1. Introduction
1.1. This Cookie and Tracking Technologies Policy explains how PALMBAY SOFTWARE LTD, trading as MotoMoto App, uses cookies, local storage, operational logs, and similar technologies on the MotoMoto App website at https://moto-moto.app/ and in the MotoMoto App mobile application.
1.2. MotoMoto App is an unregistered trading name of PALMBAY SOFTWARE LTD, a company registered in England and Wales under company number 16380280, with its registered office at 20 Wenlock Road, London, N1 7GU, England.
1.3. This Policy should be read together with our Privacy Policy at https://moto-moto.app/legal/privacy-policy, which explains how we process personal data more generally.
1.4. At launch, MotoMoto App uses a limited tracking model. We use technologies needed for authentication, session management, security, fraud prevention, user preferences, service reliability, support, and first-party product and security analytics.
1.5. At launch, we do not use third-party analytics SDKs, advertising identifiers, third-party advertising cookies, or third-party marketing pixels.
2. Summary
| Question | Answer |
|---|---|
| Do we use cookies on the Website? | Yes, where needed for authentication, security, session management, fraud prevention, preferences, and consent management. |
| Do we use third-party advertising cookies? | No, not at launch. |
| Do we use advertising identifiers? | No, not at launch. |
| Do we use first-party analytics? | Yes, for product improvement, security, reliability, fraud prevention, debugging, and support. |
| Do we use SMS tracking? | No. SMS is not used at launch. |
| Can you control non-essential cookies? | Yes, through Cookie Settings where non-essential cookies are available. |
| Cookie Settings URL | https://moto-moto.app/cookie-settings |
3. Key terms
Cookie means a small file or value stored on your device by a website.
Local storage means storage used by a website or app to keep information on your device, such as session state or preferences.
Session token means a value used to keep you signed in or maintain your authenticated session.
First-party analytics means analytics collected and used by PALMBAY SOFTWARE LTD for its own product, safety, security, reliability, fraud prevention, debugging, and support purposes.
Operational logs means records generated by the Platform to help us operate, secure, debug, and support the service.
Non-essential tracking means cookies, storage, or similar technologies that are not strictly required for the requested service, security, authentication, fraud prevention, or session management.
4. Technologies we use on the Website
4.1 Strictly necessary cookies and storage
The Website may use strictly necessary cookies and storage for:
(a) authentication and keeping you signed in;
(b) session management;
(c) fraud prevention;
(d) security monitoring;
(e) CSRF protection;
(f) rate limiting and abuse prevention;
(g) cookie preference storage;
(h) checkout and payment flow continuity; and
(i) preventing unauthorised access.
Strictly necessary cookies and storage may be used without consent where required to provide the service you requested, maintain security, authenticate your account, prevent fraud, or manage your session.
4.2 Website cookie table
| Cookie or storage type | Provider | Purpose | Typical duration |
|---|---|---|---|
| Session or authentication cookie/token | First-party | Maintains your logged-in session and account access | Session or until logout / expiry |
| CSRF or security token | First-party | Helps prevent cross-site request forgery and unauthorised actions | Session or short-term |
| Cookie preference cookie | First-party | Stores your cookie choices | Up to 13 months |
| First-party fraud, security, or session cookie | First-party | Helps detect suspicious activity, abuse, replay attempts, or session integrity issues | Session or short-term depending on security need |
| Checkout continuity token | First-party or payment flow-related | Helps preserve payment or booking flow state during checkout | Short-term |
| Stripe payment and fraud prevention technologies | Stripe | Supports secure payment processing, fraud prevention, checkout security, and payment flow integrity where Stripe checkout or payment tools are used | As determined by Stripe or short-term depending on payment/security need |
Stripe may use cookies, scripts, device data, or similar technologies as part of payment processing, fraud prevention, and checkout security. These technologies are used only where relevant to payment or security functions.
4.3 Functional preferences
Where available, the Website may store functional preferences, such as language, display choices, or saved interface settings. Where consent is required by applicable law, we will request consent before using non-essential preference storage.
5. Technologies we use in the App
The App does not use traditional browser cookies in the same way as the Website. It may use necessary local storage, secure device storage, operational logs, and first-party analytics.
5.1 App local storage table
| Technology | Provider | Purpose | Consent position |
|---|---|---|---|
| Authentication or session token | First-party | Keeps you signed in and maintains secure session state | Necessary |
| Secure local storage / device secure storage | First-party | Stores session, security, and preference information | Necessary or functional depending on use |
| User preferences | First-party | Stores settings such as interface or notification preferences | Consent requested where required |
| First-party operational logs and error events | First-party | Debugging, reliability, service support, abuse prevention, and security investigation | Used where necessary or as permitted by law |
| First-party product and security analytics | First-party | Product improvement, fraud prevention, security, debugging, reliability, and support | Used where consent is not required or after consent where required |
5.2 Push notifications
If you enable push notifications, MotoMoto App may send push notifications from the MotoMoto App backend through Apple Push Notification service for iOS devices and Android operating-system notification services where available. You can manage push notification permissions through your device settings and, where available, in the App.
