T TOSTViewer tostviewer.de
DE EN

Privacy Policy

Privacy Policy for TOSTViewer (App & Website)

This privacy policy applies to both the website tostviewer.de and the iPhone app TOSTViewer.

1. Controller

Responsible for data processing within the meaning of the General Data Protection Regulation (GDPR):

Jan Gerster
Hauptstr. 53
79787 Lauchringen
Germany
Email: info@hosting-fox.de

2. What data is collected?

The app and website collect and process data only as necessary for their features. The scope depends on which features you enable:

a) Tesla Account Data

When you sign in, the app receives OAuth tokens from Tesla to authenticate API requests (scopes: openid, email, offline_access, user_data, vehicle_device_data). These tokens are stored securely in the iOS Keychain. The app fetches your order information (model, status, dates, delivery center, configuration, option codes) directly from Tesla's servers. If enabled, financing details (monthly payments, interest rates, loan terms) are also retrieved.

b) Existing Vehicles & Live Data

If enabled, the app fetches your registered vehicles and their live telemetry from Tesla's API. This includes: VIN, vehicle state, battery level, estimated range, odometer reading, charging status, GPS coordinates (vehicle location, not device location), speed, heading, tire pressures, climate settings, software version, and vehicle configuration (color, wheels, trim). This data is stored locally on your device and can be sent to the Stats server if Stats consent is active.

c) Change History

The app locally tracks changes to your orders over time (status updates, delivery window changes, configuration changes). This data is stored only on your device.

d) Stats / Comparison (Opt-In)

If you grant consent, anonymized data is sent to the stats server for community comparisons. For orders, this includes: model, configuration, order date, expected delivery window, delivery center, status, option codes, and a VIN-assigned flag (true/false only). For existing vehicles, this includes: an anonymized vehicle fingerprint (SHA256 hash), model, state, battery level, range, odometer, charging status, software version, and vehicle configuration. A unique device identifier (UUID) is transmitted for deduplication.

On the server, technical timestamps are additionally stored for: last received update, first VIN assignment, and last delivery-window change.

The stats payload does NOT include: real names, email addresses, phone numbers, postal addresses, actual VIN numbers, payment amounts, or financing details.

e) Bugs & Ideas (Opt-In)

If you enable this feature, the app transmits your anonymized device ID and any content you submit (ideas, votes, comments, support tickets). Your IP address is automatically transmitted with each request and is required for moderation, spam protection, and vote integrity.

f) Blog (Opt-In)

If you enable the blog, the app transmits your anonymized device ID, your chosen username, and content you submit (posts, comments, likes, and up to 4 images per post). Your IP address is transmitted automatically with each request. Blog content may be translated using AI (OpenAI) on the app operator's server. When a translation is requested, the relevant text is sent to the server, where it is translated and returned to the app.

g) Community Identity (Optional)

You can optionally link your community profile across features using Sign in with Apple. When used, a SHA256 hash of your Apple user ID is generated as an anonymous identity key. Your Apple email is requested but not required and is not stored on the app developer's servers.

h) Background Refresh

If enabled, the app periodically refreshes your order and vehicle data in the background (approximately every 2 hours) and may send local notifications about detected changes. No data is sent to external servers during background refresh unless Stats consent is active.

i) In-App Purchases (Tip Jar)

Purchase transactions are handled entirely by Apple via StoreKit. No purchase data is sent to the app developer's servers. The app only stores a local flag indicating whether a purchase was made.

j) Vehicle Handover Documentation

The app creates a handover report during vehicle pickup with inspection points, photos, and optional notes. Completed reports receive a verification code that can be used to verify the document's authenticity at tostviewer.de/verify.php. The report stores the model, masked VIN (partially hidden), inspection status, and creation date.

k) Website (tostviewer.de)

The website does not collect personal data. No cookies are set (except an optional language preference cookie), no analytics or tracking tools are used, and no advertisements are displayed. The web server logs standard technical access data (IP address, timestamp, requested page, browser type) in log files. This data is used exclusively for ensuring technical operation and defending against attacks and is deleted after no more than 30 days.

