Privacy Policy

Last updated: 10 April 2026

PowerSync ("we", "us", "our") is a Home Assistant integration and supporting cloud service for optimizing the operation of home battery and solar systems. This privacy policy describes what data we collect when you use the PowerSync cloud authentication service at powersync.cc, why we collect it, and how we handle it.

What we collect

When you sign in with your Tesla account through PowerSync, we receive and store the following from Tesla:

• Your Tesla account user ID and email address
• An OAuth refresh token issued by Tesla on your behalf
• The IDs of the energy sites (Powerwalls) on your Tesla account
• The Tesla regional API endpoint your account belongs to

When PowerSync running in your Home Assistant instance makes API calls through our service, we may also temporarily log:

• The IP address of the calling client (for abuse prevention)
• The time and Tesla API endpoint accessed (for rate limiting and debugging)

Why we collect it

We collect the above strictly to provide the PowerSync authentication and proxy service:

• The refresh token allows us to obtain fresh Tesla API access tokens when the previous one expires, so your Home Assistant integration keeps working without you having to re-authenticate every 8 hours.
• Energy site IDs are needed to route API requests to the correct device.
• The regional endpoint determines which Tesla Fleet API server we forward requests to.
• IP address and timing logs are used to prevent abuse and to help diagnose service issues.

What we don't collect

• We do not collect or store the actual energy data your Powerwall produces. That data flows directly between your Home Assistant instance and Tesla through our proxy and is not retained.
• We do not store your Tesla password — Tesla handles authentication entirely on its own login page.
• We do not use cookies, tracking pixels, or analytics on this website.
• We do not sell, share, or monetize any user data.

Data storage and security

Refresh tokens and account metadata are stored in encrypted-at-rest key-value storage on Cloudflare's global network. Access to this storage is restricted to the PowerSync service worker. Tokens are transmitted over TLS only.

Data retention and deletion

We retain your refresh token and account metadata until you revoke access. You can revoke access at any time by:

• Removing the PowerSync integration from your Home Assistant instance, or
• Visiting Tesla's third-party apps page and revoking PowerSync's access, or
• Emailing us at dev@powersync.cc requesting account deletion

When you revoke access, your refresh token is deleted from our storage immediately. Temporary log entries (IP address, request times) are automatically purged after 30 days.

Third parties

The PowerSync cloud service relies on the following third parties:

• Tesla, Inc. — to authenticate your account and access the Fleet API. Tesla's privacy policy applies to data they hold.
• Cloudflare, Inc. — to host this website, serve API traffic, and store encrypted refresh tokens. Cloudflare's privacy policy applies to data they hold on our behalf.

Children

PowerSync is not directed at children under 16 and we do not knowingly collect personal data from them.

Changes to this policy

If we make material changes we will update the "Last updated" date at the top of this page and, where reasonable, notify users via the integration.

Contact

For privacy questions or data deletion requests, contact dev@powersync.cc.

PowerSync is operated by Ben Boller (sole trader) in Australia.