content are shared with the business operating that agent. This is core to how the Service works. Each business is responsible for their own handling of your data once received.
• Service providers — we use third-party services to operate the platform:
  • Google Firebase (authentication, push notifications, hosting)
  • Google Cloud Platform (server infrastructure)
  • MongoDB Atlas (database)
• Legal requirements — we may disclose your information if required to do so by law or in response to valid requests by public authorities.

We do not sell your personal information to third parties.

5. Data from Google APIs

Our admin portal uses Google Sign-In. The Moeba app's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the scopes necessary for authentication (email and profile).
• We do not use Google user data for serving advertisements.
• We do not transfer Google user data to third parties except as necessary to provide or improve the Service, or as required by law.
• We do not use Google user data to build user profiles for advertising purposes.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically:

• Account data — retained while your account is active. Deleted upon account deletion request.
• Messages — retained for the duration of the business relationship. Businesses may set their own retention policies for messages routed through their agents.
• Push notification tokens — automatically refreshed by Firebase and removed when the app is uninstalled.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

• All data in transit is encrypted using TLS/HTTPS.
• Agent-to-server communication is authenticated using HMAC-SHA256 signatures.
• User authentication is handled by Firebase, a Google-operated service with enterprise-grade security.
• Access to user data is controlled through invitation-based authorisation — only agents that have explicitly invited a user can interact with them.
• Infrastructure is hosted on Google Cloud Platform with industry-standard security controls.

8. Your Rights

Depending on your jurisdiction (including under South Africa's POPIA and the EU's GDPR), you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate personal data.
• Deletion — request deletion of your personal data.
• Data portability — request your data in a structured, machine-readable format.
• Objection — object to processing of your personal data.
• Withdraw consent — where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at support@phiresky.com.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

10. International Data Transfers

Our servers are located in South Africa (Google Cloud africa-south1 region). If you access the Service from outside South Africa, your information may be transferred to, stored, and processed in South Africa. By using the Service, you consent to this transfer.

11. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective date" above. You are advised to review this Privacy Policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: support@phiresky.com