TLog+ Security

At TLog+ we go through great lengths to ensure that the Services and your data are secure.

Your TLog+ password (the password you use to login to TLog+, not your Tesla password) is stored using state-of-art Argon2 hashing.

Your Tesla password (the one you use on tesla.com or in your Tesla phone app) is not needed for using TLog+. What we need in order to get data from your car(s) is a valid token set. There are two ways in which we can get such token set:

• The easy way: you provide us your Tesla email address and password which we will use ONCE to generate a valid token set. Once the token set is generated, your Tesla password is permanently erased immediately. It is never stored on disk, it is only stored in memory for the minimal time (seconds) required to obtain a valid token set.
• The slightly harder way: you provide us with a valid Reset Token that you can generate yourself. To generate a Reset token, you need some basic programming knowledge (more information can be found here, here or by using a search engine looking for "auth tesla api". We will use this Reset Token to immediately refresh and get a fresh valid token set. It will render the Refresh Token and its associated Access Token invalid, so make sure you generate a fresh one! Using this method, you do not need to share your Tesla password with us.

The token set TLog+ can be made invalid by you at any time, just by changing your Tesla password on the tesla.com website. Please note that if you need to change your Tesla password, but do want TLog+ to continue logging your data, you need to login to TLog+ and generate a new token set (or provide a new Refresh Token) as explained above.

With the token set you give to us, we cannot start your car. However, we can retrieve a fair amount of data regarding your car from the Tesla API. We are also able to have your car perform some actions such as flashing the headlights, or honking the horn. For full details on what information can be retrieved and what actions are possible, please click here.

The data we collect is stored in a database hosted by Google in the cloud (Cloud SQL). Your data is protected by state-of-the art security for which Google is well known. Access to your data happens only through encrypted communication channels with state-of-the art authentication.

The TLog+ service are only accessible through https. This means that any data exchanged between your device and the TLog+ servers is encrypted using industry standard encryption.