Privacy Policy
Last updated: July 4, 2026
Overview
Vesio is an iPhone app that sends you push notifications when your Tesla's Sentry Mode reports activity (Aware or Panic) via Fleet Telemetry. This Privacy Policy describes how the Vesio mobile app, vesio.dev (this website), and the associated telemetry server handle information.
Vesio is a personal tool for one car and one user. We do not operate a Vesio user account database. The app is available to Tesla owners internationally.
The data controller for Vesio is the individual developer who publishes the app and this site (contact details in the Contact section).
Information the app stores on your device
The Vesio app stores the following locally on your iPhone using Apple's on-device storage (UserDefaults) and the Keychain:
- Recent Sentry events (state, received time, and related metadata)
- App preferences (theme, accent palette, alert toggles for Aware and Panic, and related settings)
- Whether you completed the welcome flow
- Tesla OAuth access and refresh tokens (Keychain)
- Your Apple Push Notification device token (until you reinstall or revoke push)
Information processed on our servers
Vesio uses server infrastructure in two places:
- Vercel (vesio.dev) — Tesla OAuth token exchange (Client Secret stays server-side), OAuth callback redirect, contact form delivery, and Tesla partner public key hosting.
- Telemetry server (separate from Vercel) — Receives Fleet Telemetry `SentryMode` events from your car, stores your APNs device token, and sends push notifications to your iPhone when Aware or Panic is reported.
- Contact form — If you submit the form at `/contact` or in the Vesio app (Settings → Contact), we receive your name, email, and message. The API route forwards them by email to the developer inbox via Resend.
During those requests, standard web logs may include your IP address, user agent, and request metadata. We do not use this to build profiles or sell data.
The telemetry server processes your vehicle identification number (VIN), Sentry state changes, and push token. It does not receive camera footage, location trails, or dashcam clips.
Information we do not collect
Connect Tesla is required for Vesio to work. The welcome flow blocks until OAuth succeeds. You can disconnect Tesla in Settings, which stops alerts until you reconnect.
- No Vesio-operated social network or advertising profile
- No sale or sharing of personal data with advertisers or data brokers
- No analytics or advertising SDK in the app (as of the date above)
- No access to Tesla Live Camera streams, Sentry clips, or dashcam footage
- No background polling of your Tesla vehicle for Sentry state
Tesla connection
Vesio uses Tesla's OAuth service during welcome setup and in Settings → Connect Tesla. Tokens stay in your iPhone Keychain.
With your permission, Vesio calls the Tesla Fleet API to show your vehicle name, pair a virtual key, and provision Fleet Telemetry configuration on the car. Tesla processes your sign-in and vehicle data under Tesla's own privacy policy and terms. Vesio is not affiliated with Tesla, Inc.
Disconnect Tesla in Settings at any time to remove tokens. Alerts stop until you reconnect and complete setup again.
Location
The Sentry notifier does not require iPhone location permission for core alerts. Vesio does not monitor geofences or upload a continuous location trail.
If future features add optional location use, we will update this policy and request permission in the app first.
Notifications
Vesio sends remote push notifications via Apple Push Notification service (APNs) when your telemetry server receives Sentry activity from your car. Notification content includes the Sentry state and time.
You can disable notifications for Vesio in iOS Settings at any time. Alerts also depend on your car having cellular or Wi-Fi connectivity at event time.
Legal bases (EEA, UK, and similar laws)
Where GDPR or similar laws apply, we rely on the following bases:
- Performance of a service you request — connecting Tesla, provisioning telemetry, delivering Sentry alerts, and storing recent events on your device
- Consent — push notifications and Tesla OAuth (you initiate each in iOS or the app)
- Legitimate interests — operating OAuth and telemetry infrastructure, securing servers, and responding to support requests, balanced against your rights
Processors and third parties
We use the following categories of service providers. They process data only as needed to provide their service:
- Apple — app distribution, on-device storage, Keychain, and Apple Push Notification service
- Tesla — OAuth sign-in, Fleet API, Fleet Telemetry streaming, and virtual key pairing
- Vercel — website hosting, OAuth callback redirect, token exchange API route, contact form API route, and infrastructure logs
- Resend — email delivery for contact form submissions to the developer inbox
- Telemetry hosting provider — receives Fleet Telemetry and forwards push (self-hosted or VPS; details in server documentation)
International transfers
If you use Vesio outside the country where our infrastructure runs, limited data (such as OAuth exchange requests, telemetry events, push tokens, and website logs) may be processed in the United States or other regions where our providers operate.
