Privacy Policy
Last updated: July 18, 2026 · Applies to the Holina platform
Who we are
Holina is a phone receptionist service for restaurants, operated by EpochCore LLC, a North Carolina limited liability company ("we," "us"). Holina answers calls to a restaurant's phone number, responds to caller questions using business information the restaurant approved, sends requested text-message links, captures messages, and gives the restaurant access to its call transcripts and activity.
Scope
This policy covers the Holina platform as a whole. Individual restaurants using Holina may publish their own program-specific pages — for example, the SMS program privacy policy and SMS program terms for text messages sent on a restaurant's behalf. Where a program-specific page exists, it governs that program; this policy governs everything else.
Our role under privacy laws
For information about callers that we process on a restaurant's behalf, EpochCore LLC acts as a "service provider" (CCPA/CPRA), "processor" (GDPR, where applicable), or the equivalent role under similar U.S. state privacy laws. The restaurant is the business/controller for its callers' information. For information about our own customers (the restaurants), we act as the business/controller.
Information we process
- Caller information (on the restaurant's behalf): the caller's phone number, what was said on the call (as a text transcript), any details the caller chooses to share (a name for a reservation, a callback number, an order request), and delivery/opt-out status for any text message the caller asked for.
- Call records: each call's transcript is sealed into a tamper-evident, cryptographically signed record together with a fingerprint (hash) of the audio the assistant spoke. Caller audio is processed in memory to recognize speech and is not stored by default. Full-call audio recording is off unless a restaurant requests it in writing.
- Restaurant account information: business name, contact details, menu, hours, links, and configuration; billing information (payments are processed by Stripe — card numbers are never stored on our systems).
- Operational metrics: latency and reliability measurements that contain no caller content and no phone numbers.
How we use information
- To operate the service: answer calls, send the specific text a caller asked for, capture messages and reservations, and show the restaurant its own call activity.
- To meet messaging, telecom, and legal compliance obligations (for example, honoring STOP requests and keeping consent records).
- To improve the service using de-identified, aggregated usage data only.
- We do not sell personal information. We do not share it for cross-context behavioral advertising. Caller data is never used for marketing.
Call disclosure
Every Holina greeting includes a short disclosure that the call may be recorded for quality. A caller who continues after the disclosure has consented to the transcript being made. If a caller objects, the assistant offers a human callback, and that call's record is deleted on request.
Retention
- Call transcripts and sealed records: 13 months, then deleted.
- Full call audio (only if a restaurant enables recording): 90 days.
- Text-message send logs: 90 days locally; carrier-side per the messaging provider.
- Operational logs: 30 days rolling.
- Restaurant configuration: life of the contract plus 30 days.
- Offboarding: when a restaurant leaves, its data is deleted within 30 days, except records required for tax and accounting.
Sharing and subprocessors
We share information only with the providers needed to run the service, and only for that purpose:
- Twilio — carries phone calls and text messages.
- Cloudflare — hosts our web infrastructure and edge network.
- Stripe — processes restaurant subscription payments.
- OpenPhone — backup text-message delivery.
These providers act as service providers/processors and are not permitted to use the data for their own purposes. We never sell, rent, or share phone numbers or call content with third parties for marketing.
Security
We implement administrative, technical, and physical measures to protect information, including encryption of data in transit and at rest, least-privilege access controls, and tamper-evident call records sealed with FIPS 204 (ML-DSA-87) digital signatures — a design that makes after-the-fact alteration of a call record detectable by anyone holding the record. No security system is impenetrable, and we cannot guarantee absolute protection, but sealed records mean tampering cannot go unnoticed. See Trust & Security for the plain-language version.
Your rights
- If you called a Holina-answered restaurant: you can request access to or deletion of your call record at any time — through the restaurant or directly via the contact below. Deletion completes within 30 days, with confirmation. Where we act as the restaurant's service provider, we will route or fulfill the request as the law directs, and we support the restaurant in honoring rights under CCPA/CPRA, GDPR, and similar laws (access, deletion, correction, and the right not to be discriminated against for exercising them).
- If you are a restaurant customer: you can access, correct, export, or delete your account data at any time by contacting us.
Children
The service is a business phone line and is not directed at children. We do not knowingly collect information from children under 13; if you believe a child's information was captured in a call record, contact us and we will delete it.
Changes to this policy
If this policy changes materially, the "Last updated" date changes and restaurant customers are notified by email. Prior versions are available on request.
Contact
- Email: john@epochcoreqcs.com
- Mail: EpochCore LLC, 815 Cornwallis Drive, Burlington, NC 27215