Skip to content
How It Works Why Viola Pricing
Download

Security

A privacy brand has to show receipts. Here's the posture, the controls, and the disclosure path — plus a self-review you can read in full.

Your keys

BYOK mode touches zero Viola infrastructure. Your prompts go to your provider under your API key.

Your brain

Local (Ollama), managed (Codex / OpenAI), or BYOK cloud. You pick the path. Every switch is in Settings.

Your audit

Packet-capture welcome. The Network Flows doc names every hostname. If it doesn't match, that's a bug.

Account security

Account features are opt-in, but when you do create one, it is defended seriously.

Bcrypt password hashing (cost factor 12)

Passwords are pre-hashed with SHA-256 (to defeat bcrypt's 72-byte input truncation), then hashed with bcrypt at cost factor 12. Pattern matches OWASP's password-storage cheat sheet. Raw passwords are never logged or stored. Implementation: auth/passwords.py.

MFA (TOTP, backup codes)

Time-based one-time passwords plus single-use backup codes. TOTP replay protection enforced server-side.

WebAuthn / passkeys

Hardware-backed passkeys supported as a second factor or primary credential.

Session rotation

Sessions are rotated on plan change and sensitive account actions. Old cookies stop working immediately.

Step-up auth for deletion

Account deletion and GDPR export both require a freshly re-authenticated session and issue a signed receipt.

Rate limiting and replay defense

Login and MFA endpoints are rate limited with constant-time comparisons to defeat timing oracles.

Data-at-rest protection

Minimum we need, maximum we can encrypt, on your device first.

Encrypted credentials; key in OS keyring

OAuth tokens and third-party API keys are stored Fernet-encrypted on disk (credentials.enc). The encryption key lives in the OS keyring (Windows Credential Manager, macOS Keychain, Linux Secret Service). If the keyring is unavailable, the key is derived from the JWT secret via PBKDF2-HMAC-SHA256 @ 600k iterations. Implementation: utils/secure_credentials.py.

Encrypted conversation memory

Per-user conversation memory is encrypted at rest. Keys never leave the device.

GDPR export & purge

In-app data export ships you a portable archive. Account deletion purges the payment vault and any cloud-side data within 30 days.

Local-first database

Settings, queues, history, and memory all live in a local SQLite DB. Nothing ships off-device by default.

Runtime hardening

Guardrails for the parts of Viola that reach outside the sandbox.

Per-action approval for agent mode

Typing, clicking, shell commands, and file writes require per-action approval. Agent mode is off by default.

Payment-Gate

Browser automation can reach checkout but never submits payment without your explicit confirmation.

Safe expression evaluator

User-provided expressions run through a sandboxed evaluator with a whitelist of operations; eval on raw strings is blocked.

Prompt-injection defenses

Tool outputs are filtered through a prompt-injection guard before re-entering the agent loop. Suspicious tool replies are flagged and require confirmation.

SSRF guard

Outbound requests from the browser and web-read tools are checked against private-IP and link-local blocklists.

Crisis prefilter

Inputs consistent with a safety crisis are routed to a prefilter before the command pipeline and surface resources instead of tool calls.

Per-user isolation

Every data store, broadcast, cache, and background task is scoped to a user_id. No singletons hold per-user state.

Signed Windows installer

The distributable is a code-signed Windows installer. Hashes are published with each release.

Audits and reviews

Internal review — Claude Opus 4.7 — April 17, 2026

We don't want to pretend an internal review is a third-party audit. It isn't. What it is: a rigorous structural pass by a large-context model (Claude Opus 4.7) across identity isolation, data flows, encryption, opt-in boundaries, agent-mode guardrails, and known gaps. The review document is published in full — including findings we haven't closed yet — because that's what "receipts" actually look like.

Published in full Known gaps disclosed Third-party audit targeted Q3 2026

Read the internal review (markdown)

Responsible disclosure

If you find something, tell us

We take reports seriously and we respond fast.

  • Email: [email protected]
  • Acknowledgement window: 2 business days
  • Triage window: 10 business days for severity assessment
  • Coordinated disclosure: 90 days from first report unless negotiated otherwise
  • Safe harbor: good-faith research on your own devices will not result in legal action from us

We are working on a formal bug bounty program. In the meantime, we acknowledge researchers publicly on request.

Related pages

Privacy Ledger →

Every capability × what it runs on × what leaves your device × off switch.

Network Flows →

Every hostname Viola contacts, when, and why. Verify with Wireshark.