VOLTFLOW
    English

    Privacy Policy

    Last updated: 31-12-2025

    1. Who We Are

    Voltflowapp is operated by Selfsprekend, a sole proprietorship (eenmanszaak) registered in the Netherlands with the Dutch Chamber of Commerce (KVK).

    Legal entity details, including our registered address, are publicly available via the Dutch Chamber of Commerce (KVK). For privacy and safety reasons, we do not duplicate residential address details in this document.

    Contact: [email protected]

    2. Information We Collect

    We collect only the data necessary to provide our service.

    Account Information

    • Email address
    • Password (stored securely using industry-standard hashing)

    Tesla Account Data

    • OAuth access and refresh tokens (encrypted at rest)
    • Vehicle identifiers (VIN, display name)

    Vehicle & Charging Data

    • Battery state of charge
    • Charging status and schedules
    • Charging session history and usage metrics

    Charging Preferences

    • Away hours
    • Minimum battery threshold
    • Charging behavior preferences

    Usage & Diagnostic Data

    • App usage logs
    • Charging session summaries
    • Aggregated statistics (e.g. sessions completed, estimated cost savings)

    3. Location Data

    Voltflowapp does not store or persist location data.

    Location data (latitude/longitude) is fetched on-demand from Tesla's official API only when required to set or update a charging schedule. Location data is used transiently, then discarded immediately after the relevant API call.

    No location data is stored in databases, caches, or long-term logs. Our systems are intentionally designed without database fields for location storage. Location data may appear briefly in debug-level logs strictly for troubleshooting and is not retained.

    This approach follows data minimization and privacy-by-design principles.

    4. How We Use Your Information

    We process personal data for the following purposes:

    • To automatically optimize Tesla charging schedules
    • To ensure sufficient battery availability based on user-defined thresholds
    • To display charging history and efficiency insights within the app
    • To provide in-app notifications related to charging activity
    • To monitor system health, improve reliability, and troubleshoot issues

    5. Legal Basis for Processing

    We process personal data under the following lawful bases:

    • Performance of a contract: to deliver the Voltflowapp service
    • User consent: for Tesla OAuth access and notifications
    • Legitimate interest: for internal analytics, security, and service improvement

    You may withdraw consent at any time by revoking Tesla access or deleting your account.

    6. Data Security

    We take appropriate technical and organizational measures to protect your data:

    • Tesla OAuth tokens encrypted using AES-256-GCM
    • Passwords hashed using bcrypt
    • All data transmitted over HTTPS
    • Access restricted to authorized personnel only

    7. Data Sharing

    We do not sell, rent, or share personal data with third parties for marketing or profiling purposes.

    Energy Price Data Providers

    Voltflowapp retrieves public electricity market price data only from external sources in order to calculate optimal charging windows. We only perform GET requests to retrieve pricing information. No personal data is ever sent to energy providers.

    ENTSO-E (European Network of Transmission System Operators for Electricity)

    This is the only external energy API we actively call.

    Requests include:

    • API security token
    • Document type (day-ahead prices)
    • Market region identifiers (e.g. Netherlands)
    • Date ranges for pricing periods

    These requests do not include:

    • User identifiers
    • Email addresses
    • Vehicle identifiers (VIN)
    • Charging behavior
    • Location data

    The retrieved pricing data is stored internally and used solely to calculate optimal charging schedules. Energy price providers act as independent data sources and not as data processors under GDPR.

    Other Energy Providers (Zonneplan, Frank Energie, Tibber, Next Energie)

    • No API calls are made to these providers.
    • We do not send or receive data from them.
    • We store only the user's selected energy provider as a preference.
    • Provider-specific handling fees are applied locally using predefined values.
    • Consumer electricity prices are calculated internally using public market prices, provider handling fees, energy taxes, and VAT.
    • There is no reverse data flow to any energy provider.

    Tesla

    We share data with Tesla only via their official API and solely to:

    • Read vehicle status
    • Schedule and control charging

    Voltflowapp is not affiliated with Tesla.

    Legal Obligations

    We may disclose data if required by law or to protect our legal rights.

    8. Data Hosting & International Transfers

    All application data is hosted within the European Union (Amsterdam region) on infrastructure provided via AWS and Railway. We do not intentionally transfer personal data outside the EU.

    9. Data Retention

    • Account data: retained while your account is active
    • Tesla tokens: refreshed automatically, revoked tokens removed
    • Charging session data: retained to provide user dashboards and historical insights
    • Diagnostic logs: retained for a limited period for troubleshooting

    You may request deletion of your data at any time.

    10. Your Rights (GDPR)

    You have the right to:

    • Access your personal data
    • Correct inaccurate data
    • Request deletion
    • Export your data
    • Object to processing
    • Withdraw consent

    Requests can be sent to [email protected].

    11. Children's Privacy

    Voltflowapp is not directed at children. Users must be at least 16 years old to create an account.