Privacy Policy

Last updated: April 10, 2026

What We Collect

SolarDoctor collects the following information to provide our solar monitoring service:

• Account information: Email address and password when you create an account.
• Solar system credentials: Your SolarEdge Site ID and API Key, or Enphase OAuth access tokens. These are used solely to fetch your solar production data from your inverter manufacturer's API.
• Solar production data: Monthly and daily energy production figures retrieved from your inverter's monitoring system.
• System metadata: System capacity, location (city/state/zip), panel type, and installation date — auto-discovered from your inverter API.
• Usage data: Pages visited, features used, and health check results (via Vercel Analytics). No personally identifiable information is included in analytics.

How We Use Your Data

• Health score calculation: We compare your actual production against expected output (via NREL PVWatts) to generate your health score.
• Email alerts: If you opt in, we send health score updates and underperformance alerts to your email address.
• Shareable reports: When you generate a report, it's stored with a unique ID so you can share it. Reports do not include your credentials.
• Service improvement: Aggregated, anonymized data may be used to improve our algorithms and content.

How We Protect Your Data

• Solar system credentials are encrypted at rest using AES-256 encryption.
• All data is transmitted over HTTPS (TLS 1.3).
• Our database (Supabase) uses row-level security — users can only access their own systems.
• We never share, sell, or provide your credentials or production data to third parties.
• Enphase OAuth tokens are stored securely and automatically refreshed — we never see your Enphase password.

Data Retention

• Account data is retained as long as your account is active.
• Shareable reports are retained for 12 months after creation.
• Email subscriptions (without account) are retained until you unsubscribe.
• You can request deletion of all your data by emailing hello@getsolardoctor.com.

Third-Party Services

We use the following third-party services:

• Supabase: Database and authentication (PostgreSQL, hosted in the US).
• Vercel: Hosting and analytics.
• Resend: Transactional email delivery.
• NREL PVWatts: Expected solar production estimates (no personal data sent — only coordinates and system size).
• SolarEdge / Enphase APIs: We call these on your behalf using the credentials you provide.

Your Rights

Under CCPA (California) and similar state privacy laws, you have the right to:

• Know what personal information we collect and how it's used.
• Request deletion of your personal information.
• Opt out of any data sharing (we don't share data, but the right applies).
• Non-discrimination for exercising your privacy rights.

Cookies

We use essential cookies for authentication (Supabase session) and Enphase OAuth flow. We use Vercel Analytics which does not use cookies and does not track individuals across sites. We do not use advertising cookies.

Children

SolarDoctor is not directed at children under 13. We do not knowingly collect information from children.

Changes

We may update this policy. Material changes will be communicated via email to registered users.

Contact

Questions about this policy: hello@getsolardoctor.com