Third-Party Services & Processors
The services Viola can send data to, and their DPA status.
1. AI / Language Model Providers
Anthropic (Claude API)
| Field |
Value |
| Data sent |
User prompts, conversation history, tool-use requests, relevant profile or learned-model context when included in the prompt |
| Why |
Natural language understanding, agent loop execution |
| Triggered by |
Voice commands, text queries routed to LLM |
| DPA available |
Yes — Anthropic DPA |
| DPA status |
Required |
AI infrastructure provider (US) — Viola's managed AI
| Field |
Value |
| Data sent |
User prompts, conversation history, tool-use requests, relevant profile or learned-model context when included in the prompt; token counts for billing |
| Why |
Viola's managed AI service — default AI source for paid plans; Viola is the contracting party with the underlying AI provider |
| Triggered by |
Voice commands and text queries routed through Viola's managed AI path |
| DPA available |
Yes — Viola maintains a DPA with the underlying US-based AI infrastructure provider |
| DPA status |
Required |
OpenAI (BYOK or cloud STT)
| Field |
Value |
| Data sent |
User prompts, conversation history, tool-use requests, relevant profile or learned-model context when included in the prompt, audio when cloud speech-to-text is enabled |
| Why |
Optional BYOK AI provider and speech-to-text transcription when you select OpenAI |
| Triggered by |
User selects OpenAI as their BYOK provider or cloud STT engine |
| DPA available |
Yes — OpenAI DPA |
| DPA status |
Required |
Additional OpenAI-compatible BYOK providers and custom endpoints
| Field |
Value |
| Data sent |
User prompts, conversation history, tool-use requests, relevant profile or learned-model context when included in the prompt, and provider request metadata |
| Why |
Optional AI routing through user-selected provider presets or a custom OpenAI-compatible endpoint |
| Triggered by |
User selects an OpenAI-compatible BYOK provider such as OpenRouter, Groq, Together, Mistral, Perplexity, DeepSeek, Fireworks, xAI, Cohere, or a custom base URL |
| DPA available |
Provider-specific |
| DPA status |
Direct user-provider relationship; selected provider terms and DPA apply |
Deepgram (cloud speech-to-text, optional)
| Field |
Value |
| Data sent |
Voice audio selected for cloud transcription and transcription request metadata |
| Why |
Optional cloud speech-to-text when configured instead of local transcription |
| Triggered by |
User or operator enables Deepgram cloud transcription |
| DPA available |
Provider-specific |
| DPA status |
Required when enabled for user audio |
2. Payment Processors
Stripe
| Field |
Value |
| Data sent |
User email, plan selection, payment card details (via Stripe Checkout) |
| Why |
Credit card subscription billing |
| Triggered by |
User initiates subscription purchase |
| DPA available |
Yes — Stripe DPA |
| DPA status |
Required |
BTCPay Server (self-hosted)
| Field |
Value |
| Data sent |
User ID, plan info, invoice metadata |
| Why |
Bitcoin/Lightning payment processing |
| Triggered by |
User selects cryptocurrency payment |
| DPA available |
N/A — self-hosted, operator controls data |
| DPA status |
Not required (self-hosted infrastructure) |
3. Music Services (Direct User-Provider Relationship)
Music services are direct services the user chooses to connect. Viola is the
client. These providers are disclosed here for customer transparency, but they
are not listed as Viola data processors in the Privacy Policy's processor
table.
YouTube / YouTube Music (Google)
| Field |
Value |
| Data sent |
Search queries, playback requests, and web player asset requests for supported YouTube/Google music paths |
| Why |
Music search, playback, and playlist resolution where supported |
| Triggered by |
"Play [song]" commands |
| DPA available |
Yes — Google Cloud DPA |
| DPA status |
Covered under Google account/API agreements where applicable; direct user-provider service |
Spotify (Windows desktop app only)
| Field |
Value |
| Data sent |
Search queries, playback requests, Spotify account sign-in, and web player asset requests from the Windows desktop app |
| Why |
Spotify playback in the Windows desktop app; embedded browser playback is not offered |
| Triggered by |
User connects or plays Spotify from the Windows desktop app |
| DPA available |
No |
| DPA status |
Direct user-provider service; Spotify is not a Viola cloud processor |
4. Account and Calendar Integrations
Google OAuth (account sign-in and Calendar where enabled)
| Field |
Value |
| Data sent |
OAuth authorization request, account identifier/profile claims returned through GoTrue for account sign-in, transient GoTrue OAuth flow-state during sign-in or connection, and Calendar data only where Calendar is enabled |
| Why |
Viola account sign-in and connecting Google Calendar where that feature is enabled |
| Triggered by |
User chooses Continue with Google on the website login page or connects Google Calendar in Settings where available |
| Limited Use |
Viola's use of Google user data complies with the Google API Services User Data Policy, including its Limited Use requirements. Google user data is not used to train AI/ML models and is not transferred to data brokers. |
| DPA available |
Yes — Google Cloud DPA |
| DPA status |
Covered by the Google Cloud DPA above |
Google OAuth account sign-in is separate from Calendar scopes. Gmail read,
Drive, Chat, and broader Google Workspace restricted-scope features are not
included in the currently supported Google account features.
