Security

Last updated: May 2026

1. Our Security Commitment

Security is fundamental to everything we do at Sunnection. We implement industry-leading security practices to protect your data, your solar system connections, and your visualization dashboards.

2. Infrastructure Security

Cloud Infrastructure

  • Hosted on secure, SOC 2 compliant cloud infrastructure
  • Data centers with 24/7 physical security
  • Redundant systems ensuring high availability
  • Automatic backups with encrypted storage

Network Security

  • All data transmitted over TLS 1.3 encryption
  • Firewall protection and intrusion detection
  • Network segmentation isolating sensitive systems
  • Regular vulnerability scanning and penetration testing

3. Data Protection

Encryption

  • At Rest: AES-256 encryption for all stored data
  • In Transit: TLS 1.3 for all communications
  • Keys: Encryption keys managed via secure key management services

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required for all accounts
  • Principle of least privilege for employee access
  • Regular access reviews and audit logging

4. Solar System Connectivity

When connecting your solar installation to our platform:

  • Secure API authentication using OAuth 2.0
  • Device credentials encrypted at rest
  • Connection attempts logged and monitored
  • Automatic disconnection of inactive or suspicious connections
  • Support for encrypted communication protocols

5. Application Security

  • Secure software development lifecycle (SDLC)
  • Code reviews and automated security scanning
  • Regular dependency updates and vulnerability patching
  • Input validation and output encoding
  • Protection against OWASP Top 10 vulnerabilities
  • Content Security Policy (CSP) headers

6. Incident Response

  • 24/7 security monitoring and alerting
  • Documented incident response procedures
  • Defined escalation paths for security events
  • Post-incident reviews and improvements
  • Customer notification within 72 hours of confirmed breach

7. Employee Security

  • Background checks for all employees
  • Security awareness training required annually
  • Confidentiality agreements
  • Separation of duties for sensitive operations

8. Compliance

Our security program supports compliance with:

  • GDPR (General Data Protection Regulation)
  • SOC 2 Type II
  • ISO 27001 (certification in progress)

9. Reporting Security Issues

If you discover a security vulnerability, please contact us at [email protected]. We appreciate responsible disclosure and will work with you to address any issues promptly.

10. Contact

For security-related questions or to report issues:

Email: [email protected]
Emergency: [Emergency Contact]