VEHICLE

Modern cars are computers on wheels, and like any computer they accumulate personal data over the years you own them. The infotainment system remembers every phone that’s ever paired with it, including contact lists, call logs, and in some cases SMS history. The navigation system stores your home address, work address, and frequent destinations. The garage door opener has your garage code memorized. Apps that integrated with the car (Spotify, Apple CarPlay, Android Auto) left auth tokens behind. Manufacturer telematics services know your driving patterns. When you sell the car, lease-return it, or trade it in, all of that goes with the car to the next owner — unless you explicitly wipe it.

Privacy research from Mozilla’s Privacy Not Included project found that every major automaker collects significant personal data through connected-car services, and most failed basic privacy and security review. Used-car listings have documented cases where the next owner discovered the previous owner’s contacts, address, and even SMS history accessible through the infotainment system. Some lease companies do a factory reset; many don’t. Dealers vary widely. The default assumption should be that nothing gets wiped unless you do it.

The risk goes beyond embarrassment. A previous owner’s home address sitting in the navigation history of a stolen-then-recovered vehicle has been used as part of break-in planning. Paired phone data can include text-message history visible to the new owner. Garage codes obviously give physical access. Manufacturer accounts linked to the vehicle (FordPass, MyChevrolet, BMW ConnectedDrive) can in some cases still command the car remotely after sale — unlock doors, locate, even start in some models — until the linkage is severed.

What complicates this is that every manufacturer’s process is different. Tesla has a ‘factory reset’ button on the touchscreen. Ford requires unlinking via the FordPass app AND the in-vehicle settings. BMW has a separate web portal. Some German manufacturers require a dealer visit to fully reset the vehicle ID. None of these processes is well documented in the owner’s manual. Most owners hand over the keys assuming “the dealer will handle it.” The dealer often doesn’t.

The good news is that 90% of the privacy risk can be addressed with a 30-minute checklist that works on any modern vehicle. Bluetooth pairings cleared, navigation history wiped, garage codes deleted, manufacturer account unlinked, and any subscription services (SiriusXM, Onstar, FordPass) cancelled. This guide walks through each step generically, with manufacturer-specific links for the major US brands.

By the end of this guide your car will have no traceable personal data left on it, no remote-command access from your phone, and no subscription services billing forward. The next owner sees a clean car. You get the peace of mind of knowing nothing followed it. The whole process is under an hour for a standard vehicle and even less for a Tesla or other car with a true factory-reset option.

Quick Snapshot

Why This Matters

Mozilla’s Privacy Not Included found every major automaker collects substantial personal data through connected services. None passed basic privacy review — the entire industry was flagged as the worst-scoring product category Mozilla had ever evaluated. The collected data routinely includes precise location history, voice recordings, paired-device metadata, and in some cases biometric and behavioral data.

Used-car sales have documented cases of next-owners discovering the prior owner’s contacts, address, garage code, and SMS history. Reuters, the Washington Post, and multiple consumer-advocacy organizations have published investigations showing this is widespread, not isolated. Some lease-return processes do a factory reset; many don’t. Dealers vary widely. The default assumption should be that nothing gets wiped unless you do it yourself.

Manufacturer accounts (FordPass, BMW ConnectedDrive, MyChevrolet, Hyundai Bluelink, Tesla, etc.) can retain remote-command access until explicitly unlinked. In documented cases, previous owners have been able to unlock, locate, or even start cars they had already sold — sometimes for months after the transaction. The unlink has to happen explicitly through both the app and the in-vehicle interface.

Before You Start

Do this BEFORE handing over the keys. Once the vehicle leaves your hands, you typically can’t reset it remotely. The window is narrow: between when you’ve decided to sell or return and when the new party takes possession.

Have your phone with the manufacturer app handy, plus the owner’s manual or a search query ready. Each manufacturer’s reset path is different and often buried; expect to do some looking up as you go.

Block 60 minutes. Some manufacturers require app + in-vehicle + web portal steps. Modern Tesla resets are fast (~5 minutes) but most other brands take longer because the steps are spread across multiple systems.

Step 1 — Unpair Every Bluetooth Device

Infotainment settings → Bluetooth → Paired Devices. Delete each device. Some systems show only currently-paired; check the full list, including devices that haven’t connected in years.

Includes phones, headsets, OBD-II dongles, rental-period devices, your kids’ tablets, anything that ever shook hands with the car’s Bluetooth radio. Every entry is gone with the wipe.

Some systems also store SMS history, recent calls, and contact lists that were synced during the pairing — those should disappear with the unpair, but verify by checking the Phone or Messages section of the infotainment after each unpair. Lingering data is the most common privacy fail in lease-return cars.

Step 2 — Clear Navigation History And Stored Addresses

Navigation menu → History / Favorites / Home address. Delete all entries including ‘Home’ and ‘Work.’

Some systems have separate destination history and saved-favorites lists. Clear both.

Step 3 — Delete The Garage Door Opener / HomeLink Code

HomeLink button programming → Clear. Procedure varies by car; consult the owner’s manual.

Doesn’t affect your garage opener — just removes the car’s ability to operate it.

Step 4 — Unlink Your Manufacturer Account

FordPass, BMW ConnectedDrive, MyChevrolet, Hyundai Bluelink, etc. — open the app on your phone, find the vehicle, remove it.

Some require a web-portal step too. Critically: this severs remote-command access.

