1. Overview
At SaaSSolar CRM, we take your data security seriously. As a trusted CRM platform built specifically for the solar industry, we understand that protecting your customer data, financial records, and project information is essential to your business success.
This Security Policy explains how we safeguard your data through industry-standard practices, encryption technologies, and compliance with international data protection regulations.
2. Our Security Commitment
We are committed to maintaining the confidentiality, integrity, and availability of all customer data. Every process, from data storage to transmission, follows strict security standards to prevent unauthorized access, loss, or misuse.
Our guiding principles include:
- Transparency – Clear understanding of how your data is stored and used.
- Accountability – Continuous monitoring and logging of all activities.
- Resilience – Robust infrastructure built to withstand cyber threats and downtime.
3. Infrastructure Security
- Cloud Hosting: SaaSSolar CRM is hosted on top-tier, secure cloud platforms with 99.9% uptime and redundant data centers to ensure reliability and scalability.
- Data Segregation: Each client’s data is logically separated to prevent unauthorized access across accounts.
- Regular Backups: Automated, encrypted backups are taken daily and stored in geographically redundant locations.
- Firewalls & Intrusion Detection: Our servers are protected by advanced firewalls, intrusion detection systems (IDS), and continuous vulnerability scanning.
4. Data Encryption
- In Transit: All data transmitted between your device and SaaSSolar servers is protected using TLS 1.2+ (HTTPS) encryption.
- At Rest: All customer data, including attachments and documents, is encrypted using AES-256 encryption.
- API Security: Our APIs require authenticated requests and use token-based authorization mechanisms to prevent misuse.
5. Access Control & Authentication
- Role-Based Access: Admins can assign permissions based on roles (e.g., Sales, Installer, Partner) ensuring each user accesses only what they need.
- Two-Factor Authentication (2FA): Optional 2FA adds an extra layer of protection against unauthorized logins.
- Session Timeouts: Idle sessions automatically expire to reduce the risk of unauthorized access.
- Audit Trails: Every login, update, and data export is logged and traceable for security audits.
6. Application Security
- Code Review & Testing: Our development team follows secure coding guidelines (OWASP Top 10) and performs regular vulnerability testing.
- Penetration Testing: Independent third-party experts periodically test the platform for potential weaknesses.
- Automatic Patching: We proactively apply security patches and updates to minimize exposure.
7. Compliance & Certifications
SaaSSolar CRM is designed in accordance with:
- GDPR (General Data Protection Regulation) for EU clients.
- CCPA (California Consumer Privacy Act) for U.S. clients.
- ISO 27001 standards for information security management.
We ensure that all third-party vendors and integrations (e.g., payment gateways, APIs, cloud providers) meet these compliance requirements.
8. Customer Responsibility
While we handle infrastructure and data security, customers play a key role in maintaining security by:
- Keeping login credentials confidential.
- Enforcing strong passwords and periodic password changes.
- Granting access only to authorized personnel.
- Reporting suspicious activities immediately to our security team.
9. Incident Response
In the unlikely event of a security breach, we have a dedicated Incident Response Plan that ensures:
- Immediate isolation of affected systems.
- Thorough investigation and impact assessment.
- Notification to affected clients within 72 hours (as per GDPR).
- Implementation of corrective actions to prevent recurrence.
10. Continuous Monitoring & Improvement
We continuously monitor our systems for irregularities, unauthorized access attempts, or suspicious behavior.
Our team conducts regular security training, code audits, and infrastructure updates to stay ahead of emerging threats.
11. Contact Us
For any questions, security concerns, or to report vulnerabilities, please contact:
[email protected]
www.saasolar.com
