Charge HQ does not have access to your Tesla username or password. Our access is enabled via an access token. You can at any time revoke all access to your vehicle by Charge HQ via the Tesla website or App.
When you connect your Tesla to Charge HQ, there are two authorisation steps.
Step 1 - you grant us access to your Tesla account, with the minimum access level we need to provide the smart charging service. You can learn more about the access levels we need here.
Step 2 - you install a virtual key that lets Charge HQ send commands to your car.
Importantly: This virtual key does not give us full access to your car. It only gives us access to the information and controls covered in Step 1.
Charge HQ will NOT have the ability to:
We take security seriously and apply standard best-practices to system security. The access tokens are stored in an encrypted format.
Of course, there are still risks. There is a slim possibility that an attacker could obtain the access tokens (although it would be very difficult to do so) and collect information from your vehicle, and start sending charging related commands to it, until the token was revoked. All third-party services which use the Tesla API involve this risk.
