This site will obtain vehicle information for your Tesla using the Tesla owner's API. This is the same data your Tesla phone app uses.
To obtain this real-time information you must provide either your Tesla login credentials or an existing 64-byte token. If you provide login credentials they will be used just once to get an owner's API token from Tesla. Either way you login, your password and token will not be stored on this server. The token will be sent back to your browser as a cookie for future access.
Your Tesla account email and token will be stored in your browser as cookies for future access. Cookies stored in your browser are tagged with "Secure" to prevent accidental leakage via HTTP downgrade.
You may remove the stored token cookie from your browser by logging out or if using a shared computer remove all cookies.
All data sent to/from this server is via HTTPS. HTTP requests are automatically upgraded and HSTS is enabled to prevent downgrade attacks. As of Jan 2020 this server received an A+ rating from Qualys SSL Server Test.
Interaction between this server and Tesla's owners API is also over HTTPS. Your token will be encrypted between your browser and this server, and then from this server to Tesla's servers.
A Tesla owner's API token can be used to not only obtain status of your vehicle but also control it. Once obtained with your password, tokens are generally valid for 45 days.
If at any time you believe you have lost control of a token (from this or any other site), you can invalidate all outstanding tokens associated with your account by Resetting your Tesla password. All services (websites, Tesla app, etc...) will need to obtain new tokens next time you use them.