TeslaFi.com Security

At TeslaFi we take security very seriously and continue to look for opportunities to make improvements.

Below is a summary of how TeslaFi obtains and secures the data that it collects.


  • TeslaFi uses Amazon’s AWS platform and infrastructure with two factor authentication for access.  https://aws.amazon.com/security/
  • All data is stored in an encrypted RDS database that is not publicly accessible.  https://aws.amazon.com/rds/
  • SSH Keys are required to access all servers and IP restrictions further limit access to only authorized developers.
  • All servers are routinely scanned by Amazon Inspector to identify vulnerabilities or deviations from best practices.  https://aws.amazon.com/inspector/

Application Security:

Tesla API Token:

  • Tesla.com username and passwords used to create a Tesla.com token are never saved or stored on TeslaFi.
  • Full support for Tesla.com accounts with two factor authentication enabled.
  • A user generated token can be used as an alternative to TeslaFi.com generating the Tesla.com token.
  • Tesla API tokens are not displayed on TeslaFi.com by default.
  • Controls and scheduling on TeslaFi.com are not enabled by default and cannot be enabled without generating or providing a new Tesla.com API token.
  • Tesla API Tokens can be revoked at any time by changing your Tesla.com password.

TeslaFi.com Account:

  • TOTP two factor authentication is available for all accounts and can be configured in settings->account->security.
  • An email notification can be configured in settings->account->security to alert of all new logins.

Credit Card Processing & Billing:

  • All credit card processing and transactions are conducted within Chargebee.com.  Chargebee is a PCI-DSS Level 1 Service Provider.
  • No payment information is stored or available to TeslaFi.com.
  • Chargebee.com access is protected by two factor authentication.

We are working continuously to make our system secure. If you find any security issues, please submit it to [email protected].