Security
Viola is designed to keep personal data local unless you turn on a cloud feature. This page summarizes the security controls in the public product.
Local first
Wake word, speech recognition, service credentials, and desktop-only settings stay on your machine by default.
Cloud by choice
Account, subscription, phone, and managed AI features use Viola cloud only when you enable those features.
Visible controls
The Network Flows page lists the public hostnames Viola contacts and when those connections are used.
Account security
Cloud accounts use GoTrue for identity, sessions, email verification, OAuth, and token refresh.
GoTrue identity
Account creation, password login, email verification, OAuth sign-in, and refresh-token handling are delegated to Viola's self-hosted GoTrue service.
Abuse limits
Public account-initiation routes pass through Viola's API edge with IP and email-aware limits before requests reach GoTrue.
Session boundary
Website API calls use GoTrue bearer tokens. Viola application tables map account identity through an app-owned profile boundary instead of exposing GoTrue tables directly.
Account deletion confirmation
Cloud account deletion requires password confirmation or a fresh authenticated token before erasure begins.
Data-at-rest protection
Desktop data starts local. Cloud data is limited to account, subscription, consented sync, and service features that require a server.
Encrypted credential stores
Third-party API keys are stored in per-user encrypted local vault files, with vault keys kept in the OS keyring. External-service OAuth tokens are stored separately and encrypted per user with PBKDF2-derived Fernet keys.
Per-account cloud isolation
Cloud records are scoped to the signed-in account and protected by Postgres row-level security at the database layer.
Cloud export and deletion
Signed-in users can export cloud account data. Account deletion removes user-scoped cloud rows and deletes the GoTrue account after confirmation.
Desktop-only secrets
Payment-vault data, BYOK API keys, OAuth tokens for external accounts, browser profiles, and local traces stay on the desktop.
Runtime hardening
Guardrails for the parts of Viola that reach outside the sandbox.
High-risk approval for agent mode
Agent mode is off by default. Shell commands, file writes and deletion, purchases, outbound sends, and other high-risk outcomes require approval; prohibited commands and paths are blocked.
Payment-Gate
Browser automation can reach checkout but never submits payment without your explicit confirmation.
Safe expression evaluator
User-provided expressions run through a sandboxed evaluator with a whitelist of operations; eval on raw strings is blocked.
Prompt-injection defenses
Browser and web content is sanitized and marked as untrusted before it can re-enter the agent loop. When untrusted content taints the context, high-risk tools are blocked by a deterministic gate instead of treating page text as instructions.
SSRF guard
Outbound requests from the browser and web-read tools are checked against private-IP and link-local blocklists.
Crisis prefilter
Inputs consistent with a safety crisis are routed to a prefilter before the command pipeline and surface resources instead of tool calls.
Per-account isolation
Cloud data paths are scoped to the signed-in account. A missing account context fails closed instead of falling back to shared state.
Signed Windows installer
The distributable is a code-signed Windows installer. Hashes are published with each release.
Responsible disclosure
If you find something, tell us
Send vulnerability reports to the security inbox with affected URLs, app version, reproduction steps, and impact.
We acknowledge reasonable reports within 24 hours and provide a substantive response within 72 hours.
- Email:
[email protected] - Include: steps to reproduce, account or device scope, and whether user data could be affected
- Do not include: passwords, private API keys, payment details, or unrelated personal data
- Safe harbor: test only accounts you own, avoid denial-of-service or high-volume testing, and report privately before public disclosure