A Domino’s customer may proceed in her putative class action for violations of the California Invasion of Privacy Act (CIPA) against ConverseNow for its provision of an AI virtual assistant that processes restaurant telephone orders. In Taylor v. ConverseNow Technologies, Inc., Case No. 25-cv-00990-SI, 2025 WL 2308483 (N.D. Cal. Aug. 11, 2025), the Court held that a communication software provider that could potentially improve its software with collection of communications was plausibly violating CIPA even though it had an agreement with the business receiving the communications. This ruling serves a cautionary note to both software companies and – because of potential aiding and abetting liability – companies that use those technologies.

Case Background

According to the complaint, ConverseNow provides AI voice assistants to clients like Domino’s to answer calls and process orders. Plaintiff Eliza Taylor alleged she called Domino’s to place a delivery order, was routed to ConverseNow’s virtual assistant without notice, and then provided personally identifiable information (including her payment information and delivery address). Taylor alleged “ConverseNow has the capability to use caller communications” to improve its products and develop new ones. Taylor brought claims under CIPA, seeking statutory damages for herself and a putative class.

CIPA is an anti-wiretapping statute that imposes criminal and civil penalties. Cal. Penal Code §§ 631(a), 632(a). Section 631(a) prohibits, among other things, (1) unauthorized wiretapping, (2) intercepting the contents of any wireline communication, or (3) using or attempting to use any information so obtained. Section 637.2 authorizes a private right of action and imposes statutory damages of at least $5,000 per violation without requiring proof of actual damages.

Court Adopts Capability Test To Uphold CIPA Claims Against Software Provider

Critically, CIPA exempts parties to a conversation from liability. In other words, both Taylor and Domino’s could “intercept” communications with each other or use a tape recorder to record communications. ConverseNow moved to dismiss on this basis, arguing that its AI voice assistant was simply an extension of its client, Domino’s, who was a party to the conversation.

The Taylor Court disagreed and held that ConverseNow was an intercepting third party and not covered by the exemption for Domino’s. The Court discussed two different approaches adopted by California federal courts: the “extension” test and the “capability” test. 

Under the extension test, a software provider is not liable under CIPA where it is a tool used by a party to the communication (akin to a tape recorder) and does not use communication for the software provider’s own purposes. 

Under the capability test, whether the software provider did use the communication for the software provider’s own purposes is irrelevant; the inquiry is whether the software provider had the capability to use the communication for its own purposes. 

Citing “[a] growing number of district courts,” the Taylor Court adopted the capability test as the better interpretation of CIPA. Applying the capability test, the Court held that Taylor sufficiently alleged ConverseNow is a third party based on its capability and actual use of data from customers’ calls “to improve its own product.”

After concluding that ConverseNow was a third party to the conversation, the Court quickly disposed of the defendant’s other CIPA arguments. The Court found that there were sufficient allegations of “interception” because Taylor did not realize her phone call was connected to a party other than Domino’s. Taylor’s complaint also satisfied the intent element of CIPA because it alleged that ConverseNow’s business model depended on recording conversations. Finally, the Court held that plaintiff alleged a “confidential” conversation for purposes of a Section 632 claim by alleging disclosure of her personally identifiable information and personal financial information.

Conclusion

Not all decisions addressing CIPA claims have reached similar outcomes – many in fact have been dismissed. However, as this decision demonstrates, CIPA provides significant risk for software providers and website operators, particularly when it comes to training AI models using real human interactions. Moreover, all businesses using or developing AI-powered platforms to provide services to customers should also take this ruling under consideration. Although AI software providers may primarily offer tools for their customers to use, state wiretapping laws like CIPA can extend liability to providers themselves based on the software’s capabilities. Given the proliferation of AI across industries – and state efforts to regulate its use – additional litigation activity is anticipated going into 2026. Privacy World will keep you in the loop on further developments in this space. Stay tuned.