TeslaFi.com Security

 

 

At TeslaFi we take security very seriously and continue to look for opportunities to make improvements.

Below if a summary of how TeslaFi obtains and secures the data that it collects.

Hosting:

  • TeslaFi uses Amazon’s AWS platform and infrastructure with two factor authentication for access.  https://aws.amazon.com/security/
  • All data is stored in an encrypted RDS database that is not publicly accessible.  https://aws.amazon.com/rds/
  • SSH Keys are required to access all servers and IP restrictions further limit access to only authorized developers.
  • All servers are routinely scanned by Amazon Inspector to identify vulnerabilities or deviations from best practices.  https://aws.amazon.com/inspector/

Application Security:

Tesla API Token:

  • Tesla.com username and passwords used to create a Tesla.com token are not saved.
  • A user generated token can be used as an alternative to TeslaFi.com generating the Tesla.com token.
  • Tesla API token are not displayed on TeslaFi.com by default.
  • TeslaFi.com controls and scheduling are not enabled by default and cannot be enabled without generating or providing a new Tesla.com API token.
  • Remote start of Tesla vehicles require both the Tesla API token and the Tesla.com credentials.  TeslaFi.com is unable to remotely start a vehicle as Tesla.com credentials are not stored.

Credit Card Processing & Billing:

  • All credit card processing and transactions are conducted within Chargebee.com.  Chargebee is a PCI-DSS Level 1 Service Provider.
  • No payment information is stored or available to TeslaFi.com.
  • Chargebee.com access is protected by two factor authentication.

We are working continuously to make our system secure. If you find any security issues, please submit it to [email protected].