Security & Trust Center
Enterprise-grade security for solar design data. Encryption at rest and in transit, role-based access control, and continuous compliance monitoring.
Certifications & Compliance
Industry-recognized security standards
Information security management system aligned with ISO 27001:2022 controls. Annual third-party audit scheduled for Q3 2026.
SOC 2 Type II audit in progress. Expected completion Q4 2026 covering security, availability, and confidentiality trust principles.
Full GDPR compliance for EU customer data. Data Processing Agreements available. EU data residency option for enterprise accounts.
Security Practices
How we protect your data
Encryption at Rest & In Transit
All project data encrypted with AES-256 at rest. TLS 1.3 for all data in transit. Customer-uploaded files scanned for malware before storage.
Role-Based Access Control
Granular permissions at project, team, and organization levels. SSO via SAML 2.0 and OIDC. MFA enforced for admin roles.
Infrastructure & Hosting
Cloudflare edge network + AWS infrastructure. Geographic redundancy across 3 availability zones. 99.9% uptime SLA for enterprise accounts.
Incident Response
24/7 security monitoring with automated alerting. Incident response plan tested quarterly. Customers notified within 72 hours of any confirmed breach.
Data Retention & Deletion
Customer data retained only as long as the account is active. Full project export available anytime. Account deletion purges all data within 30 days.
Penetration Testing
Annual third-party penetration testing by accredited security firms. Vulnerability disclosure program active. Bug bounties for responsible disclosures.
Need a Security Questionnaire or DPA?
Enterprise customers can request our full security documentation, including SOC 2 reports, penetration test summaries, and Data Processing Agreements.
Contact Security TeamResponse within 24 business hours
