Your operational data is protected at every layer.

Encryption in transit

All data transmitted between your browser, the Solar1 mobile app, and our servers is encrypted using TLS 1.3.

Encryption at rest

All data stored on Solar1 servers is encrypted using AES-256. Encryption keys are managed in a dedicated key management system, separate from the data they protect.

Database encryption

Individual database fields containing sensitive financial and employee data are encrypted at the application layer in addition to disk-level encryption.

Role-based access

Solar1 uses configurable role-based access control. Field crews see their assigned jobs. Finance sees cost records. Administrators control what each role can read, edit, and delete.

Multi-factor authentication

MFA is available for all Solar1 accounts and can be enforced organization-wide by account administrators.

Single sign-on (SSO)

Solar1 supports SAML 2.0 SSO integration with Google Workspace, Microsoft Azure AD, and Okta.

Internal access controls

Solar1 employees do not have access to customer data by default. Support access requires explicit customer authorization and is logged. All internal access is reviewed quarterly.

Cloud hosting

Solar1 is hosted on AWS infrastructure in US-East and US-West regions with automatic failover. AWS is SOC 2 Type II and ISO 27001 certified.

Availability

Solar1 targets 99.9% monthly uptime. Current and historical uptime is published at status.solar1erp.com.

Data backups

Customer data is backed up daily to geographically separate storage. Backups are encrypted and retained for 90 days. Recovery point objective (RPO) is 24 hours; recovery time objective (RTO) is 4 hours.

Network security

All Solar1 infrastructure is protected by web application firewall (WAF), DDoS protection, and intrusion detection systems. Network access to production systems requires VPN and MFA.

Penetration testing

Solar1 undergoes annual third-party penetration testing. Findings are remediated on a severity-based timeline — critical within 24 hours, high within 7 days.

Vulnerability scanning

Automated vulnerability scanning runs continuously on all production systems. Dependencies are monitored for known CVEs and updated on a defined schedule.

Security monitoring

24/7 security monitoring with automated alerting for suspicious activity patterns, failed authentication attempts, and unusual data access.

Audit logging

All user actions — login, data access, record modification, permission changes — are logged and retained for 12 months. Logs are immutable and accessible to account administrators.

SOC 2 Type II

Solar1 has completed SOC 2 Type II certification covering security, availability, and confidentiality trust service criteria. Report available under NDA to enterprise customers.

GDPR

Solar1 processes EU personal data in compliance with GDPR. Data processing agreements (DPAs) are available for EU customers on request.

CCPA

Solar1 processes California personal data in compliance with the California Consumer Privacy Act. We do not sell personal information.