Skip to content

Telemetry & Data Egress

This page documents what data leaves a customer network when Ouva is used from browser and kiosk deployments.

CategoryWhat it includesWhen it occurs
Core application trafficAuthentication, scene/library reads, check-in and program data, activity tracking writesDuring normal app use
Realtime synchronizationWebSocket subscriptions for live updates (for example check-ins and live scene state)While realtime-enabled screens are open
Diagnostics and errorsApplication errors in browser console and backend logsOn failures/exceptions
Kiosk operational monitoring (deployment-specific)Device/display online status, kiosk session health, uptime signalsContinuous heartbeat plus state changes
Third-party ad/behavioral trackingNot used by Ouva application runtimeN/A
FlowData elements typically included
HTTPS request metadataSource IP (at network edge), user agent/browser metadata, request timestamp, TLS session metadata
AuthenticationEmail/username input, auth tokens/JWTs, auth event timestamps
Activity trackinguser_id, library_id, session_id, start/heartbeat/end timestamps, duration metrics
Check-in and companion presenceuser_id, scene_id or scene path, device_token, check-in/expiry timestamps
Program progressUser/program identifiers, item completion timestamps, status values
Kiosk operational monitoringDevice/display identifier, online/offline state, heartbeat timestamp, uptime schedule state

Notes:

  • Raw camera video is not required to be streamed to Ouva backend services for core scene interaction.
  • Ouva is not a clinical record system; however, any profile fields entered by the customer (for example names) become customer data and are stored in Supabase.
  • Captured image/video frames are not automatically sent to third-party analytics providers for processing.
  • Ouva does not rely on browser advertising identifiers or fingerprinting-based telemetry.
FunctionDestinationNotes
Frontend app deliveryhttps://app.ouva.coNetlify-hosted frontend
Auth/API/DB/Realtimehttps://<project-ref>.supabase.co/*Includes Auth, REST/RPC, Storage, and WSS realtime
Camera scene model/runtime assets (only when camera scenes are used)https://storage.googleapis.com/*, https://cdn.jsdelivr.net/*MediaPipe asset delivery
Billing and customer profile serviceshttps://js.stripe.com/*, https://api.stripe.com/*Subscription and customer billing functionality
Kiosk monitoring (deployment-specific)Deployment-specific monitoring endpoint(s)Provided in deployment runbook/onboarding
Third-party analytics/crash SaaSNone by defaultNo separate browser analytics SDK is required

Important:

  • Browser clients do not call ElevenLabs directly. If text-to-speech is used, the browser calls Ouva backend endpoints, and backend services call ElevenLabs.
TriggerFrequency / behavior
App loadOn every page/application load
Sign-in/sign-outOn auth events
Scene activity trackingSession start on scene entry, end on exit; heartbeat every 60 seconds while active
Realtime subscriptionsOpen while relevant screen is active; updates on matching database events
Camera scene assetsOn first use or cache miss
Billing requestsOn customer profile and billing operations
Kiosk monitoringPeriodic heartbeat plus event-based alerts on device/display status changes

Outside active sessions, there is no continuous background telemetry beyond optional kiosk monitoring heartbeats.

Encryption in Transit and Certificate Controls

Section titled “Encryption in Transit and Certificate Controls”
  • Browser traffic uses HTTPS/WSS with TLS 1.2 or higher.
  • Cipher suites are negotiated by the browser and endpoint infrastructure (CDN/API provider).
  • No browser-level certificate pinning is required by Ouva.
  • If TLS inspection is used by enterprise proxies, inspection certificates must be trusted by managed devices.

For encryption at rest, compliance certifications, and a per-service encryption breakdown, see Security & Privacy Controls.

Yes, in a feature-scoped way:

  • Core application traffic to Ouva, Supabase, and Stripe is required for app functionality.
  • Optional traffic can be minimized by deployment choices:
    • Do not use camera scenes to avoid MediaPipe asset egress.
    • Use kiosk monitoring only where always-on operational support is required.
  • Kiosk monitoring scope can be configured during deployment to focus on operational health signals.
  • Network egress can be constrained using domain allowlists in Network Guidelines.

For architecture reviews, Ouva can provide a deployment-specific egress profile aligned to your enabled feature set.