Legal

Privacy Policy

Last updated: 18 May 2026

    The short version: Ember is built with privacy at its core. We collect only what's needed to schedule your charging. We never sell your data. We never track you across apps. Your Tesla credentials are stored encrypted on our servers and used solely to control your car's charge schedule.
  

1. Who we are

Ember ("we", "our", "us") is operated by Myles Carey. Ember is an iOS app and web service that helps Octopus Agile customers charge their Tesla vehicles in the cheapest electricity price windows.

Contact: hello@ember-ev.co.uk

2. What data we collect

2.1 Account data

Email address — used for account creation, login, and essential communications
Postcode (outward code only) — used to determine your electricity distribution region for correct Agile pricing. We only store the outward code (e.g. "UB8"), never the full postcode

2.2 Tesla integration data

Tesla OAuth tokens — stored encrypted on our servers (Supabase). Used to communicate with your vehicle for charge scheduling. Never shared with third parties
Vehicle identification number (VIN) — stored to identify your vehicle. Only the first 5 characters are ever logged for debugging
Vehicle name — your car's display name (e.g. "Tessy"), used in the app UI and notifications
Battery level and charge state — read from your vehicle to calculate optimal charging windows. Not stored long-term beyond schedule records
Vehicle location — used only to determine if your car is at home for scheduling purposes. We do not track your location history

2.3 Charging data

Charge schedules — window times, prices, costs, and savings are stored to power your analytics and charging history
Charge target and charger speed — your preferences, used to calculate optimal windows

2.4 Device data

Push notification token — stored to send you charging window notifications and reminders. You can disable notifications at any time in iOS Settings
Device type, OS version, and app version — collected anonymously by our analytics provider (Amplitude) to understand which devices our users use and improve the app. No personally identifiable information is included and data is never linked to your identity

2.5 Website data

Beta signup email — if you join our beta or waitlist, your email is stored to send you access information
We do not use cookies on our website
We use Amplitude (EU region) to understand how visitors use our website. Amplitude collects anonymous usage data — no personally identifiable information is included

3. What we do NOT collect

    We never collect: your full postcode, driving history, trip data, contacts, photos, browsing activity, location history, or any data unrelated to EV charging optimisation. We do not use advertising identifiers or track you across apps or websites.
  

4. How we use your data

Data	Purpose	Legal basis
Email	Account management, essential communications	Contract performance
Postcode	Electricity region detection for correct pricing	Contract performance
Tesla tokens	Reading vehicle state, setting charge schedules	Contract performance, consent
Battery level	Calculating charge duration and optimal windows	Contract performance
Charge schedules	Analytics, history, savings tracking	Contract performance
Push token	Sending charging notifications	Consent
Device info (anonymous)	Understanding app usage patterns	Legitimate interest
Beta signup email	Sending beta access information	Consent

5. Where your data is stored

Your data is stored on Supabase (hosted on AWS in the EU). Tesla OAuth tokens are stored encrypted in the database. All data transmission uses TLS encryption.

Our vehicle command proxy runs on Railway (US-based hosting). This proxy only relays commands to Tesla's API — it does not store any data.

Anonymous analytics data is processed by Amplitude (EU region). Amplitude is GDPR compliant — it does not use cookies, and no personally identifiable information is sent to Amplitude.

6. Data sharing

We do not sell your data. We do not share your data with advertisers. We share data only with the following service providers who are essential to Ember's operation:

Supabase — database and authentication hosting
Tesla — your vehicle data and commands are sent via Tesla's Fleet API. Tesla's own privacy policy applies to data they process
Octopus Energy — we fetch publicly available Agile pricing data. We do not send any of your data to Octopus
Apple (APNs) — push notification delivery
Amplitude — anonymous app usage analytics (EU region, GDPR compliant)
Railway — vehicle command proxy hosting
Vercel — website hosting

7. Tesla data specifically

When you connect your Tesla account to Ember via OAuth, you grant Ember permission to:

Read your vehicle's battery level, charge state, and location
Set charge schedules and charge limits on your vehicle
Start and stop charging

You can revoke Ember's access to your Tesla account at any time from your Tesla account settings at accounts.tesla.com. Revoking access will immediately prevent Ember from communicating with your vehicle.

8. Data retention

Account data — retained while your account is active
Charge schedules — retained for analytics and history. You can request deletion at any time
Tesla tokens — retained while your Tesla account is connected. Deleted when you disconnect or delete your account
Command audit logs — automatically deleted after 30 days
Error logs — retained for debugging purposes, reviewed periodically
Beta signup emails — retained until you request removal

9. Your rights (GDPR / UK GDPR)

You have the right to:

Access — request a copy of all data we hold about you
Rectification — correct any inaccurate data
Erasure — request deletion of your account and all associated data
Data portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interest
Withdraw consent — for push notifications (via iOS Settings) or Tesla access (via Tesla account settings)

To exercise any of these rights, email hello@ember-ev.co.uk. We will respond within 30 days.

10. Children's privacy

Ember is not intended for use by anyone under the age of 17. We do not knowingly collect data from children.

11. Security

We take appropriate technical measures to protect your data:

All data transmission is encrypted via TLS
Tesla OAuth tokens are stored encrypted at rest
The app uses Face ID / biometric authentication to prevent unauthorised access
Row Level Security (RLS) ensures users can only access their own data
Vehicle commands are signed using Tesla's Vehicle Command Protocol
No sensitive data is ever logged — VINs are truncated, tokens are never logged

12. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via the app or email. The "last updated" date at the top reflects the most recent revision.

13. Contact

For any privacy-related questions or requests:

Email: hello@ember-ev.co.uk