Tesla may process data according to its own global infrastructure. Review Tesla's documentation for details.
Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability or withdrawal of consent.
Because Vesio stores recent events and preferences on your device, you can disconnect Tesla, revoke iOS permissions, or uninstall the app to remove local data (subject to iOS and backup behavior). Alert history has no in-app clear button today.
For server-side data (push tokens, telemetry logs), contact us using the details in the Contact section. We will respond within a reasonable time as required by applicable law.
EEA/UK users may lodge a complaint with their local supervisory authority. Israeli users may contact the Privacy Protection Authority (PPA) regarding applicable matters.
California (CCPA/CPRA)
We do not sell or share personal information for cross-context behavioral advertising.
Categories we process may include identifiers (device token, VIN), vehicle telemetry (Sentry state), and app interaction data.
California residents may request access to or deletion of personal information we hold about them. Contact us via the form on this site.
Israel (if applicable)
If you use Vesio from Israel, Israel's Privacy Protection Law, 5741-1981, and regulations may give you additional rights regarding personal data held about you.
Server-side processing is limited to OAuth token exchange, Fleet Telemetry reception, push delivery, contact form email, and standard hosting logs as described above.
A Hebrew summary of key points follows for convenience. If there is a conflict, the English version of this policy controls unless mandatory local law requires otherwise.
סיכום בעברית (Hebrew summary)
Vesio שולח התראות Push כשמצב Sentry ברכב Tesla משתנה (Aware או Panic) דרך Fleet Telemetry.
חיבור Tesla נדרש. אסימוני OAuth נשמרים ב-Keychain. שרת טלמטריה נפרד מקבל אירועי Sentry ושולח Push דרך Apple.
אין גישה לצילומי Dashcam או Sentry. אין מכירת מידע ואין פרסומות.
למחיקת נתונים מקומיים: נתק Tesla, בטל הרשאות ב-iOS, או הסר את האפליקציה. אין כפתור מחיקת היסטוריית התראות באפליקציה כיום.
שאלות פרטיות: טופס יצירת קשר באתר (/contact).
This website
This marketing site is informational. It does not use sign-in or third-party advertising analytics.
We store your accent color preference in browser localStorage (`vesio.accentPalette`) for appearance only. It is not used for tracking.
The contact form at `/contact` or in the Vesio app (Settings → Contact) sends your name, email, and message to us via Resend email delivery (see Information processed on our servers).
If hosted on Vercel, standard web server logs (IP address, user agent, requested URL) may be processed for hosting and security.
Data retention and deletion
Recent Sentry events and preferences remain on your iPhone until you disconnect Tesla, uninstall the app, or remove the app data through iOS. There is no in-app control to clear alert history today.
Push tokens and telemetry logs on the server are retained only as long as needed to deliver alerts and operate the service. Contact us to request deletion of server-side data tied to your device.
OAuth server logs on Vercel follow Vercel's default retention for project logs. Contact form messages are delivered to the developer email inbox via Resend and retained according to that email provider's settings.
Uninstalling Vesio removes locally stored app data from your device, subject to iOS behavior and any device backups you maintain.
Children
Vesio is not directed at children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children.
Changes
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be posted here before or when they take effect where practicable.
Contact
Privacy questions and data-rights requests: use the contact form at vesio.dev/contact. We do not publish a public support email on this site.
For accessibility feedback, see the Accessibility page.