Policy version 2026-07-01
SolarOps Privacy Policy
- Effective date
- 1 July 2026
- Last updated
- 1 July 2026
Effective date: 1 July 2026 Last updated: 1 July 2026
1. Introduction
SolarOps is a software platform designed to help solar and energy businesses manage customers, projects, installations, documents, stock, assets, warranties, communications, support requests, tasks, field operations, and related business processes.
This Privacy Policy explains how SolarOps, trading as SolarOps ("SolarOps", "we", "us" or "our"), collects, uses, stores, shares, and protects personal information.
Our principal place of business is:
Available on request
Privacy enquiries may be sent to:
hello@solarops.cloud
This Privacy Policy applies to:
- the SolarOps website at https://solarops.cloud;
- the SolarOps web application and client portal;
- communications sent through SolarOps;
- support and sales enquiries;
- users of organisations that subscribe to SolarOps;
- customers, contacts, suppliers, subcontractors, employees, and other people whose information is entered into SolarOps by a subscribing organisation.
2. Our roles
Depending on the circumstances, SolarOps may act as either a responsible party or an operator under the Protection of Personal Information Act 4 of 2013.
2.1 SolarOps as responsible party
SolarOps acts as the responsible party when we determine why and how personal information is processed, including information used for:
- account creation;
- platform administration;
- subscriptions and billing;
- sales enquiries;
- security and fraud prevention;
- service analytics;
- customer support;
- legal and regulatory compliance.
2.2 SolarOps as operator
A subscribing organisation generally determines why and how it uses information about its customers, employees, installers, suppliers, subcontractors, and other contacts.
When SolarOps processes this information on behalf of that organisation, the organisation remains responsible for its processing instructions and lawful basis. SolarOps acts as its service provider or operator.
Questions about information entered by a SolarOps subscriber should generally be directed to that subscribing organisation first.
3. Information we collect
The information processed through SolarOps may include the following.
3.1 Account and identity information
- full name;
- username;
- email address;
- telephone or WhatsApp number;
- organisation and job title;
- account role and permissions;
- authentication and password-reset information;
- profile information.
Passwords should be stored only in securely hashed form and should not be readable by SolarOps personnel.
3.2 Customer and contact information
SolarOps subscribers may enter information about their customers and contacts, including:
- names;
- identity or company information;
- email addresses;
- telephone numbers;
- physical, postal, delivery, and installation addresses;
- customer notes;
- communication preferences;
- contact history;
- quotations, invoices, and payment references;
- signed documents;
- project and service records.
3.3 Project, installation, and field information
Information may include:
- project details;
- site details;
- installation coordinates;
- manually entered addresses;
- GPS coordinates captured with device permission;
- photographs and videos;
- site reports;
- delivery and collection records;
- signatures;
- product serial numbers;
- equipment and asset records;
- warranty information;
- technician and subcontractor details;
- notes regarding work performed;
- support, repair, and maintenance history.
SolarOps does not require a paid map provider. Where enabled, location information may be obtained from the browser or device with the user’s permission.
3.4 Documents and files
Users may upload or generate:
- contracts;
- proposals;
- quotations;
- invoices;
- reports;
- warranties;
- certificates;
- photographs;
- drawings;
- installation documents;
- identity or company documents;
- other files required for their business processes.
Subscribers are responsible for ensuring that they are authorised to upload and process these files.
3.5 Communications
SolarOps may process communications sent or recorded through:
- email;
- WhatsApp Cloud API;
- WhatsApp prefilled-message links;
- in-app messages;
- support tickets;
- communication notes;
- notification and delivery-status records.
Depending on the communication channel, external providers may also process sender, recipient, message, delivery, and technical information.
3.6 Accounting and subscription information
Where an organisation connects an accounting or billing provider, SolarOps may process:
- provider account identifiers;
- organisation identifiers;
- customer and supplier references;
- invoices;
- payment status;
- tax codes;
- product or service mappings;
- subscription status;
- billing plan;
- transaction and provider reference numbers.
SolarOps should not store complete card numbers. Card and payment details are processed by the selected payment provider where billing is enabled.
3.7 Technical and usage information
We may collect:
- IP address;
- browser and device information;
- operating system;
- login dates and times;
- pages and functions accessed;
- audit logs;
- diagnostic events;
- security events;
- error reports;
- cookie and session information;
- approximate location inferred from an IP address, where available.
