Privacy Policy

Effective date: May 4, 2026 · Last updated: May 4, 2026

Solar Monitor is built on a simple principle: your data stays yours. We connect to your Tesla account only to read your solar production data and display it on your Wear OS watch. We don't sell data, run ads, or store anything on our servers beyond what's needed to serve your request in the moment.

1. What We Collect

Solar Monitor collects the minimum data necessary to function:

Data	Collected?	Stored where?	Purpose
Tesla OAuth access & refresh tokens	Yes	On your device only (encrypted, EncryptedSharedPreferences)	Authenticate requests to Tesla's API
Solar production figures (kWh values)	Yes	On your device only (SharedPreferences cache)	Display live and historical output on phone & watch
Name, email, or Tesla account details	No	—	—
Location data	No	—	—
Usage analytics or crash reports	No	—	No analytics or crash SDKs are present

2. How We Use Your Data

Your Tesla OAuth tokens are used exclusively to:

Fetch solar production data from Tesla's API on your behalf
Refresh expired tokens automatically so background sync keeps working

Tokens are sent from your device to our Vercel backend (solarmonitor.app) as a bearer credential over HTTPS. The backend uses the token to call Tesla's API, returns the solar data to your device, and retains nothing — no token, no production data, no logs containing your credentials are persisted on our servers.

3. Data Sharing

We do not sell, rent, or share your data with any third party, with the following narrow technical exceptions:

Tesla, Inc. — Your tokens are forwarded to Tesla's official API endpoints to retrieve your solar data. This is the core function of the app.
Vercel, Inc. — Our backend runs on Vercel's infrastructure. Vercel may log request metadata (IP address, timestamp) per their standard platform logging practices. See Vercel's Privacy Policy.

No advertising networks, data brokers, or analytics providers receive any information.

4. Data Retention

On-device tokens — Stored until you log out or uninstall the app.
On-device solar cache — Overwritten on each sync cycle. Cleared on uninstall.
Server side — Nothing is retained. Each API request is stateless.

5. Security

OAuth tokens are stored using Android's EncryptedSharedPreferences (AES-256-GCM), backed by the Android Keystore. All network communication uses TLS (HTTPS). The app sets android:allowBackup="false" to prevent token extraction via ADB backup. Your Tesla client secret never leaves our server environment — it is not embedded in the app binary.

6. Children's Privacy

Solar Monitor is not directed at children under 13. We do not knowingly collect any information from children.

7. Changes to This Policy

If we make material changes, we will update the effective date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

8. Contact & Data Deletion

To request deletion of any data associated with your use of Solar Monitor, or if you have any privacy questions, contact us at:

privacy@solarmonitor.app

Because tokens are stored only on your device, the most complete deletion action is to log out within the app (which clears tokens) and then uninstall it.