Solar ERPSign In

Privacy Policy

Effective Date: February 10, 2026

1. Introduction

ERP Solar ("Company," "we," "us," or "our") operates the Solar ERP platform at erpsolar.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you consent to the practices described in this Privacy Policy. This policy should be read in conjunction with our Terms of Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, organization name, and role/title when creating an account or being invited to an organization.
  • Business Data: Customer records, project details, work orders, inventory data, fleet information, financial records, and other operational data you enter into the Service.
  • Employee and Contractor Data: Names, contact information, compensation details, W-9 information (including TIN last four digits), payment records, and 1099-NEC filing data entered through the HR and compliance modules.
  • Customer Information: Names, addresses, email addresses, phone numbers, and project details for your customers that you manage through the Service.
  • Communications: Messages sent through the AI assistant, work order chat, feedback submissions, and support requests.
  • Documents and Files: Files, photos, plans, agreements, and other documents uploaded to the Service.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions performed, timestamps, and session duration.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP addresses, access times, referring URLs, and error logs.
  • Audit Logs: Records of create, update, and delete operations for accountability and compliance.

2.3 Information from Third-Party Integrations

When you connect third-party services, we may receive:

  • QuickBooks: Customer records, invoices, payments, and financial data as authorized through OAuth 2.0.
  • Enphase Energy: Solar system production data, alerts, battery telemetry, and system status.
  • SolarEdge: Solar system monitoring data, energy production, and equipment status.
  • Tesla: Powerwall system data, energy production, and battery status.
  • OpenSolar: Project designs, proposals, and customer data as synced through the API.
  • Google Calendar: Calendar events and scheduling data as authorized through OAuth 2.0.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your transactions and manage your account
  • Synchronize data with connected third-party services at your direction
  • Generate reports, analytics, and business insights within your organization
  • Send transactional emails (work order assignments, system alerts, notifications)
  • Power AI-assisted features using third-party language models
  • Monitor and improve the performance, security, and reliability of the Service
  • Respond to support requests and communications
  • Comply with legal obligations and enforce our Terms of Service
  • Detect, prevent, and address fraud, security issues, and technical problems

4. Multi-Tenant Data Isolation

4.1 Architectural Isolation. The Service is built on a multi-tenant architecture where each organization's data is logically isolated. Row-level security (RLS) policies are enforced at the database level, ensuring that authenticated queries can only access data belonging to the user's organization.

4.2 No Cross-Organization Access. Users within one organization cannot access data belonging to another organization. This isolation applies to all data including accounts, projects, work orders, employees, financial records, and documents.

4.3 Administrative Access. Certain platform administrative operations (e.g., account provisioning, migrations) may use elevated database permissions that bypass RLS. These operations are performed exclusively by authorized system processes and are logged for audit purposes.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Third-Party Service Providers

We use the following categories of service providers to operate the Service:

  • Infrastructure: Vercel (hosting and deployment), Supabase (database, authentication, and file storage)
  • Email Delivery: Resend (transactional emails including work order notifications and system alerts)
  • AI Processing: Anthropic (AI assistant conversations are processed by Claude language models)
  • Document Signing: eSignatures.io (electronic agreement signing)

These providers are contractually obligated to protect your data and may only use it for the purposes of providing their services.

5.2 At Your Direction

When you connect third-party integrations (QuickBooks, Enphase, SolarEdge, Tesla, OpenSolar, Google Calendar), data is shared with those services at your explicit authorization and in accordance with their respective privacy policies.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. AI Assistant Data Handling

6.1 Conversation Processing. Messages sent to the AI assistant are transmitted to Anthropic's Claude API for processing. Conversations include your message content and any attached files (documents, images) you choose to send.

6.2 No Training on Your Data. Per Anthropic's commercial API terms, your conversations are not used to train their AI models.

6.3 Conversation Storage. AI conversation history is stored in your organization's tenant-isolated database and is subject to the same access controls as all other data.

6.4 Role-Based Access. AI assistant capabilities and model access vary based on your assigned role within the organization.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Database storage is encrypted at rest using AES-256 encryption.
  • Authentication: User authentication is managed through Supabase Auth with secure password hashing (bcrypt).
  • Row-Level Security: Database-enforced policies ensure tenant data isolation at every query.
  • Role-Based Access Control: Granular permissions control what data and features each user can access.
  • Audit Logging: All significant data operations are logged for security monitoring and compliance.
  • OAuth 2.0: Third-party integrations use OAuth 2.0 with token refresh for secure, revocable access.
  • Webhook Verification: Incoming webhooks are verified using HMAC-SHA256 signatures.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Data Retention

8.1 Active Accounts. We retain your data for as long as your account is active or as needed to provide the Service.

8.2 Post-Termination. Upon account termination, we retain Your Data for thirty (30) days to allow data export. After this period, data is permanently deleted from our primary systems.

8.3 Backups. Data may persist in encrypted backups for up to ninety (90) days after deletion from primary systems.

8.4 Legal Obligations. We may retain certain information as required by law, regulation, or legitimate business purposes (e.g., tax records, audit logs).

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, machine-readable format (CSV export is available for certain data types).
  • Restriction: Request that we restrict the processing of your personal information.
  • Objection: Object to the processing of your personal information.
  • Withdrawal of Consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us through our contact form. We will respond within thirty (30) days.

10. Customer Portal

The Service includes a customer-facing portal where your customers can view their project status. The portal:

  • Displays only information you have chosen to share (project stage, system details, customer-facing notes)
  • Does not require customer authentication (accessed via unique URL)
  • Tracks portal visits for analytics purposes (visit timestamp and page views)
  • Does not collect personal information from portal visitors beyond standard server logs

11. Cookies and Tracking

11.1 Essential Cookies. We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled.

11.2 No Advertising Cookies. We do not use advertising or marketing tracking cookies. We do not participate in ad networks or sell data to advertisers.

11.3 Analytics. We may use privacy-respecting analytics to understand how the Service is used and to improve its performance.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us through our contact form and we will delete such information.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: You may request deletion of personal information we have collected.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No Sale of Information: We do not sell personal information as defined by the CCPA.

14. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. By using the Service, you consent to this transfer.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice within the Service at least thirty (30) days before they take effect. The "Effective Date" at the top of this page indicates when the policy was last revised.

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

ERP Solar
Data Privacy Inquiries
Website: erpsolar.com/contactus

© 2026 ERP Solar. All rights reserved.

Terms of Service