3.8 Support and enquiry information
When a person contacts us, we may process:
- contact details;
- enquiry or complaint content;
- screenshots;
- support attachments;
- correspondence;
- diagnostic information;
- resolution history.
4. How information is collected
We collect information:
- directly from users;
- from organisations that subscribe to SolarOps;
- when information is uploaded, entered, generated, or captured in the platform;
- through browser or device functions authorised by the user;
- through connected providers and integrations;
- from support, sales, and billing communications;
- automatically through security, session, audit, and diagnostic systems;
- from publicly available sources where lawful and relevant.
5. Purposes of processing
We process personal information to:
- create and administer accounts;
- authenticate users;
- provide the SolarOps service;
- manage customers, projects, documents, stock, assets, warranties, tasks, support, and communications;
- provide client-portal access;
- enable integrations requested by subscribers;
- process subscriptions and payments;
- send operational emails, invitations, password resets, reminders, and notices;
- send authorised WhatsApp messages;
- maintain communication and audit histories;
- provide support;
- diagnose and repair platform issues;
- detect unauthorised access, abuse, fraud, and security threats;
- maintain backups and business continuity;
- improve performance and usability;
- enforce agreements;
- comply with legal obligations;
- establish, exercise, or defend legal claims.
6. Lawful grounds
Where applicable, we process information based on one or more of the following grounds:
- consent;
- performance of a contract;
- steps requested before entering into a contract;
- compliance with a legal obligation;
- protection of a legitimate interest of the data subject;
- pursuit of our legitimate interests or those of a subscriber, where not overridden by the data subject’s rights;
- another lawful justification recognised under applicable law.
Subscribers are responsible for identifying and maintaining a lawful basis for information they enter into SolarOps.
7. Special personal information and children
SolarOps is not intended as a medical, educational, child-care, or special-personal-information platform.
Subscribers must not intentionally use SolarOps to process special personal information or children’s personal information unless:
- it is reasonably necessary for a legitimate SolarOps workflow;
- they have a lawful basis or required authorisation;
- they have implemented appropriate access controls;
- the processing complies with applicable law.
SolarOps may restrict or remove information that is unlawfully stored or creates an unreasonable security or compliance risk.
8. Cookies and sessions
SolarOps may use cookies or similar technologies that are necessary for:
- authentication;
- maintaining a signed-in session;
- security;
- user preferences;
- platform functionality;
- load balancing;
- fraud prevention;
- limited service analytics.
Necessary cookies may be required for the platform to operate.
Where non-essential analytics or marketing cookies are introduced, SolarOps will provide appropriate notice and consent controls where required.
9. Integrations and service providers
SolarOps may use service providers for:
- cloud hosting;
- managed databases;
- file and image storage;
- transactional email;
- WhatsApp messaging;
- accounting integrations;
- billing and payment processing;
- monitoring and error reporting;
- source-code hosting;
- security and infrastructure services.
Current or planned providers may include:
- Vercel;
- Neon;
- Vercel Blob;
- Meta WhatsApp Cloud API;
- QuickBooks or Intuit;
- Zoho;
- Sage;
- a transactional email provider;
- a billing provider;
- an error-monitoring provider.
A subscriber chooses whether to connect optional third-party services. A provider’s own privacy terms may also apply.
SolarOps does not sell personal information.
10. Sharing of information
We may disclose information:
- to the subscriber responsible for the relevant account or data;
- to authorised users within that subscriber’s organisation;
- to service providers processing information on our instructions;
- to integration providers selected by the subscriber;
- where required by law, regulation, court order, or lawful authority;
- to protect the rights, safety, systems, or property of SolarOps, subscribers, users, or others;
- in connection with a merger, sale, restructuring, financing, or transfer of the SolarOps business, subject to appropriate safeguards.
We do not permit service providers to use subscriber data for unrelated purposes merely because they process it for SolarOps.
11. International processing and transfers
Some service providers may process or store information outside South Africa.
Where information is transferred internationally, SolarOps will take reasonable steps to ensure that the transfer is lawful and subject to suitable contractual, organisational, or legal safeguards.
Subscribers are responsible for assessing international transfers that result from integrations they independently enable or data they instruct SolarOps to process.
12. Security
SolarOps uses reasonable technical and organisational safeguards appropriate to the nature of the information and risks involved.
