When you, as a user, enter your credentials, tado° receives a token from the API of the car brand you filled in. We encrypt this token and store it. This token is a unique key that is used to communicate with your car. We use this token to retrieve data (your battery status) from the car and to send commands (start and stop charging) to the car.
Because we know how important safety and privacy are for you, we only store this token and not your connected car credentials. Therefore, we do not have access to your car’s account password and username.
Question: When you store the login tokens (encrypted) to be able to start and stop charging, does that mean that if your database and encryption keys are hacked, thieves can basically start my car and drive away?
Answer: No, that is not possible. The encryption key used to encrypt the tokens are not in our database. That means that even in the unlikely event that someone would obtain this encrypted token, it is not usable to communicate with your car.