Security
Last updated: May 2026
1. Our Security Commitment
Security is fundamental to everything we do at Sunnection. We implement industry-leading security practices to protect your data, your solar system connections, and your visualization dashboards.
2. Infrastructure Security
Cloud Infrastructure
- Hosted on secure, SOC 2 compliant cloud infrastructure
- Data centers with 24/7 physical security
- Redundant systems ensuring high availability
- Automatic backups with encrypted storage
Network Security
- All data transmitted over TLS 1.3 encryption
- Firewall protection and intrusion detection
- Network segmentation isolating sensitive systems
- Regular vulnerability scanning and penetration testing
3. Data Protection
Encryption
- At Rest: AES-256 encryption for all stored data
- In Transit: TLS 1.3 for all communications
- Keys: Encryption keys managed via secure key management services
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication (MFA) required for all accounts
- Principle of least privilege for employee access
- Regular access reviews and audit logging
4. Solar System Connectivity
When connecting your solar installation to our platform:
- Secure API authentication using OAuth 2.0
- Device credentials encrypted at rest
- Connection attempts logged and monitored
- Automatic disconnection of inactive or suspicious connections
- Support for encrypted communication protocols
5. Application Security
- Secure software development lifecycle (SDLC)
- Code reviews and automated security scanning
- Regular dependency updates and vulnerability patching
- Input validation and output encoding
- Protection against OWASP Top 10 vulnerabilities
- Content Security Policy (CSP) headers
6. Incident Response
- 24/7 security monitoring and alerting
- Documented incident response procedures
- Defined escalation paths for security events
- Post-incident reviews and improvements
- Customer notification within 72 hours of confirmed breach
7. Employee Security
- Background checks for all employees
- Security awareness training required annually
- Confidentiality agreements
- Separation of duties for sensitive operations
8. Compliance
Our security program supports compliance with:
- GDPR (General Data Protection Regulation)
- SOC 2 Type II
- ISO 27001 (certification in progress)
9. Reporting Security Issues
If you discover a security vulnerability, please contact us at [email protected]. We appreciate responsible disclosure and will work with you to address any issues promptly.
10. Contact
For security-related questions or to report issues:
Email: [email protected]
Emergency: [Emergency Contact]