Privacy Policy

Last updated: 2026-05-25

---

1. Data Controller

IAmSmart is the data controller for the processing of your personal data. If you have questions about how we handle your data, you can contact us by email at support@iamsmart.se.

2. What data do we collect?

We collect the following personal data when you register an account:

• Email address
• First and last name
• Phone number
• Address, postal code, city and country

When you connect a vehicle, we also process:

• Vehicle VIN number and display name
• Vehicle status (battery level, charging status, position and driving status via Tesla/Volvo API)
• API access tokens for Tesla and Volvo (stored encrypted)
• Charging schedules and charger settings linked to your account

We also store technical error logs that may contain your user ID and technical information about system errors.

3. Why do we process your data?

We process your data for the following purposes:

• Provision of the service – so that you can log in, manage vehicles, chargers and schedules (legal basis: contract, GDPR art. 6.1 b)
• Email confirmation and notifications – to verify your email address and send relevant messages (legal basis: contract)
• Security and troubleshooting – technical error logs to improve and secure the service (legal basis: legitimate interest, GDPR art. 6.1 f)

4. Third parties we share data with

We share data with the following third parties only to the extent required for the service to function:

• Tesla, Inc. – to retrieve and control vehicle data via Tesla Owner API (your tokens are stored encrypted)
• Volvo Cars Corporation – to retrieve and control vehicle data via Volvo Cars API
• Tibber AS – to retrieve current electricity prices (no personal data is sent)
• Loopia AB – email provider for system messages (e.g. email confirmation)

We never sell your data to third parties.

5. Cookies

We only use necessary cookies that are required for the service to function:

• .AspNetCore.Identity.Application – keeps you logged in (session or persistent, depending on the Remember me option)
• .AspNetCore.Antiforgery.* – protects against CSRF attacks
• .AspNetCore.Culture – saves your language preference (Swedish/English)

No tracking, analytics or marketing cookies are used. Necessary cookies do not require consent under the Electronic Communications Act (LEK).

6. How long do we store your data?

• Account details – stored until you choose to delete your account
• Vehicle data and charging history – stored until you choose to delete your account
• Error logs (ExceptionLog) – automatically deleted after 90 days
• API tokens – deleted when you disconnect the vehicle or delete your account

7. Your rights

Under GDPR, you have the following rights:

• Right of access – you can download your data via Personal data
• Right to erasure – you can delete your account via Delete account
• Right to rectification – you can update your data via Profile
• Right to data portability – download your data as JSON via the personal data page
• Right to lodge a complaint – you can file a complaint with the Swedish Authority for Privacy Protection (IMY)

8. Security

We protect your data with encryption at rest and in transit (HTTPS/TLS). API tokens for Tesla and Volvo are stored encrypted using ASP.NET Data Protection. Passwords are never stored in plaintext but as cryptographic hash values.

9. Contact

Do you have questions about this policy or wish to exercise your rights? Contact us at support@iamsmart.se.