These may include:
- encrypted HTTPS connections;
- access controls;
- tenant separation;
- role-based permissions;
- password hashing;
- server-only storage of credentials;
- secure environment variables;
- restricted administrative access;
- webhook signature validation;
- audit logging;
- backup and recovery measures;
- security updates;
- monitoring and error logging;
- token-expiry and credential-management controls.
No system can guarantee absolute security. Users must protect their passwords, devices, accounts, integration credentials, and recovery methods.
Users must notify SolarOps promptly if they suspect unauthorised access.
13. Security compromises
Where SolarOps reasonably believes that personal information has been accessed or acquired by an unauthorised person, we will investigate and take steps required by applicable law.
Where SolarOps acts as an operator for a subscriber, we will notify the subscriber as soon as reasonably practicable after becoming aware of a relevant compromise.
The subscriber remains responsible for notifications it is legally required to give as responsible party, except where the law requires SolarOps to notify directly.
14. Retention
We retain personal information only for as long as reasonably necessary for:
- providing the service;
- maintaining lawful business records;
- subscriptions and billing;
- fraud prevention;
- support;
- backups and disaster recovery;
- legal, tax, accounting, and regulatory obligations;
- resolving disputes;
- enforcing agreements.
Subscriber information may be retained for a limited period after termination to allow export, recovery, dispute resolution, or restoration.
Deletion from active systems may not immediately remove information from encrypted backups. Backup copies are removed or overwritten through normal backup-retention cycles.
SolarOps may retain de-identified or aggregated information that can no longer reasonably identify a person.
15. Subscriber responsibilities
Subscribers must:
- process personal information lawfully;
- give appropriate notices to their customers, employees, suppliers, subcontractors, and contacts;
- obtain consent where required;
- configure user access appropriately;
- avoid uploading unnecessary or excessive information;
- keep information accurate;
- respond to data-subject requests;
- instruct SolarOps regarding lawful deletion, correction, export, and retention;
- ensure connected integrations are lawfully used;
- refrain from using SolarOps for unlawful surveillance, spam, harassment, discrimination, or fraud.
16. Your rights
Subject to applicable law, a person may have the right to:
- request confirmation that personal information is being processed;
- request access to personal information;
- request correction or deletion;
- object to certain processing;
- withdraw consent where processing is based on consent;
- object to direct marketing;
- request information about the identity of relevant third parties;
- lodge a complaint with the Information Regulator;
- exercise rights regarding certain automated decisions.
A request may be subject to identity verification, legal retention requirements, third-party rights, and lawful limitations.
Where information is controlled by a SolarOps subscriber, the request should be made to that subscriber. SolarOps will reasonably assist the subscriber where required.
Requests relating directly to SolarOps may be sent to:
hello@solarops.cloud
17. Direct marketing
SolarOps will send direct marketing communications only where permitted by law.
Recipients may opt out through:
- an unsubscribe link;
- a reply instruction;
- communication preferences;
- a request sent to hello@solarops.cloud.
Operational communications, including security notices, password resets, service notices, billing notices, and messages necessary to provide the service, are not necessarily marketing communications.
Subscribers are independently responsible for ensuring that marketing sent through SolarOps is lawful and that opt-out requests are respected.
18. Automated processing
SolarOps may use automated rules for operational functions such as:
- reminders;
- task creation;
- notification routing;
- warranty alerts;
- subscription-status changes;
- duplicate detection;
- workflow automation.
SolarOps does not intend to make decisions based solely on automated processing that produce legal or similarly significant effects on a person unless the subscriber configures such processing and has a lawful basis.
19. Complaints
Privacy complaints may be submitted to:
hello@solarops.cloud
Please include enough information for us to identify the relevant account, subscriber, record, and concern.
A person may also lodge a complaint with the Information Regulator of South Africa through the Regulator’s official channels.
20. Changes to this policy
We may update this Privacy Policy to reflect changes in:
- law;
- platform functionality;
- service providers;
- security practices;
- business operations.
The updated version will be published at https://solarops.cloud/privacy with a revised effective date.
Where a change materially affects users or subscribers, we may provide additional notice through the platform or email.
21. Contact details
Responsible party: SolarOps Trading name: SolarOps Physical address: Available on request Privacy email: hello@solarops.cloud Website: https://solarops.cloud