Legal

Privacy Policy

Last updated: 11 May 2026
Draft. Scaffolded content for review. Replace this notice (and have a lawyer review the text) before relying on this as the binding policy.

Solar Fleet (“we”, “us”, “our”) is a South African company providing a multi-vendor solar monitoring service to installers and solar companies. This policy explains what personal information we collect when you use Solar Fleet, why we collect it, and what choices you have. It is written to align with the Protection of Personal Information Act, 2013 (POPIA).

1. Who we are

Solar Fleet is operated from Cape Town, South Africa. For questions about this policy or your personal information, contact hello@getsolarfleet.com.

2. What we collect

We collect only what we need to deliver the service.

Account information

  • Your name, work email address and company name.
  • A salted, one-way hash of your password (we never store the plaintext).
  • If you sign in with Google, the email address and basic profile info Google provides to our OAuth app.
  • Your role inside your company (owner, admin, viewer).

Vendor credentials

To poll your inverter sites we store the credentials you provide for each vendor (e.g. Victron VRM, Sunsynk, Deye). These are encrypted at rest using AES-256-GCM with a key held outside the database, and are only decrypted server-side at poll time. We never display them back to you in clear text.

Site monitoring data

  • Site identifiers, location and capacity metadata returned by the vendor.
  • Time-series snapshots polled from the vendor — battery state of charge, PV production, grid flow, load, daily yield and the raw vendor response (for debugging).
  • Alerts derived from this data and any acknowledgements your team records.

Usage and technical data

  • Server logs, including IP address, user agent and timestamps of requests.
  • Authentication session cookies (required to keep you logged in).
  • Email delivery metadata for transactional emails (verification, alerts).

3. How we use it

  • To create and operate your account and your company workspace.
  • To poll the vendor APIs you have authorised and present the data back to you.
  • To send transactional emails such as email verification, alert notifications and billing reminders.
  • To detect, investigate and prevent abuse or security incidents.
  • To comply with our legal obligations.

We do not sell your personal information, and we do not use it to train machine-learning models.

4. Who we share with

We share information only with the service providers that help us run Solar Fleet, and only to the extent each provider needs it. Each is bound by a data-processing agreement and operates under applicable data-protection law.

  • Vercel — application hosting and edge networking.
  • Neon — managed Postgres database (region: Frankfurt, eu-central-1).
  • Resend — transactional email delivery.
  • Google — only if you sign in with Google OAuth.
  • PayFast — payment processing for subscriptions (we do not see your full card details).
  • Inverter vendors (Victron, Sunsynk, Deye, Huawei, etc.) — to retrieve monitoring data on your behalf using credentials you supply.

We will also disclose information if required to do so by law, or to protect the rights, property or safety of Solar Fleet, our users or others.

5. How long we keep it

  • Account and company data: while your account is active, plus 12 months after closure for billing and dispute resolution.
  • Site monitoring snapshots: per your plan's history retention (7 days, 12 months, or unlimited).
  • Server and security logs: 30 days.
  • Encrypted vendor credentials: deleted within 7 days of you disconnecting the integration.

6. Security

We apply industry-standard technical and organisational measures, including TLS 1.2+ for data in transit, AES-256 encryption for vendor credentials at rest, hashed passwords (bcrypt cost 12), strict role-based access controls and tenant scoping at the database query layer. No system is perfectly secure; please notify us immediately at the contact address above if you suspect a compromise.

7. Your rights under POPIA

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information you believe is inaccurate.
  • Deletion — ask us to delete information we no longer need to retain.
  • Objection — object to certain processing, including direct marketing.
  • Complaint — lodge a complaint with the Information Regulator (South Africa).

To exercise any of these, email us at the contact address. We respond within 30 days.

8. Cookies

Solar Fleet uses only strictly-necessary cookies for authentication (a signed session cookie) and CSRF protection. We do not use third-party analytics or advertising cookies on the dashboard. The marketing pages may use first-party analytics in future; any change will be reflected here.

9. International data transfers

Our infrastructure providers operate in the European Union (Neon, Resend) and globally (Vercel's edge network). Where personal information is transferred outside South Africa we rely on the standard safeguards under POPIA and, where applicable, the GDPR.

10. Children

Solar Fleet is a B2B service intended for use by professionals. It is not directed at anyone under 18, and we do not knowingly collect personal information from minors.

11. Changes

We may update this policy from time to time. Material changes will be highlighted at the top of this page and communicated via email to account owners.

12. Contact

Email hello@getsolarfleet.com for any privacy question, request or complaint.