DRAFT v1.0.0 — Subject to Utah counsel review
SolarDisclosure™ — Privacy Policy
Effective Date: 2026-05-19
Last Updated: 2026-05-19
1. Who we are
This Privacy Policy describes how the SolarDisclosure operating entity, a Utah limited liability company operating as SolarDisclosure™, collects, uses, and shares information when you use the Service at solardisclosure.io.
Questions: admin@solardisclosure.io.
2. What we collect
2.1 Information you provide
- Identity: name, email address, phone number, postal address
- Account credentials: password (stored encrypted via Supabase Auth)
- Professional information (RE Pros only): license number and state, professional title, brokerage/firm affiliation, photo
- Property information: address, parcel identifier, ownership records, solar system details, financing details, system performance data
- Engagement information: orders placed, documents uploaded, communications with SolarDisclosure staff
- Payment information: processed by Stripe, Inc. — we do not store full payment-card numbers
2.2 Information collected automatically
Usage data (pages visited, features used), device/connection data (browser, OS, IP), and session cookies for authentication. We do not use third-party advertising cookies.
2.3 Information from third parties
Public records (county assessor data, recorded deeds, UCC filings, building permits), manufacturer data with your authorization (Enphase, SolarEdge), utility data with your permission, professional license registries.
3. How we use information
- Provide the Service: account management, order processing, disclosure report production and delivery
- Communicate: transactional emails, support, Service announcements
- Process payments via Stripe
- Improve the Service: usage analytics, troubleshooting, feature development
- Maintain compliance with applicable law and respond to lawful requests
- Aggregate analytics that do not identify individual users
We do not sell your personal information. We do not use your information for third-party advertising.
4. How we share information
4.1 Service providers (subprocessors)
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database, file storage | United States |
| Vercel | Web hosting, serverless functions | United States (multi-region) |
| Stripe | Payment processing, subscription management | United States |
| Resend | Transactional email delivery | United States |
| ImprovMX | Inbound email forwarding | European Union |
| BoldSign | E-signature (when used) | United States |
| Proof | Remote Online Notarization (when used) | United States |
| 365 Pronto / Enphase | Solar monitoring transfer flows (with your authorization) | United States |
4.2 Engagement-specific sharing
- Real Estate Professionals you engage with: the report and engagement data are shared with the RE Pro associated with the order, when applicable.
- Manufacturers and installers: with your signed Limited Power of Attorney authorization, we share documentation with the manufacturer (Enphase, SolarEdge) and original installer.
- Public records: completed reports may reference public-record data (recorded deeds, UCC filings, permits).
4.3 Legal and safety
We may disclose information to comply with legal requirements, enforce these Terms, protect users or the public, or in connection with a corporate transaction.
5. Data retention
- Account information: retained for the life of your account plus a reasonable period after closure
- Order and report data: typically two years for source documents per the engagement documents
- Payment records: as required by Stripe and applicable tax/accounting rules
- Monitoring credentials recovered on your behalf: deleted from working storage within seven (7) days after confirmed login
- De-identified aggregate analytics: retained indefinitely
6. Your rights and choices
6.1 All users
Access and correction via your account settings; deletion requests by email to admin@solardisclosure.io; marketing email opt-out via unsubscribe link.
6.2 California residents (CCPA / CPRA)
Right to know, delete, correct, and non-discrimination. SolarDisclosure does not sell or share personal information for cross-context behavioral advertising. To exercise these rights, email admin@solardisclosure.io with subject "California Privacy Request".
6.3 Other state privacy laws
Residents of Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws may have similar rights. Contact admin@solardisclosure.io.
6.4 GDPR (EEA / UK)
If you access the Service from the EEA or UK, you may have additional rights under the GDPR. Email admin@solardisclosure.io to exercise them.
7. Security
We use commercially reasonable administrative, technical, and physical safeguards including TLS encryption in transit, encryption at rest for sensitive credentials, role-based access controls, and audit logging. No system is perfectly secure; safeguard your password and report compromises to admin@solardisclosure.io.
8. Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
9. International data transfers
SolarDisclosure operates from the United States. If you access the Service from outside the U.S., information may be processed in the United States.
10. Changes to this Privacy Policy
We may update this Privacy Policy by posting an updated version. Material changes will be highlighted; your continued use after the effective date of an update constitutes acceptance.
11. Contact
Email: admin@solardisclosure.io