Step 5 — Cancel Subscription Services

SiriusXM, OnStar, navigation map updates, EV charging networks linked to the vehicle. Cancel before transfer or the next owner gets to use what you’ve paid for — and your card may keep getting charged.

Some can be transferred to a new vehicle if you’re staying with the same brand.

Step 6 — Sign Out Of Apple CarPlay / Android Auto

These typically clear when you unpair the phone, but verify under CarPlay/Android Auto settings in the infotainment.

Auth tokens can linger; explicit sign-out is safer.

Step 7 — Perform A Master Factory Reset

Most modern cars have a master reset under Settings → System → Factory Reset or similar. This wipes infotainment data and (usually) telematics.

Wait for it to complete. Some systems take 5+ minutes.

Step 8 — Remove Dashcams, OBD-II Dongles, And Accessories

Anything plugged in or installed: dashcam SD card, OBD-II dongle, USB drives, aftermarket trackers. Physical removal plus memory wipe.

Especially the dashcam — SD cards often contain weeks of driving footage. That footage includes your home, your workplace, your kid’s school, every place you visit. Pull the card and either keep it or destroy it; don’t hand it to the next owner.

OBD-II dongles from insurance trackers (Progressive Snapshot, Allstate Drivewise) should be removed and returned to the insurer per their instructions. Aftermarket trackers, anti-theft devices, and any custom electronics — same treatment. The point is to leave the car in a known-clean physical state where nothing on board can identify you or your driving patterns.

If you stop here, you have already done more for your security than 95% of people. If you want to go further, the next section is for you.

If You Want To Go Further: Power-User Upgrades

Power-User Upgrade #1 — Audit Data Shared With Manufacturer

Many manufacturers offer privacy dashboards showing what they collect. Review and minimize what’s sent.

Trade-off: 15 minutes.

Power-User Upgrade #2 — Get The Written Transfer Confirmation

Ask the dealer / leasing company for written confirmation of factory reset and account-unlink completion.

Trade-off: small additional ask; useful in dispute.

Power-User Upgrade #3 — Privacy Lockdown On The Next Car

For your next vehicle, opt-out of telematics where possible at purchase. Easier than retrofitting later.

Trade-off: may lose some convenience features.

Power-User Upgrade #4 — Check The Buyback / Repossession Context

If car is repossessed, you may have very limited time to reset. Have a plan in advance.

Trade-off: pre-planning.

Power-User Upgrade #5 — Photograph The Cleared Infotainment

Screenshot the empty contact list / nav history / paired devices as proof you reset before handover.

Trade-off: 2 minutes.

Power-User Upgrade #6 — Verify On A Second Vehicle In Lease Return Scenarios

If turning in two vehicles, do both at the same time and methodically.

Trade-off: more time.

Common Mistakes & Pitfalls

Mistake — Mistake

Fix — Assuming the dealer will reset for you. Most don’t.

Mistake — Mistake

Fix — Skipping the manufacturer-account unlink. Remote command access persists.

Mistake — Mistake

Fix — Forgetting subscription services. Billing continues.

Mistake — Mistake

Fix — Leaving the dashcam SD card in the car.

Mistake — Mistake

Fix — Not removing the garage HomeLink code.

Mistake — Mistake

Fix — Trusting the factory reset to remove everything — some manufacturers require additional web/portal steps.

Pro Tips

Pro tip 1. Take a phone video of the wipe steps as documentation.

Pro tip 2. Cancel SiriusXM before transfer — they bill aggressively after.

Pro tip 3. Some auto-loan banks have specific lease-return wipe instructions. Read theirs.

Pro tip 4. Don’t forget HomeLink — it’s a physical-security risk.

Pro tip 5. Severed manufacturer account = no more remote start, no more unlock. Make sure you’ve moved to the new vehicle’s app first.

Frequently Asked Questions

Does A Factory Reset Really Wipe Everything?

Mostly. Manufacturer account unlink often requires a separate step. Always do both.

Can The Next Owner See My Texts?

On some systems, yes, if SMS messaging was enabled via Bluetooth. Unpair Bluetooth fully.

What About EV Charging Accounts?

Cancel or transfer before handover. Some chargers bill via the car’s identity.

Will OnStar / FordPass / Etc. Still Bill Me After I Sell?

Yes, until you cancel. Do this proactively.

What If I’m Trading In?

Same process. Dealer cooperation varies; do it yourself before the trade-in.

Is The Manufacturer Keeping My Data After I Sell?

Usually yes — most manufacturers retain telematics data they’ve collected. Privacy dashboards may let you request deletion.

What About Rental Cars?

Unpair Bluetooth and clear navigation history before returning. Most rentals have multiple previous-renter entries visible. The rental company won’t do this for you, and the next renter will see your contacts and home address unless you do.

Quick Recap — Do These In Order

Mini Glossary

Infotainment: Car’s central touchscreen system handling navigation, music, phone, etc.

Telematics: Manufacturer’s collected data about your driving — locations, behavior, vehicle health.

HomeLink: Standard in-car garage door / gate opener that stores codes.

Factory reset: Wipe of infotainment data back to as-shipped state.

Manufacturer account: FordPass, BMW ConnectedDrive, MyChevrolet etc. — linked to the vehicle.

Remote command: Ability to unlock, locate, or start the car from a phone app.

OBD-II: Diagnostic port under the dash; aftermarket dongles can collect data.