Privacy Policy

1. Introduction

Viola ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we handle your personal information when you use the Viola voice assistant application.

2. Data We Collect

2.1 Voice Audio

Processing: Voice audio is processed locally on your device for wake word detection and speech recognition.
Temporary Storage: When you speak a voice command, audio is temporarily saved to a local file for transcription processing. This temporary file is automatically deleted immediately after transcription completes. No voice audio is retained on disk after processing.
Transmission: Voice audio is never transmitted to our servers. If you opt into cloud AI services (OpenAI, Anthropic), transcribed text (not audio) may be sent to those third-party providers.

2.2 Music Preferences

Listening History: Your queue and playback history are stored locally only.
Preferences: Settings like preferred volume, voice mode, and audio device are stored locally.
No Tracking: We do not track what you listen to or share this information with anyone.

2.3 Authentication Tokens

Music Provider Tokens: OAuth tokens for YouTube Music, Spotify, Apple Music, and Tidal are stored in your device's encrypted keyring.
API Keys: Any API keys you provide (OpenAI, Anthropic) are stored locally in encrypted storage.
No Transmission: Your tokens and API keys are never transmitted to Viola servers.

2.4 Settings and Preferences

Local Storage: All application settings are stored in a local SQLite database on your device.
No Cloud Sync by Default: Settings remain on your device unless you explicitly enable cloud sync.

2.5 Optional Cloud Features (Opt-In Only)

If you enable cloud features, we may collect:

Account Information: Email address (if you create a Viola account)
Subscription Status: Plan type and billing status (processed by our payment provider)
Sync Data: Settings and preferences (if you enable cross-device sync)

Agent and Desktop Automation: Data Access Disclosure

When agent mode is enabled, Viola can access and interact with data on your device. This section discloses what data the agent features can access:

Screen Content: The agent can read the contents of application windows on your desktop, including text, UI element names, and window titles.
File System: The agent can read, write, search, and delete files on your device. Write and delete operations require your explicit approval.
Shell Commands: The agent can execute shell commands on your system, which may access or modify any data accessible to your user account. Each command requires your explicit approval.
Browser Content: The agent can navigate websites, read page content, extract links, and take screenshots in an automated browser session.
Keyboard and Mouse Input: The agent can type text, click UI elements, and send keyboard shortcuts to applications. These actions require your explicit approval.

All of this data is processed locally on your device. Agent mode is disabled by default and must be explicitly enabled in settings. Actions classified as high-risk require per-action approval before execution. No data accessed by agent features is transmitted to Viola servers.

3. Data We Do NOT Collect

We explicitly do not collect:

Voice Recordings: Temporary audio files are deleted immediately after transcription
Listening History: Stays on your device
Personal Identifiable Information: Unless you create an account
Location Data: No GPS or IP-based tracking
Usage Telemetry: No analytics or behavioral tracking without explicit consent
Biometric Data: No voice prints or fingerprints stored
Desktop Content: Data read by agent features is processed locally and not transmitted to us

4. Third-Party Services

4.1 Music Providers

When you connect a music provider (YouTube Music, Spotify, Apple Music, Tidal):

You authenticate directly with that provider via OAuth
The provider's own privacy policy applies to your use of their service
We only store the authentication token locally; we do not access your account data

Provider Privacy Policies:

4.2 AI Providers (Optional)

If you enable cloud AI features:

OpenAI: Your transcribed commands may be sent to OpenAI for processing. See OpenAI Privacy Policy.
Anthropic: Your transcribed commands may be sent to Anthropic for processing. See Anthropic Privacy Policy.
Note: Only text is transmitted, never audio.

4.3 Payment Processing

If you subscribe to a paid plan:

Payments are processed by Stripe
We do not store your credit card information
See Stripe Privacy Policy

4.4 Third-Party Data Processors

Processor	Purpose	Data Processed	Location
Stripe	Payment processing	Name, email, payment method (last 4 digits)	USA
OpenAI (opt-in)	AI command processing	Transcribed voice commands (text only)	USA
Anthropic (opt-in)	AI command processing	Transcribed voice commands (text only)	USA

Note: Music providers (YouTube, Spotify, etc.) are not our data processors -- you have a direct relationship with them. We facilitate OAuth authentication but do not receive or process your music data.

We will notify users via email or in-app notification if we add new processors that materially change data handling.