Apple identity OAuth (account sign-in)
| Field |
Value |
| Data sent |
OAuth authorization request and Apple account identifier/profile claims returned through GoTrue for account sign-in |
| Why |
Viola account sign-in when Apple sign-in is configured and the user chooses Continue with Apple |
| Triggered by |
User chooses Continue with Apple on the website login page |
| DPA available |
Via Apple developer terms |
| DPA status |
Review Apple developer terms if Apple sign-in is enabled |
Microsoft OAuth / Microsoft Graph Calendar
| Field |
Value |
| Data sent |
OAuth authorization data, encrypted OAuth tokens, calendar event data, and calendar request metadata |
| Why |
Connecting the user's Microsoft calendar so Viola can read and manage calendar events at the user's direction |
| Triggered by |
User connects Microsoft calendar |
| DPA available |
Provider-specific Microsoft terms |
| DPA status |
Microsoft terms/DPA apply when enabled |
5. Messaging Platforms
Telegram
| Field |
Value |
| Data sent |
Bot token for desktop local setup, message text, chat IDs, account-link metadata |
| Why |
Telegram bot messaging channel where enabled |
| DPA status |
Review Telegram Bot API terms |
6. Utility Services
wttr.in (Weather)
| Field |
Value |
| Data sent |
Location (city name or coordinates), client IP |
| Why |
Weather data retrieval |
| Triggered by |
User asks for weather and primary weather providers do not return a result |
| DPA status |
Free service, no API key, no DPA available |
National Weather Service / api.weather.gov (Weather)
| Field |
Value |
| Data sent |
Latitude and longitude for U.S. weather lookups, client IP |
| Why |
U.S. weather observations and forecast overlay |
| Triggered by |
User asks for weather for a U.S. location or provides U.S. coordinates |
| DPA status |
U.S. government public API; no API key; no DPA available |
OpenStreetMap Nominatim (Weather Geocoding)
| Field |
Value |
| Data sent |
City or location text, client IP |
| Why |
Convert weather location names to coordinates for provider routing |
| Triggered by |
User asks for weather by city or location name |
| DPA status |
Public geocoding service; no API key; review OSMF/Nominatim usage terms |
ip-api.com (Weather Location Fallback)
| Field |
Value |
| Data sent |
Public IP address and client IP metadata |
| Why |
Best-effort fallback city lookup when the user asks for weather without an explicit or saved location |
| Triggered by |
Weather command without a city and without a saved weather location |
| DPA status |
Public/free IP geolocation service; no API key; provider terms apply for hosted processing |
EPA AirNow (Air Quality)
| Field |
Value |
| Data sent |
Viola downloads the public reporting-area file; per-user coordinates are not sent to AirNow |
| Why |
U.S. air quality enrichment resolved locally from public reporting-area data |
| Triggered by |
U.S. coordinate weather requests when AirNow AQI enrichment is enabled |
| DPA status |
U.S. government/public data source; no API key; no DPA available |
DuckDuckGo (Web Search)
| Field |
Value |
| Data sent |
Search queries |
| Why |
Agent web search fallback |
| DPA status |
No user tracking per DDG privacy policy |
Configured SearXNG endpoint (Web Search, Optional)
| Field |
Value |
| Data sent |
Search queries |
| Why |
Agent web search when a SearXNG endpoint is configured |
| DPA status |
Depends on the configured endpoint/operator |
Free Dictionary API
| Field |
Value |
| Data sent |
Word lookup queries |
| Why |
Dictionary/definition lookups |
| DPA status |
Public API, no PII sent |
User-configured API Vault endpoints and connector templates
| Field |
Value |
| Data sent |
User-supplied API keys or tokens, user-authored request payloads, response payloads, and request metadata |
| Why |
User-authored API tools and connector template calls such as GitHub, Notion, Slack, Google Maps, OpenWeatherMap, or custom endpoints |
| Triggered by |
User invokes an API Vault tool or connector template |
| DPA available |
Provider-specific |
| DPA status |
Direct user-provider relationship; selected endpoint terms and DPA apply |
Resend (Email Delivery)
| Field |
Value |
| Data sent |
Email addresses, subject, body |
| Why |
Transactional email, account notifications, and contact/support form notifications where configured |
| DPA available |
Yes — Resend DPA |
| DPA status |
Required |
Browser/OS Push Services (Web Push, opt-in)
| Field |
Value |
| Data sent |
Browser push endpoint, public encryption keys, notification title/body/data, and delivery metadata |
| Why |
Deliver user-enabled browser push notifications to the subscribed browser/device |
| Triggered by |
User subscribes a browser/device to Web Push and Viola sends an account notification |
| DPA available |
Provider-specific; the provider is selected by the user's browser or operating system |
| DPA status |
Browser/OS vendor terms apply when hosted Web Push is enabled |
S3-Compatible Object Storage (Cloudflare R2 or configured S3 backend)
| Field |
Value |
| Data sent |
User-uploaded files, phone call recordings, review/support artifacts, object metadata |
| Why |
Cloud file storage, call-recording storage, and user-requested artifact download/export support |
| Triggered by |
User enables cloud storage features, cloud phone recording storage, or a cloud artifact export path |
| DPA available |
Provider-specific; Cloudflare DPA for R2, AWS DPA if AWS S3 is configured |
| DPA status |
Required when the configured storage backend is enabled for user content |
Telnyx (Telephony)
| Field |
Value |
| Data sent |
Phone numbers called, call audio streams, call metadata (timestamps, durations) |
| Why |
Carrier for Viola's outbound phone calling feature (US numbers only) |
| Triggered by |
User enables phone calling and Viola places an outbound call |
| DPA available |
Yes — Telnyx DPA |
| DPA status |
Required |
Cloudflare
| Field |
Value |
| Data sent |
DNS/CDN request metadata; aggregate, cookieless website page-view metrics (Cloudflare Web Analytics); operational alert emails where the Email Service is configured |
| Why |
DNS, CDN, tunnel to the cloud API, cookieless website analytics, optional operator alert email delivery |
| Triggered by |
Always (the website and cloud API are served via Cloudflare) |
| DPA available |
Yes — Cloudflare DPA |
| DPA status |
Required |
7. Operator Alerting (Optional)
These services receive operational metrics and incident summaries for the operator,
not user content.
