# Third-Party Services and Processors This document lists every third-party service that Viola sends user data to, what data is sent, why, and the DPA (Data Processing Agreement) status where the service acts as Viola's processor. Some services below, especially user-selected music providers, are not Viola processors. They are direct services the user chooses to connect; their own terms and privacy policies govern that relationship. All integrations listed below are **optional** unless marked otherwise. Users choose which services to enable. --- ## 1. AI / Language Model Providers ### Anthropic (Claude API) | Field | Value | |-------|-------| | **Data sent** | User prompts, conversation history, tool-use requests | | **Why** | Natural language understanding, agent loop execution | | **Triggered by** | Voice commands, text queries routed to LLM | | **DPA available** | Yes — [Anthropic DPA](https://www.anthropic.com/policies/data-processing-addendum) | | **DPA status** | Required | ### OpenAI (GPT API + Whisper) | Field | Value | |-------|-------| | **Data sent** | User prompts, conversation history, tool-use requests, audio when cloud speech-to-text is enabled | | **Why** | Managed AI, optional BYOK AI provider, and speech-to-text transcription | | **Triggered by** | Voice commands, text queries, managed AI routing, or cloud speech-to-text when enabled | | **DPA available** | Yes — [OpenAI DPA](https://openai.com/policies/data-processing-addendum) | | **DPA status** | Required | --- ## 2. Payment Processors ### Stripe | Field | Value | |-------|-------| | **Data sent** | User email, plan selection, payment card details (via Stripe Checkout) | | **Why** | Credit card subscription billing | | **Triggered by** | User initiates subscription purchase | | **DPA available** | Yes — [Stripe DPA](https://stripe.com/legal/dpa) | | **DPA status** | Required | ### BTCPay Server (self-hosted) | Field | Value | |-------|-------| | **Data sent** | User ID, plan info, invoice metadata | | **Why** | Bitcoin/Lightning payment processing | | **Triggered by** | User selects cryptocurrency payment | | **DPA available** | N/A — self-hosted, operator controls data | | **DPA status** | Not required (self-hosted infrastructure) | --- ## 3. Music Services (Direct User-Provider Relationship) Music services are direct services the user chooses to connect. Viola is the client. These providers are disclosed here for launch-readiness completeness, but they are not listed as Viola data processors in the Privacy Policy's processor table. ### YouTube / YouTube Music (Google) | Field | Value | |-------|-------| | **Data sent** | Search queries, API key, playback requests | | **Why** | Music search, streaming, playlist resolution | | **Triggered by** | "Play [song]" commands | | **DPA available** | Yes — [Google Cloud DPA](https://cloud.google.com/terms/data-processing-addendum) | | **DPA status** | Covered under Google account/API agreements where applicable; direct user-provider service | ### Spotify | Field | Value | |-------|-------| | **Data sent** | OAuth tokens, device IDs, playback state | | **Why** | Spotify music streaming and control | | **Triggered by** | User enables Spotify integration | | **DPA available** | Via Spotify Developer Terms | | **DPA status** | Direct user-provider service; review Spotify Developer Terms | --- ## 4. Google Account Integration ### Google OAuth (Gmail, Calendar, YouTube Music scopes) | Field | Value | |-------|-------| | **Data sent** | Auth code, OAuth tokens, and the Gmail/Calendar/YouTube data the user authorizes Viola to access | | **Why** | Connecting the user's own Google account so Viola can read/send email, manage calendar events, and play YouTube Music — at the user's direction | | **Triggered by** | User connects their Google account in Settings | | **Limited Use** | Viola's use of Google user data complies with the Google API Services User Data Policy, including its Limited Use requirements. Google user data is not used to train AI/ML models and is not transferred to data brokers. | | **DPA available** | Yes — Google Cloud DPA | | **DPA status** | Covered by the Google Cloud DPA above | Note: Viola does not offer "Sign in with Google" as a login method for Viola accounts. Google OAuth is used only to connect a user's own Gmail/Calendar/YouTube account to Viola's features. --- ## 5. Messaging Platforms ### Telegram | Field | Value | |-------|-------| | **Data sent** | Bot token, message text, chat IDs | | **Why** | Telegram bot messaging channel | | **DPA status** | Review Telegram Bot API terms | ### Discord | Field | Value | |-------|-------| | **Data sent** | Bot token, message text, user IDs | | **Why** | Discord bot messaging channel | | **DPA status** | Review Discord Developer Terms | ### Slack | Field | Value | |-------|-------| | **Data sent** | Bot token, message text, channel/user IDs | | **Why** | Slack workspace messaging | | **DPA