EV·ChargingHistory

Privacy

Last updated 2026-06-01

Who we are

EV Charging History is a personal/hobby project run by Marat Dyatko (i@marat.online). It is not affiliated with, endorsed by, or sponsored by AB Volvo, Volvo Car Group, Volvo Car USA LLC, or any other Volvo company. The Volvo trademark and the names of Volvo APIs are used only to describe their owner.

What data we hold

We do not store your Volvo ID password or email. We do not embed third-party analytics, advertising, or tracking scripts. The only third-party code we ever load in your browser is Google Maps — on the dashboard, only when you have charging locations to plot, and only to draw the map (see Maps & geocoding below).

Where it lives

All data is processed in Google Cloud, region europe-north1(Stockholm, Sweden). Sub-processors: Google Cloud Run (compute), Cloud SQL for PostgreSQL (storage), Secret Manager (encryption keys), Cloud Scheduler (polling timer), Cloud Logging (operational logs, redacted to last-4 VIN). All of your stored data lives in the EU. The one outbound exception is the Maps & geocoding feature described below, which shares coordinates with Google Maps Platform outside the EU.

Maps & geocoding

To turn raw charging coordinates into something readable, we use Google Maps Platform in two places:

Google Maps Platform is therefore a sub-processor, and these two calls are the only time your data is processed outside the EU. That transfer relies on Google's Standard Contractual Clauses and its EU–US Data Privacy Framework certification. Google's handling of this data is governed by its own privacy policy. If no Google Maps key is configured, both features stay off and no coordinates are shared.

Why we hold it (legal basis)

Consent (GDPR Art. 6(1)(a)), granted when you complete the OAuth flow at volvoid.eu.volvocars.com and accept the scopes we request:openid, energy:state:read, energy:capability:read,conve:vehicle_relation, location:read.

How long

Until you delete your account. Operational logs in Cloud Logging are rotated out by Google after 30 days. We do not back up the database; nothing to retain beyond live rows.

Your rights

Security

Sensitive fields (tokens, secrets, VCC API key, OAuth client secret) are encrypted with AES-256-GCM before being written to PostgreSQL. The encryption key lives in Google Secret Manager, only accessible by the running service. Traffic between your browser and the app is TLS-only.

Cookies

One first-party session cookie (volvo_charging_session), HTTP-only, encrypted and signed by the server using iron-session. We set no tracking or analytics cookies of our own. The only third-party cookies that can appear are Google's, set by the dashboard map when it loads (see Maps & geocoding above) — never on the public pages.

Contact

Questions or data requests: i@marat.online.