Privacy Policy

This Privacy Policy explains how teslada.sh(the “Service,” “we,” “us”) collects, uses, and protects information when you use the Service. We believe in collecting as little personal data as possible and being clear about what we do with what we collect.

Information you provide

• Account data: email address and password hash when you register.
• Billing data: if you subscribe to a paid plan, payment is processed by Stripe. We do not store your card number, CVV, or full payment credentials. We store a Stripe customer identifier and subscription status.
• Support correspondence: messages you send us directly.

Information collected automatically

• Session cookies: used to keep you signed in. These are essential and cannot be disabled while using the Service.
• Basic request metadata: IP address, user agent, timestamps, and requested resources, used for security, abuse prevention, and debugging. These are kept in short-term server logs.

What we do not collect

• We do not run advertising or ad-tracking pixels.
• We do not sell personal data to third parties, and we never will.
• We do not store the content of videos you watch. Your viewing history is not profiled or associated with your identity beyond ephemeral session logs.
• We do not collect vehicle data, location data, driving data, or any Tesla account credentials.

We use the information we collect only to:

• create and maintain your account;
• process subscription payments and manage billing;
• operate, secure, and improve the Service;
• respond to support requests;
• comply with legal obligations.

If you choose to connect your YouTube account, we receive an OAuth token from Google that lets us call the YouTube Data API on your behalf. We use this access solely to display your subscriptions and liked videos inside the Service. Specifically:

teslada.sh’s use of information received from YouTube APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

• We request the youtube.readonly scope only. We cannot and do not subscribe, like, or otherwise modify your YouTube account.
• We store your OAuth access and refresh tokens encrypted at rest using AES-256-GCM with an encryption key rotated independently of our database credentials.
• We do not sell, share, or transfer YouTube API data to third parties. YouTube API data is not used for advertising, AI model training, or any purpose other than rendering your own data back to you.
• You can disconnect at any time from the Account page. Disconnection revokes our access token with Google and deletes the associated record from our database. You can also revoke access directly at Google’s permissions page.
• Use of YouTube API Services is subject to YouTube’s Terms of Service and the Google Privacy Policy.

We rely on a small number of trusted infrastructure providers. Each processes data only as needed to deliver their part of the Service:

• Supabase — authentication, database, and session storage.
• Stripe — payment processing and subscription management. Stripe is a PCI-DSS Level 1 certified processor.
• Our hosting provider — serves the application and stores short-term request logs.

When you watch a video through the Service, your device fetches the video content from third-party origins (including YouTube’s content delivery network). Those third parties may log the request according to their own privacy policies. We do not control and are not responsible for their data practices.

We use only strictly necessary cookies required to keep you signed in and to maintain security. We do not use analytics, advertising, or third-party tracking cookies. Because the cookies we set are strictly necessary, no consent banner is required under the ePrivacy Directive.

• Account data is retained for as long as your account is active.
• Billing records are retained for the period required by tax and accounting law in our jurisdiction (typically 7 years).
• Server logs are retained for up to 30 days for debugging and abuse prevention, then deleted or anonymized.
• When you delete your account, we delete or anonymize personal data within 30 days, except records we are legally required to keep.

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate personal data;
• delete your personal data (“right to be forgotten”);
• export your personal data in a portable format;
• object to or restrict certain processing;
• withdraw consent at any time where processing is consent-based.

To exercise any of these rights, email us at support@teslada.sh. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

California residents additionally have rights under the CCPA/CPRA, including the right to know and the right to delete described above. We do not sell or share personal data as those terms are defined by the CCPA.

Our processors may store and process data in countries other than your own. Where data is transferred from the European Economic Area, the United Kingdom, or Switzerland, we rely on the Standard Contractual Clauses and the safeguards provided by our processors.

We use industry-standard safeguards to protect your data, including TLS encryption in transit, encrypted storage at rest via our database provider, hashed passwords, and access controls on administrative systems. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you as required by law.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

We may update this Policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, provide additional notice through the Service. Your continued use after changes become effective constitutes acceptance of the updated Policy.

Questions, requests, or complaints about this Policy can be sent to support@teslada.sh.