status** | Review Slack API Terms | ### Signal (via signal-cli) | Field | Value | |-------|-------| | **Data sent** | Messages, phone numbers (to local signal-cli daemon) | | **Why** | Privacy-focused encrypted messaging | | **DPA status** | N/A — local daemon, E2E encrypted | ### WhatsApp (via Baileys sidecar) | Field | Value | |-------|-------| | **Data sent** | Messages, phone numbers (to local Node.js bridge) | | **Why** | WhatsApp messaging integration | | **DPA status** | Review — unofficial library, no Meta DPA available | ### Matrix | Field | Value | |-------|-------| | **Data sent** | Messages, credentials (to configured homeserver) | | **Why** | Open federated messaging | | **DPA status** | N/A — self-hosted homeserver option | --- ## 6. Utility Services ### wttr.in (Weather) | Field | Value | |-------|-------| | **Data sent** | Location (city name or coordinates), client IP | | **Why** | Weather data retrieval | | **DPA status** | Free service, no API key, no DPA available | ### DuckDuckGo (Web Search) | Field | Value | |-------|-------| | **Data sent** | Search queries | | **Why** | Agent web search (privacy-preserving) | | **DPA status** | No user tracking per DDG privacy policy | ### Free Dictionary API | Field | Value | |-------|-------| | **Data sent** | Word lookup queries | | **Why** | Dictionary/definition lookups | | **DPA status** | Public API, no PII sent | ### Resend (Email Delivery) | Field | Value | |-------|-------| | **Data sent** | Email addresses, subject, body | | **Why** | Transactional email (verification, notifications) | | **DPA available** | Yes — [Resend DPA](https://resend.com/legal/dpa) | | **DPA status** | Required | --- ### Telnyx (Telephony) | Field | Value | |-------|-------| | **Data sent** | Phone numbers called, call audio streams, call metadata (timestamps, durations) | | **Why** | Carrier for Viola's outbound phone calling feature (US numbers only) | | **Triggered by** | User enables phone calling and Viola places an outbound call | | **DPA available** | Yes — [Telnyx DPA](https://telnyx.com/data-processing-addendum) | | **DPA status** | Required | ### Cloudflare | Field | Value | |-------|-------| | **Data sent** | DNS/CDN request metadata; aggregate, cookieless website page-view metrics (Cloudflare Web Analytics); operational alert emails where the Email Service is configured | | **Why** | DNS, CDN, tunnel to the cloud API, cookieless website analytics, optional operator alert email delivery | | **Triggered by** | Always (the website and cloud API are served via Cloudflare) | | **DPA available** | Yes — [Cloudflare DPA](https://www.cloudflare.com/cloudflare-customer-dpa/) | | **DPA status** | Required | --- ## 7. Operator Alerting (Optional) These services receive operational metrics and incident summaries for the operator, not user content. ### PagerDuty | Field | Value | |-------|-------| | **Data sent** | Operational incident summaries and alert metadata | | **Why** | Operator incident paging | | **Triggered by** | Operator alerting configuration | | **DPA status** | Review required if enabled | ### Pushover | Field | Value | |-------|-------| | **Data sent** | Operational alert messages and delivery metadata | | **Why** | Operator push notifications | | **Triggered by** | Operator alerting configuration | | **DPA status** | Review if enabled | ### Telnyx SMS | Field | Value | |-------|-------| | **Data sent** | Operator alert SMS content and destination number | | **Why** | Operational alerts to the operator via SMS | | **Triggered by** | Operator alerting configuration | | **DPA status** | Covered by the Telnyx DPA | --- ## 8. Error Monitoring (Optional) ### Sentry | Field | Value | |-------|-------| | **Data sent** | Error stack traces, sanitized context (no secrets) | | **Why** | Production error tracking | | **Triggered by** | Opt-in only via `sentry_dsn` config + privacy consent | | **DPA available** | Yes — [Sentry DPA](https://sentry.io/legal/dpa/) | | **DPA status** | Required if Sentry is used | --- ## Summary of DPA Requirements | Processor | DPA Required | DPA Available | Status | |-----------|:----------:|:------------:|--------| | Anthropic | Yes | Yes | Required | | OpenAI | Yes | Yes | Required | | Google (YouTube/Calendar/Gmail) | Yes | Yes | Required | | Stripe | Yes | Yes | Required | | BTCPay | No | N/A | Self-hosted | | Cloudflare | Yes | Yes | Required | | Telnyx | Yes | Yes | Required | | Spotify | No | Terms-based | Direct user-provider service | | Resend | Yes | Yes | Required | | Sentry | If used | Yes | Required if enabled | | PagerDuty | If used | Review | Review required if enabled | | Pushover | If used | Review | Review if enabled | | Signal | No | N/A | Local daemon | | Matrix | No | N/A | Self-hosted option | | wttr.in | No | N/A | Receives city + client IP; no API key, no DPA available | | DuckDuckGo | No | N/A | No tracking | | Free Dictionary API | No | N/A | Public API, no PII sent |