Telemetry & Data Egress
This page documents what data leaves a customer network when Ouva is used from browser and kiosk deployments.
Types of Telemetry and External Data
Section titled “Types of Telemetry and External Data”| Category | What it includes | When it occurs |
|---|---|---|
| Core application traffic | Authentication, scene/library reads, check-in and program data, activity tracking writes | During normal app use |
| Realtime synchronization | WebSocket subscriptions for live updates (for example check-ins and live scene state) | While realtime-enabled screens are open |
| Diagnostics and errors | Application errors in browser console and backend logs | On failures/exceptions |
| Kiosk operational monitoring (deployment-specific) | Device/display online status, kiosk session health, uptime signals | Continuous heartbeat plus state changes |
| Third-party ad/behavioral tracking | Not used by Ouva application runtime | N/A |
Data Elements Included
Section titled “Data Elements Included”| Flow | Data elements typically included |
|---|---|
| HTTPS request metadata | Source IP (at network edge), user agent/browser metadata, request timestamp, TLS session metadata |
| Authentication | Email/username input, auth tokens/JWTs, auth event timestamps |
| Activity tracking | user_id, library_id, session_id, start/heartbeat/end timestamps, duration metrics |
| Check-in and companion presence | user_id, scene_id or scene path, device_token, check-in/expiry timestamps |
| Program progress | User/program identifiers, item completion timestamps, status values |
| Kiosk operational monitoring | Device/display identifier, online/offline state, heartbeat timestamp, uptime schedule state |
Notes:
- Raw camera video is not required to be streamed to Ouva backend services for core scene interaction.
- Ouva is not a clinical record system; however, any profile fields entered by the customer (for example names) become customer data and are stored in Supabase.
- Captured image/video frames are not automatically sent to third-party analytics providers for processing.
- Ouva does not rely on browser advertising identifiers or fingerprinting-based telemetry.
Destinations (Domains and Services)
Section titled “Destinations (Domains and Services)”| Function | Destination | Notes |
|---|---|---|
| Frontend app delivery | https://app.ouva.co | Netlify-hosted frontend |
| Auth/API/DB/Realtime | https://<project-ref>.supabase.co/* | Includes Auth, REST/RPC, Storage, and WSS realtime |
| Camera scene model/runtime assets (only when camera scenes are used) | https://storage.googleapis.com/*, https://cdn.jsdelivr.net/* | MediaPipe asset delivery |
| Billing and customer profile services | https://js.stripe.com/*, https://api.stripe.com/* | Subscription and customer billing functionality |
| Kiosk monitoring (deployment-specific) | Deployment-specific monitoring endpoint(s) | Provided in deployment runbook/onboarding |
| Third-party analytics/crash SaaS | None by default | No separate browser analytics SDK is required |
Important:
- Browser clients do not call ElevenLabs directly. If text-to-speech is used, the browser calls Ouva backend endpoints, and backend services call ElevenLabs.
Frequency and Triggers
Section titled “Frequency and Triggers”| Trigger | Frequency / behavior |
|---|---|
| App load | On every page/application load |
| Sign-in/sign-out | On auth events |
| Scene activity tracking | Session start on scene entry, end on exit; heartbeat every 60 seconds while active |
| Realtime subscriptions | Open while relevant screen is active; updates on matching database events |
| Camera scene assets | On first use or cache miss |
| Billing requests | On customer profile and billing operations |
| Kiosk monitoring | Periodic heartbeat plus event-based alerts on device/display status changes |
Outside active sessions, there is no continuous background telemetry beyond optional kiosk monitoring heartbeats.
Encryption in Transit and Certificate Controls
Section titled “Encryption in Transit and Certificate Controls”- Browser traffic uses HTTPS/WSS with TLS 1.2 or higher.
- Cipher suites are negotiated by the browser and endpoint infrastructure (CDN/API provider).
- No browser-level certificate pinning is required by Ouva.
- If TLS inspection is used by enterprise proxies, inspection certificates must be trusted by managed devices.
For encryption at rest, compliance certifications, and a per-service encryption breakdown, see Security & Privacy Controls.
Telemetry Configuration and Minimization
Section titled “Telemetry Configuration and Minimization”Yes, in a feature-scoped way:
- Core application traffic to Ouva, Supabase, and Stripe is required for app functionality.
- Optional traffic can be minimized by deployment choices:
- Do not use camera scenes to avoid MediaPipe asset egress.
- Use kiosk monitoring only where always-on operational support is required.
- Kiosk monitoring scope can be configured during deployment to focus on operational health signals.
- Network egress can be constrained using domain allowlists in Network Guidelines.
For architecture reviews, Ouva can provide a deployment-specific egress profile aligned to your enabled feature set.