5. Local-First Architecture

Viola is designed with privacy as a core architectural principle:

Default Mode: All processing happens on your device
No Required Internet: Core features work offline
Cloud is Opt-In: Cloud features require explicit user action to enable
Transparent Data Flow: You can see exactly what data leaves your device (if any)

6. Your Rights

6.1 GDPR Rights (European Union)

If you are in the European Economic Area, you have the following rights:

Right of Access (Article 15)

You have the right to know what personal data we hold about you
Since most data is stored locally, you have direct access to it
For cloud accounts: Contact us to request a data export

Right to Erasure (Article 17)

You have the right to delete your personal data
Local data: Delete the app or clear app data
Cloud accounts: Contact us or use in-app account deletion

Right to Data Portability (Article 20)

You have the right to receive your data in a portable format
Local data is stored in standard SQLite format
Cloud data: Contact us for JSON export

Right to Withdraw Consent (Article 7)

You can withdraw consent for cloud features at any time
Disable cloud features in Settings > Privacy
Withdrawal does not affect the lawfulness of prior processing

6.2 CCPA Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Right to Know

You have the right to know what personal information we collect
See Section 2 above for complete details

Right to Delete

You have the right to request deletion of your personal information
Contact us at privacy@useviola.com

Right to Opt-Out of Sale

We do not sell your personal information
There is nothing to opt out of

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights

6.3 How to Exercise Your Rights

To exercise any of these rights:

Email: privacy@useviola.com
In-App: Settings > Privacy > My Data

We will respond to requests within 30 days.

7. Data Security

7.1 Encryption

Authentication tokens: Stored in OS-level encrypted keyring
API keys: Encrypted at rest using platform-specific secure storage
Local database: Standard file system permissions (user-only access)

7.2 Access Controls

Only the Viola application can access your data
No remote access to local data
Cloud data (if enabled) protected by account authentication

7.3 No Data Transmission by Default

The application does not "phone home"
No analytics or telemetry without explicit consent
Network access only for music streaming and optional AI features

8. Children's Privacy

Viola is not intended for children under 13
We do not knowingly collect personal information from children
Account registration requires confirmation that the user is at least 13 years old
If you believe a child has provided personal information, contact us for deletion

9. Data Retention

9.1 Local Data

Retained until you delete it or uninstall the application
You have full control over local data retention

9.2 Cloud Data (If Enabled)

Account data: Retained while account is active
Deleted within 30 days of account deletion request
Subscription records: Retained for 7 years for tax/legal compliance

9.3 Data Retention Schedule

Data Type	Retention Period	Location	Deletion Method
Voice audio	Deleted immediately after transcription	Local temp file	Automatic
Voice transcripts	Session only (RAM)	Local	Automatic on session end
Music queue	Until cleared or app uninstalled	Local SQLite	User-initiated or uninstall
Playback history	Until cleared or app uninstalled	Local SQLite	User-initiated or uninstall
Settings	Until app uninstalled	Local SQLite	Uninstall or manual deletion
OAuth tokens	Until revoked or expired	Local keyring	User revocation or expiry
API keys	Until removed by user	Local keyring	User-initiated
Account data (cloud)	Until account deletion	Cloud servers	30 days post-deletion request
Subscription records	7 years	Cloud servers	Legal retention requirement
Error logs	90 days	Local/Cloud	Automatic rotation

9A. Cookies and Local Storage

9A.1 What We Use

Technology	Purpose	Data Stored
SQLite Database	Application state	Settings, queue, playback history
OS Keyring	Secure credential storage	OAuth tokens, API keys
Session Storage (web UI)	Temporary UI state	Current view, transient preferences

9A.2 No Tracking Cookies

We do not use tracking cookies
We do not use analytics cookies
We do not use advertising cookies
No third-party cookies are set by Viola

9A.3 Third-Party Service Cookies

When you authenticate with music providers (via OAuth), those providers may set cookies in your browser according to their own policies. We have no control over these cookies.

9B. Data Breach Notification

9B.1 Our Commitment

In the unlikely event of a data breach affecting your personal information, we will:

Investigate the breach within 24 hours of discovery
Contain the breach and prevent further unauthorized access
Assess which users and data types are affected
Notify affected users and relevant authorities

9B.2 Notification Timeline

72 hours: Notify relevant data protection authorities (as required by GDPR)
Without undue delay: Notify affected users via email and/or in-app notification

9B.3 What We Will Tell You

If your data is affected, our notification will include:

Description of the breach
Types of data involved
Likely consequences
Measures we're taking
Steps you can take to protect yourself
Contact information for questions

9B.4 Scope

Viola's local-first architecture significantly reduces breach risk:

Most user data never leaves your device
We cannot breach data we don't have
Cloud features (opt-in) are the primary breach surface

10. International Data Transfers

Default: No international data transfers (data stays on your device)
Cloud Features: If you enable cloud features and are outside the US, your data may be transferred to US servers
We rely on Standard Contractual Clauses for EU data transfers

11. Changes to This Policy

We may update this Privacy Policy from time to time
Material changes will be communicated via in-app notification
Continued use after changes constitutes acceptance
Previous versions available upon request

12. Contact Us

For privacy questions or to exercise your rights:

Email: privacy@useviola.com
Data Protection Officer: dpo@useviola.com
Website: https://useviola.com/privacy
Response Time: We will respond to requests within 30 days

Mailing Address:
Viola
Attn: Privacy Team
Greenfield, Wisconsin, United States

13. Legal Basis for Processing (GDPR)

Processing Activity	Legal Basis
Voice processing	Legitimate interest (core functionality)
Music playback	Contract performance
Settings storage	Legitimate interest
Cloud sync (opt-in)	Consent
Account creation	Contract performance
Payment processing	Contract performance
Desktop automation (opt-in)	Consent