Skip to content
Legal

Privacy Policy

Last updated: July 5, 2026

Overview

Spectivox is an iPhone app that sends you push notifications when your Tesla's Sentry Mode reports activity (Aware or Panic) via Fleet Telemetry. This Privacy Policy describes how the Spectivox mobile app, spectivox.com (this website), and the associated telemetry server handle information.

Spectivox is a personal tool for one car and one user. We do not operate a Spectivox user account database. The app is available to Tesla owners internationally.

The data controller for Spectivox is the individual developer who publishes the app and this site (contact details in the Contact section).

Information the app stores on your device

The Spectivox app stores the following locally on your iPhone using Apple's on-device storage (UserDefaults) and the Keychain:

  • Recent Sentry events (state, received time, and related metadata)
  • App preferences (theme, accent palette, alert toggles for Aware and Panic, and related settings)
  • Whether you completed the welcome flow
  • Tesla OAuth access and refresh tokens (Keychain)
  • Your Apple Push Notification device token (until you reinstall or revoke push)

Information processed on our servers

Spectivox uses server infrastructure in two places:

  • Vercel (spectivox.com) — Tesla OAuth token exchange (Client Secret stays server-side), OAuth callback redirect, contact form delivery, and Tesla partner public key hosting.
  • Telemetry server (separate from Vercel) — Receives Fleet Telemetry `SentryMode` events from your car, stores your APNs device token, and sends push notifications to your iPhone when Aware or Panic is reported. When you enable Sentry schedule, it also stores your time-based schedule rules and an opt-in Tesla refresh token (cleared when you stop the schedule or disconnect Tesla) so it can run `set_sentry_mode` at your chosen times.
  • Contact form — If you submit the form at `/contact` or in the Spectivox app (Settings → Contact), we receive your name, email, and message. The API route forwards them by email to the developer inbox via Resend.

During those requests, standard web logs may include your IP address, user agent, and request metadata. We do not use this to build profiles or sell data.

The telemetry server processes your vehicle identification number (VIN), Sentry state changes, and push token. It does not receive camera footage or dashcam clips.

Information we do not collect

Connect Tesla is required for Spectivox to work. The welcome flow blocks until OAuth succeeds. You can disconnect Tesla in Settings, which stops alerts until you reconnect.

  • No Spectivox-operated social network or advertising profile
  • No sale or sharing of personal data with advertisers or data brokers
  • No analytics or advertising SDK in the app (as of the date above)
  • No access to Tesla Live Camera streams, Sentry clips, or dashcam footage
  • No background polling of your Tesla vehicle for Sentry state

Tesla connection

Spectivox uses Tesla's OAuth service during welcome setup and in Settings → Connect Tesla. Tokens stay in your iPhone Keychain.

With your permission, Spectivox calls the Tesla Fleet API to show your vehicle name, pair a virtual key, and provision Fleet Telemetry configuration on the car. Tesla processes your sign-in and vehicle data under Tesla's own privacy policy and terms. Spectivox is not affiliated with Tesla, Inc.

Disconnect Tesla in Settings at any time to remove tokens. Alerts stop until you reconnect and complete setup again.

Location

The Sentry notifier does not require iPhone location permission. Spectivox does not use your iPhone GPS or saved map places for schedule automation.

Notifications

Spectivox sends remote push notifications via Apple Push Notification service (APNs) when your telemetry server receives Sentry activity from your car. Notification content includes the Sentry state and time.

You can disable notifications for Spectivox in iOS Settings at any time. Alerts also depend on your car having cellular or Wi-Fi connectivity at event time.

Legal bases (EEA, UK, and similar laws)

Where GDPR or similar laws apply, we rely on the following bases:

  • Performance of a service you request — connecting Tesla, provisioning telemetry, delivering Sentry alerts, and storing recent events on your device
  • Consent — push notifications and Tesla OAuth (you initiate each in iOS or the app)
  • Legitimate interests — operating OAuth and telemetry infrastructure, securing servers, and responding to support requests, balanced against your rights

Processors and third parties

We use the following categories of service providers. They process data only as needed to provide their service:

  • Apple — app distribution, on-device storage, Keychain, and Apple Push Notification service
  • Tesla — OAuth sign-in, Fleet API, Fleet Telemetry streaming, and virtual key pairing
  • Vercel — website hosting, OAuth callback redirect, token exchange API route, contact form API route, and infrastructure logs
  • Resend — email delivery for contact form submissions to the developer inbox
  • Telemetry hosting provider — receives Fleet Telemetry and forwards push (self-hosted or VPS; details in server documentation)

International transfers

If you use Spectivox outside the country where our infrastructure runs, limited data (such as OAuth exchange requests, telemetry events, push tokens, and website logs) may be processed in the United States or other regions where our providers operate.

Tesla may process data according to its own global infrastructure. Review Tesla's documentation for details.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability or withdrawal of consent.

Because Spectivox stores recent events and preferences on your device, you can disconnect Tesla, revoke iOS permissions, or uninstall the app to remove local data (subject to iOS and backup behavior). Alert history has no in-app clear button today.

For server-side data (push tokens, telemetry logs), contact us using the details in the Contact section. We will respond within a reasonable time as required by applicable law.

EEA/UK users may lodge a complaint with their local supervisory authority. Israeli users may contact the Privacy Protection Authority (PPA) regarding applicable matters.

California (CCPA/CPRA)

We do not sell or share personal information for cross-context behavioral advertising.

Categories we process may include identifiers (device token, VIN), vehicle telemetry (Sentry state), and app interaction data.

California residents may request access to or deletion of personal information we hold about them. Contact us via the form on this site.

Israel (if applicable)

If you use Spectivox from Israel, Israel's Privacy Protection Law, 5741-1981, and regulations may give you additional rights regarding personal data held about you.

Server-side processing is limited to OAuth token exchange, Fleet Telemetry reception, push delivery, contact form email, and standard hosting logs as described above.

Israeli users may contact the Privacy Protection Authority (PPA) regarding applicable matters. This policy is published in English only.

This website

This marketing site is informational. It does not use sign-in or third-party advertising analytics.

We store your accent color preference in browser localStorage (`spectivox.accentPalette`) for appearance only. It is not used for tracking.

The contact form at `/contact` or in the Spectivox app (Settings → Contact) sends your name, email, and message to us via Resend email delivery (see Information processed on our servers).

If hosted on Vercel, standard web server logs (IP address, user agent, requested URL) may be processed for hosting and security.

Data retention and deletion

Recent Sentry events and preferences remain on your iPhone until you disconnect Tesla, uninstall the app, or remove the app data through iOS. There is no in-app control to clear alert history today.

Push tokens and telemetry logs on the server are retained only as long as needed to deliver alerts and operate the service. Contact us to request deletion of server-side data tied to your device.

OAuth server logs on Vercel follow Vercel's default retention for project logs. Contact form messages are delivered to the developer email inbox via Resend and retained according to that email provider's settings.

Uninstalling Spectivox removes locally stored app data from your device, subject to iOS behavior and any device backups you maintain.

Children

Spectivox is not directed at children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children.

Changes

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be posted here before or when they take effect where practicable.

Contact

Privacy questions and data-rights requests: use the contact form at spectivox.com/contact. We do not publish a public support email on this site.

For accessibility feedback, see the Accessibility page.