Frequently Asked Questions

Need help? Contact us

Security

We take security seriously and continue to look for improvements. If you find a security issue, please request our GPG key.

How do you host my data?

LastUnlock.com uses Amazon's AWS platform and infrastructure with two factor authentication via FIDO keys for access and all data is stored in an encrypted RDS database that is not publicly accessible.

How do you protect against attacks?

  • Application servers can be accessed only via SSL and use industry standard encryption for data traversing to and from our servers.
  • We utitilize the Cloudflare Web Application Firewall with a custom set of filtering rules.
  • We employ a variety of rate limiting techniques, some through Cloudflare Rate Limiting and others via application logic.
  • To protect against denial of service we leverage Cloudflare for their DDoS protection.
  • User input is properly encoded when displayed to prevent cross-site scripting, all submissions are checked via token for cross site request forgery (CSRF), and database queries are parameterized to prevent SQL injection.
  • We also ensure to regularly update underlying software libraries and frameworks as new releases arise, preventing code rot.

How do you access my Tesla?

  • You must have mobile access enabled in your vehicle via Controls > Safety > Mobile Access. If you currently use the official Tesla app it is already enabled.
  • You authenticate directly with Tesla using your credentials to generate an authentication token, the same method as the official Tesla mobile apps. The token provides limited access to your account.
  • Your username and password are never visible to nor stored by LastUnlock.com. We strive not to store any passwords - account login on our web is passwordless and requires clicking a link in your email for access.
  • The Tesla API token is not displayed on LastUnlock.com and can be revoked at any time by changing your Tesla password. If you do or are forcefully logged out from the Tesla app you will need to reauthorize our access from the dashboard.

Payments

How do you process payments?

  • All credit card processing and transactions are conducted through a third-party: Stripe - a PCI-DSS Level 1 Service Provider.
  • Full payment information is not stored or available to LastUnlock.com.
  • Stripe access is protected by two factor authentication.

Can I get a refund?

Absolutely, we offer a 30 day money-back guarantee - please contact support.

How do I cancel my account?

The dashboard provides self-serve billing management to cancel at anytime and to view receipts for past payments. When a plan is cancelled, we remove all tokens and access logs. Billing history is kept for compliance purposes.

Usage

Do I need to remember a phone number?

No. You can always visit the website and click the "Locked Out" button in the navigation bar to see our toll-free number to text for help. You only need your email and the code from the dashboard, please memorize them.

How do I login?

Provide your email on the login page to receive a link to the dashboard, no passwords. You should remember the code shown in the dashboard which is used over text messaging to access the account.

Can someone guess my access code over text?

If there are too many login attempts over SMS for your email address, we lock the account to secure it for a variable length of time.

I texted the number and it did not ask for a code?

If you have recently authenticated from a given phone number, the session stays active for about an hour to make further commands easier.

If I use this from someone else's phone, won't they know see my code?

We recommend changing your code via the dashboard if you suspect someone else saw it. It is also a good idea to delete the SMS conversation from the other person's device once you are done.

How long is my car enabled for keyless driving?

If you successfully authenticate, you must begin driving within about 2 minutes. If the car is not shifted out of Park in that time, keyless drive will be disabled and you will need to re-authenticate.