PagerDuty
| Field |
Value |
| Data sent |
Operational incident summaries and alert metadata |
| Why |
Operator incident paging |
| Triggered by |
Operator alerting configuration |
| DPA status |
Review required if enabled |
Pushover
| Field |
Value |
| Data sent |
Operational alert messages and delivery metadata |
| Why |
Operator push notifications |
| Triggered by |
Operator alerting configuration |
| DPA status |
Review if enabled |
Telnyx SMS
| Field |
Value |
| Data sent |
SMS destination/origin numbers, verification-code message content, HELP/STOP compliance replies, opted-in inbound/outbound conversational SMS content, delivery metadata, and operator alert SMS content when alerts are configured |
| Why |
Account SMS verification, user-requested conversational SMS, legally required SMS opt-out/help handling, and optional operator alerting |
| Triggered by |
Explicit Account SMS opt-in/verification, inbound SMS from a verified/consented account number, STOP/HELP keywords, or operator alerting configuration |
| DPA status |
Covered by the Telnyx DPA |
8. Error Monitoring (Optional)
Sentry
| Field |
Value |
| Data sent |
Error stack traces, sanitized context (no secrets) |
| Why |
Production error tracking |
| Triggered by |
Opt-in only via sentry_dsn config + privacy consent |
| DPA available |
Yes — Sentry DPA |
| DPA status |
Required if Sentry is used |
Summary of DPA Requirements
| Processor |
DPA Required |
DPA Available |
Status |
| Anthropic |
Yes |
Yes |
Required |
| AI infrastructure provider (US) — Viola's managed AI |
Yes |
Yes |
Required |
| OpenAI (BYOK or cloud STT) |
Yes |
Yes |
Required |
| Additional OpenAI-compatible BYOK providers/custom endpoints |
If used |
Provider-specific |
Selected provider terms/DPA apply |
| Deepgram |
If used |
Provider-specific |
Required when enabled for user audio |
| Google OAuth |
Yes |
Yes |
Required |
| Apple identity OAuth |
If used |
Terms-based |
Review Apple developer terms if enabled |
| Microsoft OAuth / Graph |
If used |
Provider-specific |
Microsoft terms/DPA apply when enabled |
| Stripe |
Yes |
Yes |
Required |
| BTCPay |
No |
N/A |
Self-hosted |
| Cloudflare |
Yes |
Yes |
Required |
| Telnyx |
Yes |
Yes |
Required |
| Spotify |
No |
N/A |
Direct user-provider service for the Windows desktop app; no cloud processor |
| Resend |
Yes |
Yes |
Required |
| Sentry |
If used |
Yes |
Required if enabled |
| PagerDuty |
If used |
Review |
Review required if enabled |
| Pushover |
If used |
Review |
Review if enabled |
| Telegram |
No |
Review |
Review Telegram Bot API terms when enabled |
| wttr.in |
No |
N/A |
Receives city + client IP; no API key, no DPA available |
| National Weather Service |
No |
N/A |
Receives U.S. coordinates + client IP; public government API |
| OpenStreetMap Nominatim |
No |
N/A |
Receives weather location text + client IP; public geocoding service |
| ip-api.com |
No |
N/A |
Receives public IP/client IP metadata for fallback weather-location lookup; no API key |
| EPA AirNow |
No |
N/A |
Public reporting-area file only; no per-user coordinates sent |
| DuckDuckGo |
No |
N/A |
No tracking |
| Free Dictionary API |
No |
N/A |
Public API, no PII sent |
| API Vault / user-configured endpoints |
If used |
Provider-specific |
Direct user-provider relationship; selected endpoint terms apply |