5.3 SMS
MotoMoto App does not use SMS messaging at launch.
5.4 Transactional email
Transactional emails are sent through first-party self-hosted email infrastructure operated by PALMBAY SOFTWARE LTD. These emails may include account, booking, security, payment, support, complaint, or legal notices.
6. First-party product and security analytics
6.1. We use first-party account-linked product and security analytics. This may include screens viewed, buttons clicked, searches performed, booking steps completed, timestamps, device type, app version, account identifiers, session identifiers, error events, and security events.
6.2. We use this information for:
(a) product improvement;
(b) platform security;
(c) fraud prevention;
(d) debugging;
(e) service reliability;
(f) customer support;
(g) abuse prevention;
(h) checkout and booking diagnostics; and
(i) investigation of disputes, suspicious activity, or technical issues.
6.3. Non-essential cookies, local storage, or tracking technologies are used only where required consent has been obtained or where consent is not required under applicable law.
6.4. Where applicable law requires consent for storage or access to information on your device, we will request that consent before using the relevant technology.
7. Technologies not used at launch
At launch, we do not use:
(a) third-party analytics SDKs;
(b) third-party marketing pixels;
(c) third-party advertising cookies;
(d) advertising identifiers;
(e) cross-app advertising tracking;
(f) behavioural advertising cookies;
(g) third-party retargeting tags; or
(h) SMS tracking.
If this changes in the future, we will update this Policy and request consent where required.
8. Your choices
8.1 Website cookie choices
Where non-essential cookies are available, Website users can accept, reject, or customise them through Cookie Settings at https://moto-moto.app/cookie-settings.
If no non-essential cookies are enabled at launch, the Cookie Settings page may state that only strictly necessary cookies are currently used.
Strictly necessary cookies cannot be disabled through Cookie Settings because they are needed for authentication, security, fraud prevention, session management, or service functionality.
8.2 App settings
App users may manage privacy, tracking, analytics, or notification settings in the App where those settings are made available. Device-level controls may also let you manage notification permissions and other app permissions.
8.3 Browser controls
Most browsers allow you to block or delete cookies. Blocking all cookies may prevent parts of the Website from working correctly, including login, booking, checkout, fraud prevention, or security functions.
8.4 Changing your choices
You may change available cookie and tracking choices at any time through Cookie Settings or App privacy settings where available. Changes may not affect technologies that are strictly necessary for service operation or security.
9. Cross-border processing
9.1. We host our core application infrastructure on OVHcloud servers located in Singapore. This means that data generated through cookies, local storage, operational logs, and first-party analytics may be processed in Singapore.
9.2. We may also use service providers such as Stripe for payments, Stripe Identity for identity verification, Wise for Host payouts, and operating-system notification services where push notifications are enabled.
9.3. Where required, we use appropriate safeguards for international transfers, including contractual protections, standard contractual clauses where applicable, transfer risk assessments, access controls, encryption, and other technical and organisational measures.
9.4. More information about personal data processing and international transfers is available in our Privacy Policy at https://moto-moto.app/legal/privacy-policy.
10. Retention
10.1. Session cookies and tokens are typically deleted when the session ends, when you log out, or when they expire.
10.2. Cookie preference records may be retained for up to 13 months so that we can remember your choices.
10.3. Security, fraud prevention, operational logs, and first-party analytics may be retained in accordance with the Privacy Policy and only for as long as reasonably necessary for the relevant purpose.
10.4. Some service providers may retain limited technical, security, fraud prevention, compliance, or operational records under their own legal or operational obligations.
11. Changes to this Policy
11.1. We may update this Policy as our Website, App, technologies, service providers, legal obligations, or product configuration change.
11.2. If we introduce material new non-essential tracking, marketing technologies, advertising identifiers, or third-party analytics, we will update this Policy and request consent where required.
11.3. The Last Updated date shows when this Policy was last revised.
12. Contact
Privacy Contact: privacy@moto-moto.app
Security Contact: security@moto-moto.app
Support: support@moto-moto.app
Registered office: PALMBAY SOFTWARE LTD, 20 Wenlock Road, London, N1 7GU, England
You may also refer to our Privacy Policy for information about data rights and supervisory authority complaints.
END OF COOKIE AND TRACKING TECHNOLOGIES POLICY