The privacy policy for my apps is very simple:  They collect no data they don't have to.  They store no data they don't have to.  They transmit no data to me.  Details follow.

Tesla Token Generator

The app opens a WebView pointed at the Tesla login page.  Information entered on this page is provided to Tesla and is not accessible to the app.  Upon completion of the login flow, the app receives a code which is used to retrieve access tokens from Tesla's API.  These access tokens are bound to your username, which the app does not know.  The access tokens are not stored, not transmitted, and not used to interact further with the Tesla API from within the app.  What you do with them is up to you.

MMM-Powerwall

The Tesla authentication tokens you provide are stored on disk and are used only to interact with the Tesla API for the purpose of displaying the requested data.  The password you provide is stored on disk and is used only to interact with the local Powerwall API for the purpose of displaying the requested data.

No data is written to disk or transferred elsewhere; everything is retrieved and maintained in memory.