3. How is your data stored?

  • Tesla access tokens are stored encrypted in the iOS Keychain (hardware-backed encryption via Secure Enclave, accessible after first device unlock).
  • Order data, vehicle data (including live telemetry), change history, and blog cache are stored locally in your app sandbox as JSON files.
  • User settings, preferences, and your anonymous device ID (UUID) are stored in standard UserDefaults.
  • Vehicle images are cached locally from Tesla's compositor servers.
  • If you enable Stats, anonymized comparison records (for orders and vehicles) are stored on a server located in Germany.
  • Blog posts, ideas, and support tickets are stored on a server located in Germany.
  • Without explicit consent, no data is transmitted to external servers (except Tesla's own servers for order and vehicle data retrieval).

4. Third-party services

The app communicates with the following services:

  • Tesla, Inc. (auth.tesla.com, owner-api.teslamotors.com, akamai-apigateway-vfx.tesla.com, static-assets.tesla.com): Authentication, order data retrieval, vehicle telemetry, and vehicle images. Tesla's privacy policy applies to data processed by Tesla.
  • App operator's server (hosting-fox.de): Stats comparisons, blog, ideas, support, and document verification. Only used when respective consent is granted (except verification, which is publicly accessible).
  • Apple (StoreKit, Sign in with Apple): In-app purchase handling and optional identity linking. Apple's privacy terms apply.
  • OpenAI (via app operator's server): Blog content translations are performed using OpenAI's API on the app operator's server. Only the text to be translated is processed; no personal data is sent to OpenAI.
  • QR code service (api.qrserver.com): For generating QR codes in handover reports. Only the verification URL is transmitted.

The app does NOT use any analytics SDKs, advertising networks, crash reporting services, or device location services. No data is shared for advertising, tracking, or profiling purposes.

5. Legal basis (Art. 6 GDPR)

  • Consent (Art. 6(1)(a)): Stats/Comparison data submission, Blog participation, Ideas & Support features. You can withdraw consent at any time in the app settings.
  • Contract performance (Art. 6(1)(b)): Processing of Tesla account data required to provide the app's core order-tracking functionality.
  • Legitimate interests (Art. 6(1)(f)): Technical processing such as IP address logging for spam protection and service security, anonymous device identifiers for deduplication, server log files for website protection.

6. Notifications

  • All notifications are generated locally on your device. No push notification servers or cloud messaging services are used.
  • If you enable local notifications, the app will notify you when changes to your orders are detected during background refresh.
  • In-app notifications for blog activity, ideas updates, and support ticket changes are processed locally based on data fetched from the server.

7. Data security

  • All network communication is encrypted via HTTPS (TLS 1.2 or higher).
  • Authentication tokens are stored in the secure iOS Keychain with hardware-backed encryption.
  • The app does not use tracking or analytics SDKs.
  • No advertisements are shown.
  • Device identifiers used for Stats, Ideas, and Blog are anonymized UUIDs that cannot be traced back to your person.
  • Website database access is protected against SQL injection through prepared statements.

8. Your rights (GDPR)

Under the GDPR, you have the right to:

  • Access: Request information about what data is stored about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data.
  • Restriction: Request restricted processing.
  • Data portability: Receive your data in a structured format.
  • Object: Object to data processing.

Contact: info@hosting-fox.de

To remove all local data, sign out in the app or uninstall the app. For Stats, you can revoke consent and use "Delete My Data from Server" in the settings to remove server-side records. Blog posts and ideas you have authored remain on the server; contact us to request their deletion.

9. Data retention

  • Local data (tokens, orders, history, cache) is retained until you sign out, clear it manually, or uninstall the app.
  • Server-side comparison records are retained until you request deletion or revoke consent.
  • User-authored content (blog posts, ideas, support tickets) is retained on the server until deletion is requested.
  • In-app purchase records are managed by Apple according to their retention policies.
  • Website server log files are deleted after no more than 30 days.

10. Children's privacy

This app and website are not directed at children under 16. We do not knowingly collect personal data from children.

11. Changes to this policy

This privacy policy may be updated from time to time. The latest version is always available in the app and on this website.

As of: March 2026


← TOSTViewer