Hey everybody, thanks for your interest in Carmiq. I'm Haydn, one of the co-founders. Of course, user security is a paramount consideration of ours. The authorization process is a standard 'OAuth' that is hosted on Tesla servers. Therefore, we never have access to view/store the Tesla account credentials. When you input your account credentials, we receive the same token that provides temporary and limited access to the account. This is the same process used when you sign up to a site using Facebook or Google. While allowing users to input a token is a possibility, doing so does not actually provide any security advantages and requires users to generate their own token (through a different third-party site).
Many of Carmiq's features rely on individual data from users' Teslas, which is why we require this information to sign up. All vehicle API calls are done through the official Tesla fleet API's, which we have been granted a license to use. Furthermore, all features/data-sharing must be explicitly opted in to by the user. Carmiq will never spam you with ads for services or share your data without your permission.
If anybody has any additional questions, please respond below or direct message me and I'll be happy to answer.
Thanks!