Privacy
Last updated 2026-06-01
Who we are
EV Charging History is a personal/hobby project run by Marat Dyatko (i@marat.online). It is not affiliated with, endorsed by, or sponsored by AB Volvo, Volvo Car Group, Volvo Car USA LLC, or any other Volvo company. The Volvo trademark and the names of Volvo APIs are used only to describe their owner.
What data we hold
- Your Volvo ID subject identifier (the
subclaim from your OAuth ID token). We use it as our user identifier. - Your VIN listand per-vehicle details fetched from Volvo's Connected Vehicle API: model, year, fuel type, exterior colour, battery capacity, gearbox, upholstery, steering side, exterior/interior image URLs.
- A growing log of energy-state snapshots (battery %, range, plug status, charging status, charging power, target SOC, current limit) and the derived charging-session rows (start/end times, SOC delta, kWh, start/end coordinates).
- When a session has coordinates, a coarse place label ("Area · City", never a street address) derived by sending the rounded coordinate to Google's Geocoding API. It's kept in a shared, location-keyed cache — keyed by the rounded (~111 m) coordinate, not by you or your VIN — so a given spot is resolved once and reused. See Maps & geocoding below.
- The time of your last sign-in or dashboard view. We use it to decide how often to poll your vehicle — more frequently while you're actively using the app.
- Your OAuth refresh and access tokens, encrypted at rest with AES-256-GCM. Used solely to call Volvo's APIs on your behalf.
- Your VCC API key and OAuth client credentials, encrypted at rest. Required to authenticate against Volvo's APIs.
We do not store your Volvo ID password or email. We do not embed third-party analytics, advertising, or tracking scripts. The only third-party code we ever load in your browser is Google Maps — on the dashboard, only when you have charging locations to plot, and only to draw the map (see Maps & geocoding below).
Where it lives
All data is processed in Google Cloud, region europe-north1(Stockholm, Sweden). Sub-processors: Google Cloud Run (compute), Cloud SQL for PostgreSQL (storage), Secret Manager (encryption keys), Cloud Scheduler (polling timer), Cloud Logging (operational logs, redacted to last-4 VIN). All of your stored data lives in the EU. The one outbound exception is the Maps & geocoding feature described below, which shares coordinates with Google Maps Platform outside the EU.
Maps & geocoding
To turn raw charging coordinates into something readable, we use Google Maps Platform in two places:
- Reverse geocoding (server-side). When a session has a location, we send the roundedcoordinate (~111 m grid) to Google's Geocoding API to get a coarse "Area · City" label, then cache it. We never send your full-precision position, and we only ask for an area and city — never a street address.
- The dashboard map (in your browser).When you have charging locations to plot, the dashboard loads Google's Maps JavaScript to draw them. Your browser talks to Google directly, so Google receives your IP address and the coordinates being shown, and may set its own cookies. The map loads only when there's something to plot; the rest of the app works without it.
Google Maps Platform is therefore a sub-processor, and these two calls are the only time your data is processed outside the EU. That transfer relies on Google's Standard Contractual Clauses and its EU–US Data Privacy Framework certification. Google's handling of this data is governed by its own privacy policy. If no Google Maps key is configured, both features stay off and no coordinates are shared.
Why we hold it (legal basis)
Consent (GDPR Art. 6(1)(a)), granted when you complete the OAuth flow at volvoid.eu.volvocars.com and accept the scopes we request:openid, energy:state:read, energy:capability:read,conve:vehicle_relation, location:read.
How long
Until you delete your account. Operational logs in Cloud Logging are rotated out by Google after 30 days. We do not back up the database; nothing to retain beyond live rows.
Your rights
- Access / portability — download everything we have on you as JSON: /api/account/export.
- Erasure — from the dashboard, hit Sign out, then sign back in and use Delete account. One click drops every row we have for you and revokes your refresh token at Volvo.
- Withdrawal of consent— sign out: we revoke your refresh token at Volvo and drop our copy. Volvo's side stops trusting any old access tokens we may still be holding.
- Rectification— the vehicle details (model, year, etc.) come directly from Volvo. We refresh them at sign-in. If they're wrong, fix them in the Volvo Cars app and sign in again.
- Complaints — you have the right to lodge a complaint with the Swedish data-protection authority (IMY).
Security
Sensitive fields (tokens, secrets, VCC API key, OAuth client secret) are encrypted with AES-256-GCM before being written to PostgreSQL. The encryption key lives in Google Secret Manager, only accessible by the running service. Traffic between your browser and the app is TLS-only.
Cookies
One first-party session cookie (volvo_charging_session), HTTP-only, encrypted and signed by the server using iron-session. We set no tracking or analytics cookies of our own. The only third-party cookies that can appear are Google's, set by the dashboard map when it loads (see Maps & geocoding above) — never on the public pages.
Contact
Questions or data requests: i@marat.online.