Trust Center

Learn about our platform architecture, security measures, and our commitment to protecting your data.

About OpenSolar

OpenSolar is a cloud-based solar design and sales platform that empowers solar professionals to create accurate solar proposals, manage customer relationships, and streamline their business operations. Our platform serves solar installers, sales teams, and energy professionals worldwide, providing the tools needed to design, quote, and close solar projects efficiently.

System Description

Platform Overview

OpenSolar is a Software-as-a-Service (SaaS) application accessible via web browsers. The platform provides:

Solar Design Tools

Advanced design capabilities for creating accurate solar system layouts and energy production estimates.

Proposal Generation

Professional proposal creation with customizable templates and pricing.

Customer Management

Tools for managing customer interactions, communications, and project workflows.

Business Analytics

Insights and reporting to help solar businesses optimize their operations.

Third-Party Integrations

Connections to mapping services, financial products, and other solar industry tools.

System Boundaries

The OpenSolar system encompasses the following components within its operational boundary:

In-Scope Components

Web application and user interface
Backend application services and APIs
Customer data storage and management
User authentication and access control
Integration services with third-party providers
Monitoring, logging, and alerting systems

Out of Scope

End-user devices and browsers
Customer network infrastructure
Third-party services (governed by their terms)
Internet service providers

Supporting Infrastructure

Cloud hosting infrastructure (Amazon Web Services)
Content delivery network for global performance
Database systems for application data
File storage for documents and assets

Infrastructure and Operations

Cloud Hosting

OpenSolar is hosted on Amazon Web Services (AWS), leveraging enterprise-grade cloud infrastructure:

Primary Region: Our production systems are hosted in the Asia-Pacific (Sydney) region, providing low-latency access for our primary user base
Global Content Delivery: We utilize a global content delivery network (CDN) with edge locations worldwide to ensure fast, reliable access regardless of user location
High Availability: Our infrastructure is deployed across multiple availability zones to ensure service continuity and fault tolerance

99.95%

Availability Target

24/7

System Monitoring

Multi-AZ

Redundant Architecture

Global

CDN Coverage

Availability and Reliability

We are committed to providing reliable service to our customers:

Availability Target: We target 99.95% service availability
Redundant Architecture: Critical components are deployed across multiple availability zones with automatic failover capabilities
Continuous Monitoring: Our systems are monitored 24/7 with automated alerting and response procedures

Security and Data Protection

Security Architecture

OpenSolar implements multiple layers of security to protect customer data and ensure system integrity:

Network Security

Web Application Firewall (WAF) protection against common web attacks
Network segmentation with private subnets for sensitive components
Encrypted connections for all remote administrative access

Application Security

Role-based access controls ensuring users only access authorized resources
Secure authentication mechanisms with support for strong password policies
Regular security assessments and vulnerability management

Data Security

Encryption at rest for all stored data using industry-standard encryption
Encryption in transit using TLS/SSL for all data transmission
Secure secrets management for application credentials and sensitive configuration

Data Handling

Data Storage

Customer data is stored in secure, managed database systems with automated backups. Files and documents are stored in redundant object storage with high durability. Data is logically separated between customers to ensure privacy.

Data Backup

Automated daily backups of all critical data. Backup data is encrypted and stored in isolated, secure environments. Regular testing of backup restoration procedures.

Data Retention

Customer data is retained in accordance with our data retention policies. Customers can request data export or deletion in accordance with applicable regulations.

Compliance and Trust

Our Commitment

OpenSolar is committed to maintaining the security, availability, and confidentiality of customer data. We continuously invest in our security practices and infrastructure to meet the evolving needs of our customers and industry standards.

Compliance Programs

We maintain compliance programs aligned with recognized industry frameworks:

SOC 2: We align our controls with the AICPA Trust Services Criteria for security, availability, and confidentiality
Data Protection: We implement controls to support customer compliance with applicable data protection regulations

Incident Response

We maintain documented incident response procedures to detect, respond to, and recover from security incidents. This includes continuous monitoring for security anomalies, defined escalation and communication procedures, and regular testing and improvement of incident response capabilities.

Business Continuity

We maintain business continuity and disaster recovery capabilities to ensure service resilience. This includes documented disaster recovery procedures, regular testing of recovery capabilities, and multi-region backup storage for critical data.

Customer Responsibilities

While OpenSolar maintains security controls for the platform, customers share responsibility for:

Maintaining the security of their account credentials
Managing user access and permissions within their organization
Ensuring appropriate use of the platform in accordance with our terms of service
Protecting data exported from the platform